certmonger-0.79.19/0000755000175000017500000000000014511314133013432 5ustar gitgit00000000000000certmonger-0.79.19/.copr/0000755000175000017500000000000014511314133014453 5ustar gitgit00000000000000certmonger-0.79.19/.copr/Makefile0000644000175000017500000000057214511314133016117 0ustar gitgit00000000000000srpm: dnf -y install git $(eval version := $(shell grep AC_INIT configure.ac | cut -d, -f2 | rev | cut -c2- | rev)) git config --global --add safe.directory `pwd` git archive -v --format=tar --prefix=certmonger-${version}/ HEAD | gzip > certmonger-${version}.tar.gz rpmbuild \ --define "_sourcedir `pwd`" \ --define "_srcrpmdir ${outdir}" \ -bs `pwd`/certmonger.spec certmonger-0.79.19/LICENSE0000644000175000017500000000010714511314133014435 0ustar gitgit00000000000000GPLv3 or later (with an exception that it can be linked with OpenSSL). certmonger-0.79.19/Makefile.am0000644000175000017500000000434514511314133015474 0ustar gitgit00000000000000ACLOCAL_AMFLAGS = -I m4 EXTRA_FILES = doc/*.txt SUBDIRS = po src dbus systemd sysvinit tests EXTRA_DIST = config.rpath \ certmonger.spec LICENSE README.md STATUS doc src/certmonger.conf.in DISTCHECK_CONFIGURE_FLAGS = --disable-systemd --disable-sysvinit --with-tmpdir=/var/run/certmonger --without-system-bus-services-dir --without-session-bus-services-dir VERSION=$(PACKAGE_VERSION) RELEASE= GITTAG=certmonger-$(VERSION) all-gmo: zanata-cli pull -B cd po ; for po in *.po ; do make `basename $$po .po`.gmo ; done $(MAKE) -C po update-po zanata-cli push -B tag: all-gmo git tag $(GITTAG) force-tag: all-gmo git tag -f $(GITTAG) GITREMOTE=origin ORIGIN=$(shell git config remote.$(GITREMOTE).url 2> /dev/null || /bin/pwd) ARCHIVEOUTDIR=$(shell cd $(top_srcdir) && pwd) local-archive: $(MAKE) archive ORIGIN=$(ARCHIVEOUTDIR) local-srpm: repo=`pwd`; \ tmpdir=`mktemp -d /tmp/make_archive_XXXXXX`; \ if test -d "$$tmpdir" ; then \ git clone . $$tmpdir;\ cd $$tmpdir;\ ./make-srpm.sh;\ cp -v $(distdir)-*.src.rpm $(ARCHIVEOUTDIR)/;\ chmod -R u+rw $$tmpdir;\ rm -fr $$tmpdir;\ fi srpm: repo=`pwd`; \ tmpdir=`mktemp -d /tmp/make_archive_XXXXXX`; \ if test -d "$$tmpdir" ; then \ git clone $(ORIGIN) $$tmpdir/certmonger;\ cd $$tmpdir/certmonger;\ git checkout $(GITTAG);\ ./make-srpm.sh;\ cp -v $(distdir)-*.src.rpm $(ARCHIVEOUTDIR)/;\ chmod -R u+rw $$tmpdir;\ rm -fr $$tmpdir;\ fi archive: srpm repo=`pwd`; \ tmpdir=`mktemp -d /tmp/make_archive_XXXXXX`; \ if test -d "$$tmpdir" ; then \ git clone $(ORIGIN) $$tmpdir/certmonger;\ cd $$tmpdir/certmonger;\ git checkout $(GITTAG);\ ./autogen.sh --disable-systemd --disable-sysvinit ;\ make distcheck;\ mkdir -p $$tmpdir/rpm-build-top;\ rpmbuild \ --define "_topdir $$tmpdir/rpm-build-top" \ --define "_sourcedir $$tmpdir/rpm-build-top" \ --define "_specdir $$tmpdir/rpm-build-top" \ --define "_builddir $$tmpdir/rpm-build-top" \ --define "_buildrootdir $$tmpdir/rpm-build-top" \ --define "_srpmdir $$tmpdir/rpm-build-top" \ --define "_srcrpmdir $$tmpdir/rpm-build-top" \ --define "_rpmdir $$tmpdir/rpm-build-top" \ -tb $(distdir).tar.gz;\ cp -v $(distdir).tar.gz $(ARCHIVEOUTDIR)/;\ chmod -R u+rw $$tmpdir;\ rm -fr $$tmpdir;\ fi certmonger-0.79.19/README.md0000644000175000017500000000327214511314133014715 0ustar gitgit00000000000000Certmonger is primarily concerned with getting you or your system enrolled with a certificate authority (CA) and keeping you enrolled. To do this, the certmonger daemon runs in the background, taking guidance from client tools (via a D-Bus API, a command-line tool is provided which uses it). The daemon: * can generate key pairs if you don't already have one * can use a key pair to generate a certificate signing request * can submit the signing request to a CA * can wait for the CA to decide whether or not to issue the certificate * can store an issued certificate in a specified location * can monitor the certificate to see if it's about to expire * can warn you or simply log that a certificate is about to expire * can attempt to get a new certificate when a certificate is about to expire The goal is to have certmonger do what you need it to do based on what you've told it you need. If you already have a certificate, it will be happy to just check on it periodically and warn you when it's about to expire. If you tell it where the private key is, and where the CA is, it can go ahead and try to re-enroll if you like. Keys and certificates can be stored and read in any of these formats: * PEM-formatted files * NSS database (dbm or sql) The certmonger daemon knows how to self-sign certificates, and can submit signing to: * [FreeIPA](http://www.freeipa.org/) * certmaster * [Dogtag](http://pki.fedoraproject.org/) * SCEP servers I'd like for it to also be able to submit requests to: * ADCS * [anchor](https://github.com/openstack/anchor) * ACME servers And perhaps also: * KMIP-compatible systems This package is hosted at https://pagure.io/certmonger/. certmonger-0.79.19/STATUS0000644000175000017500000002010714511314133014400 0ustar gitgit00000000000000Limited local-only support, helpers for external IPA and certmaster-based CAs. Keys can also be self-signed. Complete: * Generating RSA keys of configurable size. * Storing keys in either PEM or NSSDB format. * Generating signing requests for keys in PEM or NSSDB format. * Self-sign requests using keys in PEM or NSSDB format. * Save issued certificate in PEM or NSSDB format. * Refresh certificate parameters from the certificates at startup, parsing and recovering fields and extensions that we care about to refresh the request tracking file (key usage, extended key usage, subject alt name of type email, dns, or kerberos/nt principal name). * Populate requested-extensions in signing requests with as much information as we can. * Locally-signed certificates use the requested extension values. * Locally-signed certificates get a configured validity lifetime. * Locally-signed certificates get a somewhat-useful serial number. * Locally-signed certificates are marked as not being CAs. * Maintaining queued items in an upgrade-proofable format. * Should offer an API over D-Bus which the client uses instead of mutilating the queue directly (see doc/api.txt): * Add new entry. Figure out the state based on what the requester supplies (i.e., if there's a certificate where the request says it should go, assume it's been issued; ditto for private keys). * List entries. * List known CAs. * Resubmit requests after generating a new signing request. * Provide introspection data as a well-behaved D-Bus service would. * D-Feet seems to be happy. * Start and stop tracking (i.e., notification of expiration). * Make certmonger a proper daemon. * Detach from console, foreground for debugging. * Sort out an init script. * Sort out storage for system-local defaults which are consulted before falling back to compiled-in defaults. * Actually do notification of expiration and impending expiration. * Learn to exec a helper to do non-local enrollment. * Detect when network connections go up and "kick" anything that's waiting for a server to become reachable. * Learn to submit to at least one actual CA: IPA via XML-RPC over HTTPS, authenticating using Negotiate with creds obtained using the host's keytab (administrator may have logged off long before we could have contacted the CA). * Learn to submit to a second CA: certmaster via XML-RPC over HTTP. * Learn how certmaster's root gets distributed. It doesn't. * Learn to submit to certmaster's XMLRPC interface, preferably by calling out to the python library it supplies. Ended up reusing large chunks of the IPA client code, so it's in C. * Handle PIN values for encrypted key storage. * Be able to use hashes other than SHA256. * Make certmonger a proper daemon. * Sort out SELinux policy. (unscoped) * Figure out how to let the local deamon's client do key generation. It's either that or force them to give the daemon the PIN for encrypted storage. Or don't support encrypted key storage at all, which is probably not going to be a popular limitation to have. (3 days) DROPPED in favor of giving the daemon the PIN for encrypted storage. * Offer an API over D-Bus which the client can use instead of mutilating the queue directly (per doc/api.txt). * Generate an SPKAC value when generating PKCS#10 CSRs. * Put NSS into FIPS mode. * Offer to store certificates for CAs and their intermediates, potentially in multiple certificate databases and PEM files. * Local signing should support signing with a key other than the one used to generate the CSR. * Add an option to getcert to specify a challenge password and a friendly name to add to a CSR. * Learn to generate SCEP messages. * Learn to parse SCEP responses. * Display timestamps in local time rather than UTC, unless a --utc flag is specified. To-do: * Also generate a CRMF request (RFC 4211) when we generate CSRs. Not sure if we can do this as easily with PEM keys as OpenSSL doesn't appear to offer APIs for it, and I don't want to just break if the PEM module's not available. (more research needed) * Make certmonger a proper daemon. * Sort out logging levels for log messages. (1 day) MUST * Local signing should track a revocation list for each signing key and maintain a CRL for it. (3 days) COULD * Learn to handle keys and certificates stored in files in virtual guests of the current OS instance (using libguestfs). Would need to refactor some of the current storage code to to it for "file". Not at all sure how to do it for "nssdb". COULD * Learn to "handle" keys and certificates stored in PKCS12 bundles. COULD * Learn to handle keys and certificates stored in PKCS11 modules directly. COULD * Queue management. COULD -> Move entries and CAs from hand-rolled files to simple XML. (2 days) COULD -> Move them to JSON. (2 days) COULD -> Move them to an ldb. (3 days) COULD -> Move them to something that's more end-user-serviceable. (3 days) - IPA mucks with our files directly in their current form, so this is tabled indefinitely. * Lighten build requirements by crafting and parsing XML-RPC ourselves since we already have to deal with non-XML-RPC XML and HTTP for Dogtag. * Add IDENTIFY operations to helpers, so they can output their preferred/default name, and we can cache root and intermediate chain certificates from CAs which provide a way for clients to retrieve them via an integrity-checked path. * Populate/update the known-issuer-names list for the CA using these. * Cache the authorityKeyIdentifier and/or subjectPublicKeyIdentifier from the CA certificate, and use that to match up certificates that need to be renewed with their CAs. * If the CA cert includes a CRL distribution point extension, cache the CRL, too. This'll require a new dependency on a retrieval library (probably libcurl again) and changes to the internal state machine to handle CRL retrieval as another type of task. The local signer's CRL would be regenerated before being "retrieved". * More on this in "doc/submit.txt". * Add a GET_NEW_REQUEST_REQUIREMENTS operation to helpers so that they can list variables which the daemon should supply for them for it to note, so that if they're not specified by a client, we can intelligently decide whether or not they're actually required to be specified for a given CA, rather than sloppily hard-coding it as we do now. * Learn about using SRV records for locating servers, particularly KCA ones. * Learn to talk to KCAs (RFC 6717) * Learn to speak CMP (see http://marc.info/?l=openssl-dev&m=137535536301203) * Learn to talk to puppet CAs. * Check in with awnuk, who's been looking at this combination. * Learn to talk to r509 CAs. * Switch to SSL access methods when submitting end-entity requests to Dogtag CAs (profileSubmit, checkRequest, displayCertFromRequest). * Be able to fill requester contact info when submitting end-entity enrollment requests, particularly for cases when we don't have agent credentials, and make that a client-suppliable value. * Stamp "approved by certmonger $version", or something, on certificates, to help identify certificates that we approve with agent credentials. * Learn to read and create RFC3820 ProxyCertInfo extensions. * Learn to speak ACME (see https://github.com/letsencrypt/acme-spec). * Learn to sign messages as needed by ACME using a request's private key. * Learn to read and create NameConstraints extensions. * Correctly mark randomly-generated UUID values as version 4, per RFC4122. * Add "profiles" of some kind to the local signer. * Support RSA-PSS signing. * Support a post-failure hook, much as we do a post-success hook now. * Expose notification settings in getcert. * Add some smaller TTL thresholds to the default list. * Make TTL thresholds overridable on a per-certificate basis. * Learn to talk to anchor (https://github.com/openstack/anchor) CAs. certmonger-0.79.19/autogen.sh0000755000175000017500000000052214511314133015432 0ustar gitgit00000000000000#!/bin/bash CFLAGS=`rpm --eval '%{optflags} -Wall -Wextra -Wno-unused-parameter -g3 -O0'`"${CFLAGS:+ $CFLAGS}" export CFLAGS set -x autoreconf -i -f ./configure --prefix=/usr --sysconfdir=/etc --with-tmpdir=/var/run/certmonger --localstatedir=/var --enable-maintainer-mode --enable-srv-location --disable-systemd --disable-sysvinit "$@" certmonger-0.79.19/certmonger.spec0000644000175000017500000017411714511314133016466 0ustar gitgit00000000000000%if 0%{?fedora} > 15 || 0%{?rhel} > 6 %global systemd 1 %global sysvinit 0 %else %global systemd 0 %global sysvinit 1 %endif %if 0%{?fedora} > 15 && 0%{?fedora} < 20 %global systemdsysv 1 %else %global systemdsysv 0 %endif %if 0%{?fedora} > 14 || 0%{?rhel} > 6 %global tmpfiles 1 %else %global tmpfiles 0 %endif %if 0%{?fedora} > 9 || 0%{?rhel} > 5 %global sysvinitdir %{_initddir} %else %global sysvinitdir %{_initrddir} %endif %bcond_with xmlrpc Name: certmonger Version: 0.79.19 Release: 1%{?dist} Summary: Certificate status monitor and PKI enrollment client Group: System Environment/Daemons License: GPL-3.0-or-later URL: https://pagure.io/certmonger/ Source0: https://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz #Source1: https://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel, libidn2-devel BuildRequires: autoconf, automake, gcc, gettext-devel %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 BuildRequires: libuuid-devel %else BuildRequires: e2fsprogs-devel %endif BuildRequires: libtalloc-devel, libtevent-devel %if 0%{?rhel} >= 6 || 0%{?fedora} >= 9 BuildRequires: libcurl-devel %else BuildRequires: curl-devel %endif BuildRequires: libxml2-devel %if %{with xmlrpc} BuildRequires: xmlrpc-c-devel %endif BuildRequires: jansson-devel >= 2.12 %if 0%{?rhel} && 0%{?rhel} < 6 BuildRequires: bind-libbind-devel BuildRequires: mktemp %endif # Required for 'make check': # for diff and cmp BuildRequires: diffutils # for expect BuildRequires: expect # for certutil and pk12util BuildRequires: nss-tools # for openssl BuildRequires: openssl # for dbus-launch BuildRequires: /usr/bin/dbus-launch # for dos2unix BuildRequires: /usr/bin/dos2unix BuildRequires: /usr/bin/unix2dos # for which BuildRequires: /usr/bin/which # for dbus tests BuildRequires: python3-dbus # for popt or popt-devel, depending on the build environment BuildRequires: /usr/include/popt.h # we need a running system bus Requires: dbus Requires(post): %{_bindir}/dbus-send %if %{systemd} BuildRequires: systemd-units Requires(post): systemd-units Requires(preun): systemd-units, dbus, sed Requires(postun): systemd-units %endif %if %{systemdsysv} Requires(post): systemd-sysv %global systemdsysvsave \ # Save the current service runlevel info, in case the user wants \ # to apply the enabled status manually later, by running \ # "systemd-sysv-convert --apply certmonger". \ %{_bindir}/systemd-sysv-convert --save certmonger >/dev/null 2>&1 ||: %else %global systemdsysvsave %{nil} %endif %if %{sysvinit} Requires(post): /sbin/chkconfig, /sbin/service Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed %endif %if 0%{?fedora} >= 15 # Certain versions of libtevent have incorrect internal ABI versions. Conflicts: libtevent < 0.9.13 %endif %description Certmonger is a service which is primarily concerned with getting your system enrolled with a certificate authority (CA) and keeping it enrolled. %prep %setup -q %if 0%{?rhel} > 0 # Enabled by default for RHEL for bug #765600, still disabled by default for # Fedora pending a similar bug report there. sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in %endif %build autoreconf -i -f %configure \ %if %{systemd} --enable-systemd \ %endif %if %{sysvinit} --enable-sysvinit=%{sysvinitdir} \ %endif %if %{tmpfiles} --enable-tmpfiles \ %endif --with-homedir=/run/certmonger \ %if %{with xmlrpc} --with-xmlrpc \ %endif --disable-dsa \ --with-tmpdir=/run/certmonger --enable-pie --enable-now %if %{with xmlrpc} # For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just # tell us about libxmlrpc_client, but we need more. Work around. make %{?_smp_mflags} XMLRPC_LIBS="-lxmlrpc_client -lxmlrpc_util -lxmlrpc" %else make %{?_smp_mflags} %endif %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/certmonger/{cas,requests} install -m755 -d $RPM_BUILD_ROOT/run/certmonger %{find_lang} %{name} %check make check %clean rm -rf $RPM_BUILD_ROOT %post if test $1 -eq 1 ; then %{_bindir}/dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig 2>&1 || : fi %if %{without xmlrpc} # remove any existing certmaster CA configuration if test $1 -gt 1 ; then %{_bindir}/getcert remove-ca -c certmaster 2>&1 || : fi %endif %if %{systemd} if test $1 -eq 1 ; then /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi %endif %if %{sysvinit} /sbin/chkconfig --add certmonger %endif %triggerin -- certmonger < 0.58 if test $1 -gt 1 ; then # If the daemon is running, remove knowledge of the dogtag renewer. objpath=`dbus-send --system --reply-timeout=10000 --dest=org.fedorahosted.certmonger --print-reply=o /org/fedorahosted/certmonger org.fedorahosted.certmonger.find_ca_by_nickname string:dogtag-ipa-renew-agent 2> /dev/null | sed -r 's,^ +,,g' || true` if test -n "$objpath" ; then dbus-send --system --dest=org.fedorahosted.certmonger --print-reply /org/fedorahosted/certmonger org.fedorahosted.certmonger.remove_known_ca objpath:"$objpath" >/dev/null 2> /dev/null fi # Remove the data file, in case it isn't running. for cafile in %{_localstatedir}/lib/certmonger/cas/* ; do if grep -q '^id=dogtag-ipa-renew-agent$' "$cafile" ; then rm -f "$cafile" fi done fi exit 0 %postun %if %{systemd} /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then /bin/systemctl try-restart certmonger.service >/dev/null 2>&1 || : fi %endif %if %{sysvinit} if test $1 -gt 0 ; then /sbin/service certmonger condrestart 2>&1 > /dev/null fi %endif exit 0 %preun %if %{systemd} if test $1 -eq 0 ; then /bin/systemctl --no-reload disable certmonger.service > /dev/null 2>&1 || : /bin/systemctl stop certmonger.service > /dev/null 2>&1 || : fi %endif %if %{sysvinit} if test $1 -eq 0 ; then /sbin/service certmonger stop 2>&1 > /dev/null /sbin/chkconfig --del certmonger fi %endif exit 0 %if %{systemd} %triggerun -- certmonger < 0.43 %{systemdsysvsave} # Do this because the old package's %%postun doesn't know we need to do it. /sbin/chkconfig --del certmonger >/dev/null 2>&1 || : # Do this because the old package's %%postun wouldn't have tried. /bin/systemctl try-restart certmonger.service >/dev/null 2>&1 || : exit 0 %endif %files -f %{name}.lang %defattr(-,root,root,-) %doc README.md LICENSE STATUS doc/*.txt %config(noreplace) %{_sysconfdir}/dbus-1/system.d/* %{_datadir}/dbus-1/services/* %dir %{_sysconfdir}/certmonger %config(noreplace) %{_sysconfdir}/certmonger/certmonger.conf %dir /run/certmonger %{_bindir}/* %{_sbindir}/certmonger %{_mandir}/man*/* %{_libexecdir}/%{name} %{_localstatedir}/lib/certmonger %if %{sysvinit} %{sysvinitdir}/certmonger %endif %if %{tmpfiles} %attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/certmonger.conf %endif %if %{systemd} %{_unitdir}/* %{_datadir}/dbus-1/system-services/* %endif %changelog * Tue Oct 10 2023 Rob Crittenden - 0.79.19-1 - Update to 0.79.19 - getcert: add-scep-ca: fix help for --ca-cert and --ra-cert - Don't restrict tokens to CKM_RSA_X_509 - Updated translations from Weblate * Wed Apr 5 2023 Rob Crittenden - 0.79.18-1 - update to 0.79.18 - Rename DBus service and conf files to match canonical name - Add missing .TP tags in getcert-resubmit man page - migrated to SPDX license - Include owner and perms in getcert list output - Don't require an NSS database in cm_certread_n_parse - Add new certs to internal token, try harder to remove on renewal * Thu Feb 23 2023 Rob Crittenden - 0.79.17-2 - migrated to SPDX license * Wed Nov 30 2022 Rob Crittenden - 0.79.17-1 - update to 0.79.17 - Respect LDFLAGS settings defined by user - Switch to CA user when saving NSS certificates - Translated using Weblate (German) - Translated using Weblate (Georgian) * Thu Aug 25 2022 Rob Crittenden - 0.79.16-1 - update to 0.79.16 - Add a PEM validity checker and validate SCEP CA files - Fix implicit declaration of function ‘PEM_read_bio_X509’ - Don't include "NEW" in certificate signing requests - Verify that the AES-128 is used for encrypting the local CA - Replace DER-encoded test file with a base64-encoded one - Correct a bad date in the spec changelog - Switch to https URLs for Sources, etc. - Remove dependency on SHA-1 - tests: Test that the CA constraint DER encoding is correct - Disable DSA in the RPM spec - Manually build the srpm for the copr CI - Require jansson >= 2.12 - Mark the current directory as a safe git directory - Fix usage of PKCS#7 ASN1 attribute retrieval for SCEP keygen - Translated using Weblate (Chinese (Simplified) (zh_CN)) - Translated using Weblate (Georgian) - Translated using Weblate (Indonesian) - Translated using Weblate (Chinese (Simplified) (zh_CN)) - Translated using Weblate (Hungarian) * Mon Mar 28 2022 Rob Crittenden - 0.79.15-2 - Disable DSA. It is not allowed by default crypto policy (#2066439) * Wed Jan 5 2022 Rob Crittenden - 0.79.15-1 - update to 0.79.15 - Translated using Weblate (Swedish) - Translated using Weblate (Indonesian) - Translated using Weblate (Indonesian) - Translated using Weblate (Sinhala) - Translated using Weblate (French) - Translated using Weblate (Korean) - Port to OpenSSL 3.0.0 - Use extensions template from NSS - Use implicit, empty FALSE for extensions - Add .gitignore to project - If an existing cert exists, use it to decrypt the PKCS#7 envelope - Increase minimum allowed RSA key size to 1024 - Make the default RSA key size configurable - Fix file descriptor leak when executing CA helpers - Add compile check for EVP_PKEY_get_id along with EVP_PKEY_id - Update csrgen test to understand OpenSSL 3.0.0 output - Reject a certificate with an empty NSS nickname - Add SCEP config option to treat the challenge password as an OTP * Tue Jun 15 2021 Rob Crittenden - 0.79.14-1 - update to 0.79.14 - Fix local CA to work under FIPS - Translated using Weblate (Portuguese (Brazil)) - Translated using Weblate (Dutch) - Translated using Weblate (Swedish) - Translated using Weblate (Turkish) - Translated using Weblate (Polish) - Translated using Weblate (Russian) - Translated using Weblate (Ukrainian) - Translated using Weblate (Korean) - If calling a CA helper fails, call cm_casave_done to reap - Update cadata test to reflect non-NULL returned by helper - Drop hardcoded values for Apache NSS db for IPA < v4 - Add NULL checks before string compares when analyzing a cert - Pass /etc/ipa/ca.crt if it exists to libcurl, else rely on system - Close file in casave on NSS database login error - Remove remaining reference to token variable in certread-n - Free the thumbprint variable before returning - Free the error message when returning - Fix compiler warnings - clang: Unused variable assignment - clang: Remove memory leak on failure - clang: free error_message when finding the realm - Display not_before in getcert output - Revert "Revert three Korean translations because they change the order" - Fix list of sub-commands in the getcert man page - Use the system env and not the session env for the local CA - Add autoreconf to in-tree rpm spec file * Tue Oct 20 2020 Rob Crittenden - 0.79.13-1 - update to 0.79.13: - Fix NSS shutdown issues when obtaining the internal token name - Save a copy of the IPA error message when parsing the JSON result - certread-n: Look up certs using PK11_FindCertFromNickname() - Free public key information after storing and displaying - Don't report a spurious error if no SCEP pkiMessage is ready yet * Mon Oct 5 2020 Rob Crittenden - 0.79.12-1 - update to 0.79.12: - Drop previous dbus fix which allowed certmonger to stop on dbus stop - Configure systemd service so certmonger is managed by dbus start/stop - Remove empty translation files in prep for Weblate - Switch IPA to use the JSON instead of XML-RPC API - Disable certmaster CA support by default - Don't send SIGKILL to children, give them a chance to die * Tue Jun 30 2020 Rob Crittenden - 0.79.11-1 - update to 0.79.11: - Fix crash bug when generating thumbprints. * Thu Jun 25 2020 Rob Crittenden - 0.79.10-1 - update to 0.79.10: - dogtag: use POST for profileProcess requests - Improve logging in SCEP helper - Add verbose option to SCEP CA if requested in add-scep-ca - Re-order the way the SCEP signing and CA certs are collected - Add new option to allow overriding the detected SCEP CA chain - template_profile, issuer and MS certificate template are single-value - Ensure that files read in have a trailing new-line - Adapt to the new behavior of disconnect in dbus-broker - Add long command-line options to CLI and man pages - Include &message=CA-IDENT with GetCACaps and GetCACert requests - Address issues uncovered by clang and Coverity - Handle an uninitialized token when adding CA certs to an NSS db - tests: Parametrize 025-casave with NSS db types * Thu Jan 30 2020 Rob Crittenden - 0.79.9-1 - update to 0.79.9: - Allow principal to be set during start-tracking - Remove NOMODDB flag flag from context init, look for full tokens - Pass the CA identifier to the SCEP submit helper - Fix re-key after importing existing private key - Optimize closing open file descriptors - Try to pull the entire CA chain from IPA * Wed Jul 17 2019 Rob Crittenden - 0.79.8-1 - update to 0.78.8: - Change /var/run -> /run in systemd service file - Drop tests for 1024 and 1536-bit keys - Move systemd tmpfiles from /var/run to /run - Display profile, MS template and requested issuer if available * Mon May 20 2019 Rob Crittenden - 0.79.7-2 - Move systemd tmpfiles from /var/run to /run (upstream #111) * Mon Feb 18 2019 Rob Crittenden 0.79.7-1 - update to 0.79.7: - Handle escaped characters in DN handling - Fix handling of tokens - Don't set message for SCEP GetCACaps, GetCACert, drop GetCACertChain - Address issued discovered by clang * Tue May 8 2018 Rob Crittenden 0.79.6-1 - update to 0.79.6: - Better support for NSS SQLite databases - Fix CA creation in local CA, fix DER issue in constraint - If stderr is not a tty log to syslog so the helpers can log - Allow configuration of client SCEP algorithms - Set default SCEP digest to SHA-256, cipher to AES-256 per spec * Mon Apr 2 2018 Rob Crittenden 0.79.5-2 - Switch from libidn to libidn2 for better IDNA2008 support * Fri Sep 1 2017 Rob Crittenden 0.79.5-1 - update to 0.79.5: - getcert start-tracking: use issuer option when specified - add support for specifying the MS certificate template - Reformat certificates returned by Dogtag to strip extra newline * Mon Aug 7 2017 Rob Crittenden 0.79.4-1 - update to 0.79.4: - fix CA option name for ipa cert-request - fix minor memory leak - fix build warnings - fix an incorrect date in the .spec changelog - bump gettext version to avoid warning * Tue Feb 28 2017 Nalin Dahyabhai 0.79.3-1 - update to 0.79.3: - fix self-signing self-test cases that used DSA or EC keys * Mon Feb 27 2017 Nalin Dahyabhai 0.79.2-2 - update %%docs list because README is now README.md * Mon Feb 27 2017 Nalin Dahyabhai 0.79.2-1 - update to 0.79.2: - fix 'make distcheck' target * Sun Feb 19 2017 Nalin Dahyabhai 0.79.1-1 - update to 0.79.1: - update translations - fix 'make archive' target * Sun Feb 19 2017 Nalin Dahyabhai 0.79-1 - update to 0.79: - getcert now offers an option (-X) for requesting processing by a particular CA if the server we're contacting is running more than one - getcert also offers options (--for-ca, --not-for-ca, --ca-path-length) for requesting BasicConstraints values - getcert now displays times in local time instead of UTC, which was previously the only way they were displayed; the --utc option can often be used to switch back to its previous behavior - the SCEP enrollment helper now correctly issues GetCACertChain requests to SCEP servers, instead of issuing a GetCAChain request, which isn't part of the protocol; from report by Jason Garland - when issuing SCEP requests, the ID of the CA included in the HTTP request is now URL-encoded, as it should be - renewal or notification-of-impending-expiration logic is now triggered closer to TTL thresholds rather than waiting for a periodic check to pass a threshold - properly builds with OpenSSL 1.1, thanks to Lukas Slebodnik and Tomas Mraz for a lot of the legwork - resync .spec file with Fedora - upstream project migrated from fedorahosted.org to pagure.io * Fri Feb 10 2017 Fedora Release Engineering - 0.78.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Sat Jan 21 2017 Igor Gnatenko - 0.78.6-5 - Rebuild for xmlrpc-c * Wed Jul 6 2016 Nalin Dahyabhai 0.78.6-4 - add backported fix to wait a reasonable amount of time after calling the 'resubmit' method for a new certificate to be issued when we're exercising the D-Bus API during tests (Jan Cholasta, #1351052) * Wed Jul 6 2016 Nalin Dahyabhai 0.78.6-3 - instead of using killall to send a SIGHUP to the system bus daemon in %%post to get it to reload its configuration, use dbus-send to send a ReloadConfig request over the bus (should fix #1277573) * Wed Feb 03 2016 Fedora Release Engineering - 0.78.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jan 13 2016 Nalin Dahyabhai 0.78.6-1 - document the -R, -N, -o, and -t flags for dogtag-ipa-renew-agent-submit - stop checking that we can generate 512 bit keys during self-tests * Thu Nov 12 2015 Nalin Dahyabhai 0.78.5-1 - fix a possible uninitialized memory read (possibly #1260871) - log a diagnostic error when we fail to initialize libkrb5 * Tue Aug 4 2015 Nalin Dahyabhai 0.78.4-1 - fix the "getcert start-tracking" -L and -l options (#1249753) - output diagnostics about the second request when scep-submit encounters an error during a second request to the SCEP server * Mon Jul 20 2015 Nalin Dahyabhai 0.78.3-1 - call poptGetOptArg() correctly, to fix parsing of the -R flag to scep-submit and the -O and -o flags to dogtag-submit (#1244914) * Thu Jul 9 2015 Nalin Dahyabhai 0.78.2-1 - tweak initialization so that we set up for providing our D-Bus API before we register our name with the bus, so that we can handle any requests that arrive before the acknowledgement of that registration - on systems that run systemd, add the right data file so that the service gets started when someone tries to talk to the daemon (ticket #38) - correctly check for error responses when sending GetCAChain requests to SCEP servers * Sun Jun 21 2015 Nalin Dahyabhai 0.78.1-1 - self-tests: assume that certutil won't generate DSA keys with more than 1024 bits, and will often short us by a few * Sat Jun 20 2015 Nalin Dahyabhai 0.78-1 - switch to using popt for parsing command line arguments, continuing to use old help text for now so that we can catch up with translations (print old text for --help, new text (with longopts!) for -H) - add some plumbing for eventually receiving per-certificate roots in addition to issued certificates and chain certificates - add a "rekey" command to getcert, for triggering enrollment using a new key pair (#1087932) - scep-submit: check for the Renewal capability, and default to taking advantage of it during rekeying, unless the new -n flag is specified to it - dogtag-submit: add flags for passing user names, UDNs, passwords, and PINs to the helper (part of ticket #12) - dogtag-submit: add a flag for using the agent creds to do TLS client auth while submitting enrollment requests (more of ticket #12) - dogtag-submit: handle cases where we submit a request and the server returns a success code rather than just queuing the request (#12 again) - ipa-submit: pass requested profile names to the server as an argument named "profile_id"; if the server gives us an "unrecognized argument" error, retry without it for compatibility's sake (part of IPA ticket #57) - keygen: fix a possible crash if keygen fails to return a key from NSS - correct the certmonger(8) man page's description of the -c flag, which it used to call the -C flag - add logic for setting ownership and permissions on certificates and keys when saving them to disk - add configuration options "max_key_lifetime" and "max_key_use_count" for making automatic renewal prefer rekeying * Wed Jun 17 2015 Fedora Release Engineering - 0.77.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Thu May 28 2015 Nalin Dahyabhai 0.77.5-1 - pass $CERTMONGER_REQ_IP_ADDRESS to enrollment helpers if the signing request includes IP address subjectAltName values - correctly verify signatures on SCEP server replies when the signer is neither the top-level CA nor the RA (feedback in #1161768) - correctly verify signatures on SCEP server replies when there is more than one certificate in the chain between the RA and the top-level CA (feedback in #1161768) * Fri May 15 2015 Nalin Dahyabhai 0.77.4-1 - don't display PINs in "getcert list" output (#42) - clean up launching of a private instance in "getcert" - expand on the don't-delete-private-key fix from 0.77.3 by letting NSS's own safety checks have an effect - backport record-keeping of key generation dates and counts of how many times we've gotten certificates using a given key pair * Thu May 7 2015 Nalin Dahyabhai 0.77.3-1 - fix a data loss bug when saving renewed certificates to NSS databases - the private key could be removed in error since 0.77 - fixes for bugs found by static analysis - fix self-tests when built with OpenSSL 1.0.2 * Tue Apr 14 2015 Nalin Dahyabhai 0.77.2-1 - expose the certificate's not-valid-before and not-valid-after dates as a property over D-Bus (ticket #41) - give the local signer its own configuration option to set the lifetime of its signing certificate, falling back to the lifetime configured for the self-signer as a default to match the previous behavior - fix a potential read segfault parsing the output of an enrollment helper, introduced in 0.77 (thanks to Steve Neuharth) - read the ns-certtype extension value in certificates - request an enrollment certtype extension to CSRs if we have a profile name that we want to use (ticket #17, possibly part of IPA ticket #57) * Fri Feb 27 2015 Nalin Dahyabhai 0.77.1-1 - update to 0.77 - add initial, still rough, SCEP support (#1140241,#1161768) - add an scep-submit helper to handle part of it - getcert: add add-ca/add-scep-ca/modify-ca/remove-ca commands - getcert: add -l, -L flags to request/resubmit/start-tracking commands to provide a way to set a ChallengePassword in signing requests - lay some groundwork for rekeying support - bundled dogtag enrollment helpers now output debugging info to stderr (#) - ipa-getcert: fix a crash when using DNS discovery to locate servers (#39) - getcert: fix displaying of pre-request pre-/post-save commands (#1178190, #1181022, patch by David Kupka) - use Zanata for translations - getcert list: list the certificate's profile name, if it contains one * Tue Nov 18 2014 Nalin Dahyabhai 0.76.8-1 - dogtag-submit: accept additional options to pass to the server when approving requests using agent creds (#1165155, patch by Jan Cholasta) - getcert: print help output when 'status' isn't given any args (#1163541) * Tue Nov 11 2014 Nalin Dahyabhai 0.76.7-1 - correctly read CA not-valid-after dates on 32-bit machines (also reported by Natxo Asenjo), so that we don't spin on polling them (#1163023) * Mon Nov 10 2014 Nalin Dahyabhai 0.76.6-1 - don't discard the priority value in DNS SRV records * Mon Nov 10 2014 Nalin Dahyabhai 0.76.5-1 - avoid premature exit on CA data analysis failures (should fix an issue reported by Natxo Asenjo) * Mon Nov 10 2014 Nalin Dahyabhai 0.76.4-1 - fix a failure in self-tests * Mon Nov 10 2014 Nalin Dahyabhai 0.76.3-1 - fixes for bugs found by static analysis - handle IDN correctly when doing service location using SRV records - documentation updates * Wed Nov 5 2014 Nalin Dahyabhai - rework the state machine so that we save an issued certificate's associated CA certificates, then re-read the certificate, then run the post hook and issue notifications, in that order, instead of saving CA certificates after running the post hook, which was always a surprising order (#1131700) - add a generic dogtag-submit helper that doesn't include any IPA defaults, to make it easier to know the difference between paramenters it requires and parameters which are optional (#12) * Tue Nov 4 2014 Nalin Dahyabhai 0.76.2-1 - ipa-submit: when we fail to locate/contact LDAP or XML-RPC servers, use discovery to find them (#1136900) * Fri Oct 31 2014 Nalin Dahyabhai 0.76.1-1 - allow for 'certmonger -P abstract:...' to work, too * Fri Oct 31 2014 Nalin Dahyabhai 0.76-1 - require a single certificate to be specified to 'getcert status' (#1148001, #1163541, #1163539) - shorten the default help message which getcert prints when it's not given a specific command (#1131704) - add private listener (-l, -L, -P) mode to certmonger, to allow it to listen for connections directly from clients running under the same UID - add a command mode (-c) to certmonger, in which once it's started, it launches a specified command, and after that command exits, the daemon exits - when getcert is invoked with no bus running, if it's running as root, run certmonger in private listener mode with the same invocation of getcert as the command to start and wait for (#1134497) * Thu Aug 28 2014 Nalin Dahyabhai 0.75.14-1 - make pathname canonicalization slightly smarter, to handle ".." in locations (#1131758) - updates to self-tests (#1144082) * Thu Aug 21 2014 Kevin Fenzi - 0.75.13-2 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Nalin Dahyabhai 0.75.13-1 - add a missing test case file (whoops) * Mon Aug 18 2014 Nalin Dahyabhai 0.75.12-1 - correct encoding/decoding of variant-typed data which we receive and send as part of the org.freedesktop.DBus.Properties interface over the bus, and add some tests for them (based on patch from David Kupka, ticket #36) * Fri Aug 15 2014 Fedora Release Engineering - 0.75.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 12 2014 Nalin Dahyabhai 0.75.11-1 - when getcert is passed a -a flag, to indicate that CA root certificates should be stored in the specified database, don't ignore locations which don't include a storage scheme (#1129537) - when called to 'start-tracking' with the -a or -F flags, if we have applicable certificates on-hand for a CA that we're either told to use or which we decide is the correct one, save the certificates (#1129696) * Tue Aug 5 2014 Nalin Dahyabhai 0.75.10-1 - when attempting to contact an IPA LDAP server, if no "ldap_uri" is set in default.conf, and no "host" is set either, try to construct the server URI using the "server" setting (#1126985) * Thu Jul 31 2014 Nalin Dahyabhai 0.75.9-1 - avoid potential use-after-free after a CA is removed dynamically (thanks to Keenan Brock) (#1125342) - add a "external-helper" property to CA objects * Mon Jul 21 2014 Nalin Dahyabhai 0.75.8-1 - add a 'refresh' option to the getcert command - add a '-a' flag to the getcert command's 'refresh-ca' option * Thu Jul 17 2014 Nalin Dahyabhai 0.75.7-2 - reintroduce package Requires: on systemd-sysv on F19 and EL6 and older, conditionalized it so that it's ignored on newer releases, and make whether or not we call systemd-sysv-convert in triggers depend on that, too (#1104138) * Thu Jul 17 2014 Nalin Dahyabhai 0.75.7-1 - fix an inconsistency in how we parse cookie values returned by CA helpers, in that single-line values would lose the end-of-line after a daemon restart, but not before - handle timeout values and exit status values when calling CA helpers in non-SUBMIT, non-POLL modes (#1118468) - rework how we save CA certificates so that we save CA certificates associated with end-entity certificates when we save that end-entity certificate, which requires running all of the involved pre- and post-save commands - drop package Requires: on systemd-sysv (#1104138) * Thu Jun 26 2014 Nalin Dahyabhai 0.75.6-1 - avoid potential use-after-free and read overrun after a CA is added dynamically (thanks to Jan Cholasta) * Fri Jun 20 2014 Nalin Dahyabhai 0.75.5-1 - documentation updates * Fri Jun 20 2014 Nalin Dahyabhai 0.75.4-2 - add a %%trigger to remove knowledge of the "dogtag-ipa-renew-agent" CA when we detect certmonger versions prior to 0.58 being installed, to avoid cases where some older versions choke on CAs with nicknames that contain characters that can't legally be part of a D-Bus name (#948993) * Thu Jun 19 2014 Nalin Dahyabhai 0.75.4-1 - fix creation and packaging of the "local" CA's data directory * Wed Jun 18 2014 Nalin Dahyabhai 0.75.3-1 - read and cache whether or not we saw a noOCSPcheck extension in certificates - documentation updates * Mon Jun 16 2014 Nalin Dahyabhai 0.75.2-1 - when generating keys using OpenSSL, if key generation fails, try again with the default key size, in case we're in FIPS mode - documentation updates * Sat Jun 14 2014 Nalin Dahyabhai 0.75.1-1 - log the state in 'getcert status' verbose mode * Fri Jun 13 2014 Nalin Dahyabhai 0.75-1 - add a -w (wait) flag to the getcert's request/resubmit/start-tracking commands, and add a non-waiting status command * Wed Jun 11 2014 Nalin Dahyabhai 0.74.96-1 - make the trust settings we apply to CA-supplied certificates while saving them to NSS databases run-time configurable - fix compiling against EL5-era OpenSSL - when saving CA certificates we pull from an IPA server, nickname it using the realm name with " IPA CA" appended rather than just naming it "IPA CA" - fix the local signer so that when it issues itself a new certificate, it uses the same subject name - add a -w flag to getcert's request, resubmit, and start-tracking commands, telling it to wait until either the certificate is issued, we get to a state where we know that we won't be able to get one, or we are waiting for a CA * Mon Jun 9 2014 Nalin Dahyabhai 0.74.95-1 - add the "local" signer, a local toy CA that signs anything you'll ask it to sign * Sat Jun 07 2014 Fedora Release Engineering - 0.74-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Jun 6 2014 Nalin Dahyabhai 0.74.94-1 - fix self-test errors that we trigger with new OpenSSL - fix a build error that would sometimes happen when we're told to build PIE binaries - quiet a compile warning * Thu Jun 5 2014 Nalin Dahyabhai 0.74.93-1 - add some self-tests - simplify the internal submit-to-CA logic - fixes for more problems found through static analysis * Tue Jun 3 2014 Nalin Dahyabhai 0.74.92-1 - retrieve CA information from CAs, if the helpers can do so, and add a command to explicitly refresh that data: "getcert refresh-ca" - offer to save CA certificates to files and databases, when specified with new -a and -F flags to getcert request/resubmit/start-tracking (#1098208, trac #31) - add IP address subject alternate names when getcert request/resubmit is passed the -A option (trac #35) - read and cache the freshestCRL extension in certificates - properly interpret KDC-unreachable errors encountered in the IPA submission error as a server-unreachable error that we will retry, rather than a misconfiguration error which we won't - don't let tests get tripped up by new formatting used in dos2unix status messages (#1099080) - updated translations - be explicit that we are going to use bashisms in test scripts by calling the shell interpreter as 'bash' rather than 'sh' (trac #27) * Thu Apr 3 2014 Nalin Dahyabhai 0.74-1 - also save state when we exit due to SIGHUP - don't get tripped up when enrollment helpers hand us certificates which include CRLF line terminators (ticket #25) - be tolerant of certificate issuer names, subject names, DNS, email, and Kerberos principal namem subjectAltNames, and crl distribution point URLs that contain newlines - read and cache the certificate template extension in certificates - enforce different minimum key sizes depending on the type of key we're trying to generate - store DER versions of subject, issuer and template subject, if we have them (Jan Cholasta, ticket #26) - when generating signing requests with subject names that don't quite parse as subject names, encode what we're given as PrintableString rather than as a UTF8String - always chdir() to a known location at startup, even if we're not becoming a daemon - fix a couple of memory leaks (static analysis) - add missing buildrequires: on which * Thu Feb 20 2014 Nalin Dahyabhai 0.73-1 - updates to 0.73 - getcert no longer claims to be stuck when a CA is unreachable, because the daemon isn't actually stuck * Mon Feb 17 2014 Nalin Dahyabhai - updates to 0.73 - also pass the key type to enrollment helpers in the environment as a the value of "CERTMONGER_KEY_TYPE" * Mon Feb 10 2014 Nalin Dahyabhai - move the tmpfiles.d file from /etc/tmpfiles.d to %%{_tmpfilesdir}, where it belongs (#1180978) * Mon Feb 10 2014 Nalin Dahyabhai - updates for 0.73 - set the flag to encode EC public key parameters using named curves instead of the default of all-the-details when using OpenSSL - don't break when NSS supports secp521r1 but OpenSSL doesn't - also pass the CA nickname to enrollment helpers in the environment as a text value in "CERTMONGER_CA_NICKNAME", so they can use that value when reading configuration settings - also pass the SPKAC value to enrollment helpers in the environment as a base64 value in "CERTMONGER_SPKAC" - also pass the request's SubjectPublicKeyInfo value to enrollment helpers in the environment as a base64 value in "CERTMONGER_SPKI" (part of #16) - when generating signing requests using NSS, be more accommodating of requested subject names that don't parse properly * Mon Feb 3 2014 Nalin Dahyabhai 0.72-1 - update to 0.72 - support generating DSA parameters and keys on sufficiently-new OpenSSL and NSS - support generating EC keys when OpenSSL and NSS support it, using key size to select the curve to use from among secp256r1, secp384r1, secp521r1 (which are the ones that are usually available, though secp521r1 isn't always, even if the other two are) - stop trying to cache public key parameters at all and instead cache public key info properly - encode the friendlyName attribute in signing requests as a BMPString, not as a PrintableString - catch more filesystem permissions problems earlier (more of #996581) * Mon Jan 27 2014 Nalin Dahyabhai 0.71-1 - check for cases where we fail to allocate memory while reading a request or CA entry from disk (John Haxby) - only handle one watch at a time, which should avoid abort() during attempts to reconnect to the message bus after losing our connection to it (#1055521) * Fri Jan 24 2014 Daniel Mach - 0.70-2 - Mass rebuild 2014-01-24 * Thu Jan 2 2014 Nalin Dahyabhai 0.70-1 - add a --with-homedir option to configure, and use it, since subprocesses which we run and which use NSS may attempt to write to $HOME/.pki, and 0.69's strategy of setting that to "/" was rightly hitting SELinux policy denials (#1047798) * Fri Dec 27 2013 Daniel Mach - 0.69-2 - Mass rebuild 2013-12-27 * Mon Dec 9 2013 Nalin Dahyabhai 0.69-1 - tweak how we decide whether we're on the master or a minion when we're told to use certmaster as a CA - clean up one of the tests so that it doesn't have to work around internal logging producing duplicate messages - when logging errors while setting up to contact xmlrpc servers, explicitly note that the error is client-side - don't abort() due to incorrect locking when an attempt to save an issued certificate to the designated location fails (part of #1032760/#1033333, ticket #22) - when reading an issued certificate from an enrollment helper, ignore noise before or after the certificate itself (more of #1032760/1033333, ticket #22) - run subprocesses in a cleaned-up environment (more of #1032760/1033333, ticket #22) - clear the ca-error that we saved when we had an error talking to the CA if we subsequently succeed in talking to the CA - various other static-analysis fixes * Thu Aug 29 2013 Nalin Dahyabhai 0.68-1 - notice when the OpenSSL RNG isn't seeded - notice when saving certificates or keys fails due to filesystem-related permission denial (#996581) * Tue Aug 6 2013 Nalin Dahyabhai 0.67-3 - pull up a patch from master to adapt self-tests to certutil's diagnostic output having changed (#992050) * Sat Aug 03 2013 Fedora Release Engineering - 0.67-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Mar 11 2013 Nalin Dahyabhai 0.67-1 - when saving certificates to NSS databases, try to preserve the trust value assigned to a previously-present certificate with the same nickname and subject, if one is found - when saving certificates to NSS databases, also prune certificates from the database which have both the same nickname and subject as the one we're adding, to avoid tripping up tools that only fetch one certificate by nickname * Wed Feb 13 2013 Fedora Release Engineering - 0.65-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jan 23 2013 Nalin Dahyabhai 0.66-1 - build as position-independent executables with early binding (#883966) - also don't tag the unit file as a configuration file (internal tooling) * Wed Jan 23 2013 Nalin Dahyabhai 0.65-2 - don't tag the D-Bus session .service file as a configuration file (internal tooling) * Tue Jan 8 2013 Nalin Dahyabhai 0.65-1 - fix a crash in the self-tests * Tue Jan 8 2013 Nalin Dahyabhai 0.64-1 - at startup, if we resume the state machine for a given certificate to a state which expects to have the newly-added lock already acquired, acquire it before moving on with the certificate's work (still aimed at fixing #883484) * Tue Dec 18 2012 Nalin Dahyabhai 0.63-1 - serialize access to NSS databases and the running of pre- and post-save commands which might also access them (possibly fixing part of #883484) * Thu Nov 29 2012 Nalin Dahyabhai 0.62-1 - add a -u flag to getcert to enable requesting a keyUsage extension value - request subjectKeyIdentifier extensions from CAs, and include them in self-signed certificates - request basicConstraints from CAs, defaulting to requests for end-entity certificates - when requesting CA certificates, also request authorityKeyIdentifier - add support for requesting CRL distribution point and authorityInfoAccess extensions that specify OCSP responder locations - don't crash when OpenSSL can't build a template certificate from a request when we're in FIPS mode - put NSS in FIPS mode, when the system booted that way, except when we're trying to write certificates to a database - fix CSR generation and self-signing in FIPS mode with NSS - fix self-signing in FIPS mode with OpenSSL - new languages from the translation team: mai, ml, nn, ga * Tue Nov 27 2012 Nalin Dahyabhai 0.61-3 - backport change from git to not choke if X509_REQ_to_X509() fails when we're self-signing using OpenSSL - backport another change from git to represent this as a CA-rejected error * Mon Sep 24 2012 Nalin Dahyabhai 0.61-1 - fix a regression in reading old request tracking files where the request was in state NEED_TO_NOTIFY or NOTIFYING * Wed Sep 5 2012 Nalin Dahyabhai 0.60-1 - adjust internals of logic for talking to dogtag to at least have a concept of non-agent cases - when talking to an IPA server's internal Dogtag instance, infer which ports the CA is listening on from the "dogtag_version" setting in the IPA configuration (Ade Lee) - send a notification (or log a message, whatever) when we save a new certificate (#766167) * Mon Jul 30 2012 Nalin Dahyabhai - fix a bad %%preun scriptlet * Wed Jul 18 2012 Fedora Release Engineering - 0.59-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jun 29 2012 Nalin Dahyabhai 0.59-1 - mostly documentation updates * Fri Jun 29 2012 Nalin Dahyabhai 0.58-1 - add a "dogtag-ipa-renew-agent" CA so that we can renew certificates using an IPA server's internal Dogtag instance - export the requested profile and old certificate to enrollment helpers - make libxml and libcurl into hard build-time requirements - serialize all pre/save/post sequences to make sure that stop/save/start doesn't become stop1/save1/stop2/start1/save2/start2 when we're stopping a service while we muck with more than one of its certificates * Fri Jun 15 2012 Nalin Dahyabhai - add a command option (-T) to getcert for specifying which enrollment profile to tell a CA that we're using, in case it cares (#10) * Thu Jun 14 2012 Nalin Dahyabhai 0.57-1 - clarify that the command passed to getcert -C is a "post"-save command - add a "pre"-save command option to getcert, specified with the -B flag (#9) - after we notify of an impending not-valid-after approaching, don't do it again immediately * Sat Mar 3 2012 Nalin Dahyabhai 0.56-1 - when a caller sets the is-default flag on a CA, and another CA is no longer the default, emit the PropertiesChanged signal on the CA which is not the default, instead on the new default a second time - drop some dead code from the D-Bus message handlers (static analysis, #796813) - cache public keys when we read private keys - go back to printing an error indicating that we're missing a required argument when we're missing a required argument, not that the option is invalid (broken since 0.51, #796542) * Wed Feb 15 2012 Nalin Dahyabhai 0.55-1 - allow root to use our implementation of org.freedesktop.DBus.Properties - take more care to not emit useless PropertiesChanged signals * Wed Feb 15 2012 Nalin Dahyabhai 0.54-1 - fix setting the group ID when spawning the post-save command * Tue Feb 14 2012 Nalin Dahyabhai 0.53-1 - large changes to the D-Bus glue, exposing a lot of data which we were providing via D-Bus getter methods as properties, and providing more accurate introspection data - emit a signal when the daemon saves a certificate to the destination location, and provide an option to have the daemon spawn an arbitrary command at that point, too (#766167) - enable starting the service by default on RHEL (#765600) * Thu Jan 12 2012 Fedora Release Engineering - 0.52-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Fri Dec 16 2011 Nalin Dahyabhai 0.52-1 - note that SELinux usually confines us to writing only to cert_t in doc/getting-started.txt (#765599) - fix crashes when we add a request during our first run when we're populating the hard-coded CA list - properly deal with cases where a path is passed to us is "./XXX" - in session mode, create our data directories as we go * Tue Dec 6 2011 Nalin Dahyabhai 0.51-1 - api: lift restrictions on characters used in request and CA nicknames by making their object names not incorporate their nicknames - api: add find_request_by_nickname and find_ca_by_nickname - certmonger-ipa-submit.8: list -k, -K, -t in the summary, document -K - getcert: print "invalid option" error messages ourselves (#756291) - ipa-submit: supply a Referer: header when submitting requests to IPA (#750617, needed for #747710) * Fri Oct 14 2011 Nalin Dahyabhai 0.50-1 - really fix these this time: - getcert: error out when "list -c" finds no matching CA (#743488) - getcert: error out when "list -i" finds no matching request (#743485) * Wed Oct 12 2011 Nalin Dahyabhai 0.49-1 - when using an NSS database, skip loading the module database (#743042) - when using an NSS database, skip loading root certs - generate SPKAC values when generating CSRs, though we don't do anything with SPKAC values yet - internally maintain and use challenge passwords, if we have them - behave better when certificates have shorter lifetimes - add/recognize/handle notification type "none" - getcert: error out when "list -c" finds no matching CA (#743488) - getcert: error out when "list -i" finds no matching request (#743485) * Thu Sep 29 2011 Nalin Dahyabhai 0.48-1 - don't incorrectly assume that CERT_ImportCerts() returns a NULL-terminated array (#742348) * Tue Sep 27 2011 Nalin Dahyabhai 0.47-1 - getcert: distinguish between {stat() succeeds but isn't a directory} and {stat() failed} when printing an error message (#739903) - getcert resubmit/start-tracking: when we're looking for an existing request by ID, and we don't find one, note that specifically (#741262) * Mon Aug 29 2011 Stephen Gallagher - 0.46-1.1 - Rebuild against fixed libtevent version * Mon Aug 15 2011 Nalin Dahyabhai 0.46-1 - treat the ability to access keys in an NSS database without using a PIN, when we've been told we need one, as an error (#692766, really this time) * Thu Aug 11 2011 Nalin Dahyabhai 0.45-1 - modify the systemd .service file to be a proper 'dbus' service (more of #718172) * Thu Aug 11 2011 Nalin Dahyabhai 0.44-1 - check specifically for cases where a specified token that we need to use just isn't present for whatever reason (#697058) * Wed Aug 10 2011 Nalin Dahyabhai 0.43-1 - add a -K option to ipa-submit, to use the current ccache, which makes it easier to test * Fri Aug 5 2011 Nalin Dahyabhai - if xmlrpc-c's struct xmlrpc_curl_xportparms has a gss_delegate field, set it to TRUE when we're doing Negotiate auth (#727864, #727863, #727866) * Wed Jul 13 2011 Nalin Dahyabhai - treat the ability to access keys in an NSS database without using a PIN, when we've been told we need one, as an error (#692766) - when handling "getcert resubmit" requests, if we don't have a key yet, make sure we go all the way back to generating one (#694184) - getcert: try to clean up tests for NSS and PEM file locations (#699059) - don't try to set reconnect-on-exit policy unless we managed to connect to the bus (#712500) - handle cases where we specify a token but the storage token isn't known (#699552) - getcert: recognize -i and storage options to narrow down which requests the user wants to know about (#698772) - output hints when the daemon has startup problems, too (#712075) - add flags to specify whether we're bus-activated or not, so that we can exit if we have nothing to do after handling a request received over the bus if some specified amount of time has passed - explicitly disallow non-root access in the D-Bus configuration (#712072) - migrate to systemd on releases newer than Fedora 15 or RHEL 6 (#718172) - fix a couple of incorrect calls to talloc_asprintf() (#721392) * Wed Apr 13 2011 Nalin Dahyabhai 0.42-1 - getcert: fix a buffer overrun preparing a request for the daemon when there are more parameters to encode than space in the array (#696185) - updated translations: de, es, id, pl, ru, uk * Mon Apr 11 2011 Nalin Dahyabhai 0.41-1 - read information about the keys we've just generated before proceeding to generating a CSR (part of #694184, part of #695675) - when processing a "resubmit" request from getcert, go back to key generation if we don't have keys yet, else go back to CSR generation as before (#694184, #695675) - configure with --with-tmpdir=/var/run/certmonger and own /var/run/certmonger (#687899), and add a systemd tmpfiles.d control file for creating /var/run/certmonger on Fedora 15 and later - let session instances exit when they get disconnected from the bus - use a lock file to make sure there's only one session instance messing around with the user's files at a time - fix errors saving certificates to NSS databases when there's already a certificate there with the same nickname (#695672) - make key and certificate location output from 'getcert list' more properly translatable (#7) * Mon Mar 28 2011 Nalin Dahyabhai 0.40-1 - update to 0.40 - fix validation check on EKU OIDs in getcert (#691351) - get session bus mode sorted - add a list of recognized EKU values to the getcert-request man page * Fri Mar 25 2011 Nalin Dahyabhai 0.39-1 - update to 0.39 - fix use of an uninitialized variable in the xmlrpc-based submission helpers (#690886) * Thu Mar 24 2011 Nalin Dahyabhai 0.38-1 - update to 0.38 - catch cases where we can't read a PIN file, but we never have to log in to the token to access the private key (more of #688229) * Tue Mar 22 2011 Nalin Dahyabhai 0.37-1 - update to 0.37 - be more careful about checking if we can read a PIN file successfully before we even call an API that might need us to try (#688229) - fix strict aliasing warnings * Tue Mar 22 2011 Nalin Dahyabhai 0.36-1 - update to 0.36 - fix some use-after-free bugs in the daemon (#689776) - fix a copy/paste error in certmonger-ipa-submit(8) - getcert now suppresses error details when not given its new -v option (#683926, more of #681641/#652047) - updated translations - de, es, pl, ru, uk - indonesian translation is now for "id" rather than "in" * Wed Mar 2 2011 Nalin Dahyabhai 0.35.1-1 - fix a self-test that broke because one-year-from-now is now a day's worth of seconds further out than it was a few days ago * Mon Feb 14 2011 Nalin Dahyabhai 0.35-1 - update to 0.35 - self-test fixes to rebuild properly in mock (#670322) * Tue Feb 08 2011 Fedora Release Engineering - 0.34-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Jan 14 2011 Nalin Dahyabhai 0.34-1 - update to 0.34 - explicitly note the number of requests we're tracking in the output of "getcert list" (#652049) - try to offer some suggestions when we get certain specific errors back in "getcert" (#652047) - updated translations - es * Thu Dec 23 2010 Nalin Dahyabhai 0.33-1 - update to 0.33 - new translations - id by Okta Purnama Rahadian! - updated translations - pl, uk - roll up assorted fixes for defects * Fri Nov 12 2010 Nalin Dahyabhai 0.32-2 - depend on the e2fsprogs libuuid on Fedora and RHEL releases where it's not part of util-linux-ng * Wed Oct 13 2010 Nalin Dahyabhai 0.32-1 - oops, rfc5280 says we shouldn't be populating unique identifiers, so make it a configuration option and default the behavior to off * Tue Oct 12 2010 Nalin Dahyabhai 0.31-1 - start populating the optional unique identifier fields in self-signed certificates * Thu Sep 30 2010 Nalin Dahyabhai 0.30-4 - explicitly require "dbus" to try to ensure we have a running system bus when we get started (#639126) * Wed Sep 29 2010 jkeating - 0.30-3 - Rebuilt for gcc bug 634757 * Thu Sep 23 2010 Nalin Dahyabhai 0.30-2 - try to SIGHUP the messagebus daemon at first install so that it'll let us claim our service name if it isn't restarted before we are first started (#636876) * Wed Aug 25 2010 Nalin Dahyabhai 0.30-1 - update to 0.30 - fix errors computing the time at the end of an interval that were caught by self-tests * Mon Aug 23 2010 Nalin Dahyabhai 0.29-1 - update to 0.29 - fix 64-bit cleanliness issue using libdbus - actually include the full set of tests in tarballs * Tue Aug 17 2010 Nalin Dahyabhai 0.28-1 - update to 0.28 - fix self-signing certificate notBefore and notAfter values on 32-bit machines * Tue Aug 17 2010 Nalin Dahyabhai 0.27-1 - update to 0.27 - portability and test fixes * Fri Aug 13 2010 Nalin Dahyabhai 0.26-1 - update to 0.26 - when canceling a submission request that's being handled by a helper, reap the child process's status after killing it (#624120) * Fri Aug 13 2010 Nalin Dahyabhai 0.25-1 - update to 0.25 - new translations - in by Okta Purnama Rahadian! - fix detection of cases where we can't access a private key in an NSS database because we don't have the PIN - teach '*getcert start-tracking' about the -p and -P options which the '*getcert request' commands already understand (#621670), and also the -U, -K, -E, and -D flags - double-check that the nicknames of keys we get back from PK11_ListPrivKeysInSlot() match the desired nickname before accepting them as matches, so that our tests won't all blow up on EL5 - fix dynamic addition and removal of CAs implemented through helpers * Mon Jun 28 2010 Nalin Dahyabhai 0.24-4 - init script: ensure that the subsys lock is created whenever we're called to "start" when we're already running (even more of #596719) * Tue Jun 15 2010 Nalin Dahyabhai 0.24-3 - more gracefully handle manual daemon startups and cleaning up of unexpected crashes (still more of #596719) * Thu Jun 10 2010 Nalin Dahyabhai 0.24-2 - don't create the daemon pidfile until after we've connected to the D-Bus (still more of #596719) * Tue Jun 8 2010 Nalin Dahyabhai 0.24-1 - update to 0.24 - keep the lock on the pid file, if we have one, when we fork, and cancel daemon startup if we can't gain ownership of the lock (the rest of #596719) - make the man pages note which external configuration files we consult when submitting requests to certmaster and ipa CAs * Thu May 27 2010 Nalin Dahyabhai 0.23-1 - update to 0.23 - new translations - pl by Piotr Drąg! - cancel daemon startup if we can't gain ownership of our well-known service name on the DBus (#596719) * Fri May 14 2010 Nalin Dahyabhai 0.22-1 - update to 0.22 - new translations - de by Fabian Affolter! - certmaster-submit: don't fall over when we can't find a certmaster.conf or a minion.conf (i.e., certmaster isn't installed) (#588932) - when reading extension values from certificates, prune out duplicate principal names, email addresses, and hostnames * Tue May 4 2010 Nalin Dahyabhai 0.21-1 - update to 0.21 - getcert/*-getcert: relay the desired CA to the local service, whether specified on the command line (in getcert) or as a built-in hard-wired default (in *-getcert) (#584983) - flesh out the default certmonger.conf so that people can get a feel for the expected formatting (Jenny Galipeau) * Wed Apr 21 2010 Nalin Dahyabhai 0.20-1 - update to 0.20 - correctly parse certificate validity periods given in years (spotted by Stephen Gallagher) - setup for translation - es by Héctor Daniel Cabrera! - ru by Yulia Poyarkova! - uk by Yuri Chornoivan! - fix unpreprocessed defaults in certmonger.conf's man page - tweak the IPA-specific message that indicates a principal name also needs to be specified if we're not using the default subject name (#579542) - make the validity period of self-signed certificates into a configuration setting and not a piece of the state information we track about the signer - init script: exit with status 2 instead of 1 when invoked with an unrecognized argument (#584517) * Tue Mar 23 2010 Nalin Dahyabhai 0.19-1 - update to 0.19 - correctly initialize NSS databases that need to be using a PIN - add certmonger.conf, for customizing notification timings and settings, and use of digests other than the previously-hard-coded SHA256, and drop those settings from individual requests - up the default self-sign validity interval from 30 days to 365 days - drop the first default notification interval from 30 days to 28 days (these two combined to create a fun always-reissuing loop earlier) - record the token which contains the key or certificate when we're storing them in an NSS database, and report it - improve handling of cases where we're supposed to use a PIN but we either don't have one or we have the wrong one - teach getcert to accept a PIN file's name or a PIN value when adding a new entry - update the IPA submission helper to use the new 'request_cert' signature that's landing soon - more tests * Fri Feb 12 2010 Nalin Dahyabhai 0.18-1 - update to 0.18 - add support for using encrypted storage for keys, using PIN values supplied directly or read from files whose names are supplied - don't choke on NSS database locations that use the "sql:" or "dbm:" prefix * Mon Jan 25 2010 Nalin Dahyabhai 0.17-2 - make the D-Bus configuration file (noreplace) (#541072) - make the %%check section and the deps we have just for it conditional on the same macro (#541072) * Wed Jan 6 2010 Nalin Dahyabhai 0.17-1 - update to 0.17 - fix a hang in the daemon (Rob Crittenden) - documentation updates - fix parsing of submission results from IPA (Rob Crittenden) * Fri Dec 11 2009 Nalin Dahyabhai 0.16-1 - update to 0.16 - set a umask at startup (Dan Walsh) * Tue Dec 8 2009 Nalin Dahyabhai 0.15-1 - update to 0.15 - notice that a directory with a trailing '/' is the same location as the directory without it - fix handling of the pid file when we write one (by actually giving it contents) * Wed Nov 25 2009 Nalin Dahyabhai 0.14-1 - update to 0.14 - check key and certificate location at add-time to make sure they're absolute paths to files or directories, as appropriate - IPA: dig into the 'result' item if the named result value we're looking for isn't in the result struct * Tue Nov 24 2009 Nalin Dahyabhai 0.13-1 - update to 0.13 - change the default so that we default to trying to auto-refresh certificates unless told otherwise - preemptively enforce limitations on request nicknames so that they make valid D-Bus object path components * Tue Nov 24 2009 Nalin Dahyabhai 0.12-1 - update to 0.12 - add a crucial bit of error reporting when CAs reject our requests - count the number of configured CAs correctly * Mon Nov 23 2009 Nalin Dahyabhai 0.11-1 - update to 0.11 - add XML-RPC submission for certmaster and IPA - prune entries with duplicate names from the data store * Fri Nov 13 2009 Nalin Dahyabhai 0.10-1 - update to 0.10 - add some compiler warnings and then fix them * Fri Nov 13 2009 Nalin Dahyabhai 0.9-1 - update to 0.9 - run external submission helpers correctly - fix signing of signing requests generated for keys stored in files - only care about new interface and route notifications from netlink, and ignore notifications that don't come from pid 0 - fix logic for determining expiration status - correct the version number in self-signed certificates * Tue Nov 10 2009 Nalin Dahyabhai 0.8-1 - update to 0.8 - encode windows UPN values in requests correctly - watch for netlink routing changes and restart stalled submission requests - 'getcert resubmit' can force a regeneration of the CSR and submission * Fri Nov 6 2009 Nalin Dahyabhai 0.7-1 - update to 0.7 - first cut at a getting-started document - refactor some internal key handling with NSS - check for duplicate request nicknames at add-time * Tue Nov 3 2009 Nalin Dahyabhai 0.6-1 - update to 0.6 - man pages - 'getcert stop-tracking' actually makes the server forget now - 'getcert request -e' was redundant, dropped the -e option - 'getcert request -i' now sets the request nickname - 'getcert start-tracking -i' now sets the request nickname * Mon Nov 2 2009 Nalin Dahyabhai 0.5-1 - update to 0.5 - packaging fixes - add a selfsign-getcert client - self-signed certs now get basic constraints and their own serial numbers - accept id-ms-kp-sc-logon as a named EKU value in a request * Thu Oct 29 2009 Nalin Dahyabhai 0.4-1 - update to 0.4 * Thu Oct 22 2009 Nalin Dahyabhai 0.1-1 - update to 0.1 * Sun Oct 18 2009 Nalin Dahyabhai 0.0-1 - initial package certmonger-0.79.19/configure.ac0000644000175000017500000010636214511314133015730 0ustar gitgit00000000000000AC_INIT(certmonger,0.79.19) AM_INIT_AUTOMAKE([foreign subdir-objects]) AC_CONFIG_MACRO_DIR(m4) AM_MAINTAINER_MODE([disable]) AC_PROG_CC AM_PROG_CC_C_O AC_PROG_RANLIB AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION(0.19) AM_ICONV ALL_LINGUAS="bg ca cs_CZ da de es eu fr gu hu id it ja ka ko lt nb nl pl pt pt_BR ru si sv ta tr uk zh_CN zh_TW" if test x$GCC = xyes ; then CFLAGS="$CFLAGS -Wall -Wextra" fi AC_CONFIG_HEADER(src/config.h) mybindir="$bindir" mybindir=`eval echo $mybindir | sed "s,NONE,$prefix,g"` mybindir=`eval echo $mybindir | sed "s,NONE,$exec_prefix,g"` mybindir=`eval echo $mybindir | sed "s,NONE,$ac_default_prefix,g"` mybindir=`eval echo $mybindir | sed "s,NONE,,g"` AC_SUBST(mybindir) AC_DEFINE_UNQUOTED(CM_GETCERT_DIR,"${mybindir}", [Define to the directory holding various getcert commands after installation.]) mysbindir="$sbindir" mysbindir=`eval echo $mysbindir | sed "s,NONE,$prefix,g"` mysbindir=`eval echo $mysbindir | sed "s,NONE,$exec_prefix,g"` mysbindir=`eval echo $mysbindir | sed "s,NONE,$ac_default_prefix,g"` mysbindir=`eval echo $mysbindir | sed "s,NONE,,g"` AC_SUBST(mysbindir) AC_DEFINE_UNQUOTED(CM_CERTMONGER_DAEMON_PATH,"${mysbindir}/certmonger", [Define to the path of the certmonger daemon after installation.]) UPCASE_PACKAGE_NAME=`echo "${PACKAGE_NAME}" | tr '[a-z]' '[A-Z]'` mysysconfdir="$sysconfdir" mysysconfdir=`eval echo $mysysconfdir | sed "s,NONE,$prefix,g"` mysysconfdir=`eval echo $mysysconfdir | sed "s,NONE,$ac_default_prefix,g"` mysysconfdir=`eval echo $mysysconfdir | sed "s,NONE,,g"` AC_DEFINE_UNQUOTED(CM_STORE_CONFIG_DIRECTORY,"$mysysconfdir/${PACKAGE_NAME}", [Define to the directory which holds configuration files.]) AC_DEFINE_UNQUOTED(CM_STORE_SESSION_CONFIG_DIRECTORY,".config/" PACKAGE_NAME, [Define to the directory which holds user configuration files.]) AC_DEFINE_UNQUOTED(CM_STORE_CONFIG_DIRECTORY_ENV,"${UPCASE_PACKAGE_NAME}_CONFIG_DIR", [Define to the name of the environment variable which can specify the directory which holds configuration files.]) CM_STORE_CONFIG_DIRECTORY_ENV="${UPCASE_PACKAGE_NAME}_CONFIG_DIR" AC_SUBST(CM_STORE_CONFIG_DIRECTORY_ENV) mylibexecdir="$libexecdir/${PACKAGE_NAME}" mylibexecdir=`eval echo $mylibexecdir | sed "s,NONE,$prefix,g"` mylibexecdir=`eval echo $mylibexecdir | sed "s,NONE,$ac_default_prefix,g"` mylibexecdir=`eval echo $mylibexecdir | sed "s,NONE,,g"` AC_SUBST(mylibexecdir) AC_ARG_WITH(file-store-dir, AS_HELP_STRING([--with-file-store-dir=/var/lib/certmonger],[directory to use for storing data]), mylocalstatedir=$withval, mylocalstatedir="$localstatedir/lib/${PACKAGE_NAME}") mylocalstatedir=`eval echo $mylocalstatedir | sed "s,NONE,$prefix,g"` mylocalstatedir=`eval echo $mylocalstatedir | sed "s,NONE,$ac_default_prefix,g"` mylocalstatedir=`eval echo $mylocalstatedir | sed "s,NONE,,g"` CM_STORE_SYSTEM_LOCK_FILE="$mylocalstatedir/lock" CM_STORE_SYSTEM_LOCK_FILE_ENV="${UPCASE_PACKAGE_NAME}_SYSTEM_LOCK_FILE" AC_SUBST(CM_STORE_SYSTEM_LOCK_FILE) AC_SUBST(CM_STORE_SYSTEM_LOCK_FILE_ENV) AC_DEFINE_UNQUOTED(CM_STORE_SYSTEM_LOCK_FILE,"${CM_STORE_SYSTEM_LOCK_FILE}", [Define to the default path for the system daemon lock file.]) AC_DEFINE_UNQUOTED(CM_STORE_SYSTEM_LOCK_FILE_ENV,"${CM_STORE_SYSTEM_LOCK_FILE_ENV}", [Define to the name of the environment variable which can specify the location of the system daemon lock file.]) CM_STORE_REQUESTS_DIRECTORY="$mylocalstatedir/requests" CM_STORE_REQUESTS_DIRECTORY_ENV="${UPCASE_PACKAGE_NAME}_REQUESTS_DIR" AC_SUBST(CM_STORE_REQUESTS_DIRECTORY) AC_SUBST(CM_STORE_REQUESTS_DIRECTORY_ENV) AC_DEFINE_UNQUOTED(CM_STORE_REQUESTS_DIRECTORY,"${CM_STORE_REQUESTS_DIRECTORY}", [Define to the default path for request tracking files.]) AC_DEFINE_UNQUOTED(CM_STORE_SESSION_REQUESTS_DIRECTORY,".config/" PACKAGE_NAME "/requests", [Define to the default path for user request tracking files.]) AC_DEFINE_UNQUOTED(CM_STORE_REQUESTS_DIRECTORY_ENV,"${CM_STORE_REQUESTS_DIRECTORY_ENV}", [Define to the name of the environment variable which can specify the directory for tracking requests.]) CM_STORE_CAS_DIRECTORY="$mylocalstatedir/cas" CM_STORE_CAS_DIRECTORY_ENV="${UPCASE_PACKAGE_NAME}_CAS_DIR" AC_SUBST(CM_STORE_CAS_DIRECTORY) AC_SUBST(CM_STORE_CAS_DIRECTORY_ENV) AC_DEFINE_UNQUOTED(CM_STORE_CAS_DIRECTORY,"${CM_STORE_CAS_DIRECTORY}", [Define to the default path for CA tracking files.]) AC_DEFINE_UNQUOTED(CM_STORE_SESSION_CAS_DIRECTORY,".config/" PACKAGE_NAME "/cas", [Define to the default path for user CA tracking files.]) AC_DEFINE_UNQUOTED(CM_STORE_CAS_DIRECTORY_ENV,"${CM_STORE_CAS_DIRECTORY_ENV}", [Define to the name of the environment variable which can specify the directory for tracking CAs.]) CM_STORE_LOCAL_CA_DIRECTORY="$mylocalstatedir/local" CM_STORE_SESSION_LOCAL_CA_DIRECTORY=".config/${PACKAGE_NAME}/local" CM_STORE_LOCAL_CA_DIRECTORY_ENV="${UPCASE_PACKAGE_NAME}_LOCAL_CA_DIR" AC_SUBST(CM_STORE_LOCAL_CA_DIRECTORY) AC_SUBST(CM_STORE_LOCAL_CA_DIRECTORY_ENV) AC_DEFINE_UNQUOTED(CM_STORE_LOCAL_CA_DIRECTORY,"${CM_STORE_LOCAL_CA_DIRECTORY}", [Define to the default path for data belonging to the local CA.]) AC_DEFINE_UNQUOTED(CM_STORE_SESSION_LOCAL_CA_DIRECTORY,"${CM_STORE_SESSION_LOCAL_CA_DIRECTORY}", [Define to the default path for data belonging to the user CA.]) AC_DEFINE_UNQUOTED(CM_STORE_LOCAL_CA_DIRECTORY_ENV,"${CM_STORE_LOCAL_CA_DIRECTORY_ENV}", [Define to the name of the environment variable which can specify the directory for the local CA.]) AC_ARG_WITH(homedir, AS_HELP_STRING([--with-homedir=/],[directory to set as $HOME when running subprocesses as root]), myhomedir=$withval, myhomedir=/) myhomedir=`eval echo $myhomedir | sed "s,NONE,$prefix,g"` myhomedir=`eval echo $myhomedir | sed "s,NONE,$ac_default_prefix,g"` myhomedir=`eval echo $myhomedir | sed "s,NONE,,g"` CM_HOMEDIR="$myhomedir" AM_CONDITIONAL(HOMEDIR,test x$CM_HOMEDIR != x) AC_DEFINE_UNQUOTED(CM_HOMEDIR,"$CM_HOMEDIR",[Define to the default location to be used for storing temporary files.]) AC_SUBST(CM_HOMEDIR) AC_ARG_WITH(tmpdir, AS_HELP_STRING([--with-tmpdir=NONE],[directory to use for temporary storage]), mytmpdir=$withval, mytmpdir=) mytmpdir=`eval echo $mytmpdir | sed "s,NONE,$prefix,g"` mytmpdir=`eval echo $mytmpdir | sed "s,NONE,$ac_default_prefix,g"` mytmpdir=`eval echo $mytmpdir | sed "s,NONE,,g"` CM_TMPDIR="$mytmpdir" AM_CONDITIONAL(TMPDIR,test x$CM_TMPDIR != x) AC_DEFINE_UNQUOTED(CM_TMPDIR,"$CM_TMPDIR",[Define to the default location to be used for storing temporary files.]) CM_TMPDIR_ENV="${UPCASE_PACKAGE_NAME}_TMPDIR" AC_DEFINE_UNQUOTED(CM_TMPDIR_ENV,"${CM_TMPDIR_ENV}",[Define to the default location to be used for storing temporary files.]) AC_SUBST(CM_TMPDIR) AC_SUBST(CM_TMPDIR_ENV) CM_NOTIFICATION_ENV="${UPCASE_PACKAGE_NAME}_NOTIFICATION" AC_DEFINE_UNQUOTED(CM_NOTIFICATION_ENV,"${CM_NOTIFICATION_ENV}",[Define to the variable name to be used to hold a notification message.]) AC_SUBST(CM_NOTIFICATION_ENV) CERTMONGER_PVT_ADDRESS_ENV=CERTMONGER_PVT_ADDRESS AC_DEFINE_UNQUOTED(CERTMONGER_PVT_ADDRESS_ENV,"${CERTMONGER_PVT_ADDRESS_ENV}",[Define to the variable name used to pass the location of the private D-Bus connection to subprocesses.]) AC_SUBST(CERTMONGER_PVT_ADDRESS_ENV) mylocaledir="$localedir" mylocaledir=`eval echo $mylocaledir | sed "s,NONE,$prefix,g"` mylocaledir=`eval echo $mylocaledir | sed "s,NONE,$ac_default_prefix,g"` mylocaledir=`eval echo $mylocaledir | sed "s,NONE,,g"` AC_DEFINE_UNQUOTED(MYLOCALEDIR,"$mylocaledir", [Define to the name of the directory under which locale data will be installed.]) CM_DBUS_NAME=org.fedorahosted.certmonger AC_DEFINE_UNQUOTED(CM_DBUS_NAME,"$CM_DBUS_NAME", [Define to the name of the certmonger service.]) AC_SUBST(CM_DBUS_NAME) CM_DBUS_BASE_PATH=/org/fedorahosted/certmonger AC_DEFINE_UNQUOTED(CM_DBUS_BASE_PATH,"$CM_DBUS_BASE_PATH", [Define to the path of the certmonger main node.]) AC_DEFINE_UNQUOTED(CM_DBUS_RECONNECT_TIMEOUT,30, [Define to the amount of time to wait between attempts to reconnect to the message bus if we get disconnected.]) if ! ${configure_dist_target_only:-false} ; then AC_CHECK_HEADERS(sys/types.h sys/socket.h linux/types.h linux/netlink.h linux/rtnetlink.h,,,[ #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_LINUX_TYPES_H #include #endif #ifdef HAVE_LINUX_NETLINK_H #include #endif ]) AC_CHECK_HEADERS(systemd/sd-login.h) PKG_CHECK_MODULES(TALLOC,talloc) PKG_CHECK_MODULES(TEVENT,tevent) PKG_CHECK_MODULES(DBUS,dbus-1 >= 1.0) AC_ARG_WITH(session-bus-services-dir, AS_HELP_STRING([--with-session-bus-services-dir=],[directory to install session bus configuration]), SESSIONBUSSERVICESDIR=$withval, SESSIONBUSSERVICESDIR=`pkg-config --variable=session_bus_services_dir dbus-1 2> /dev/null | sed -e "s|^${datadir}|\${datadir}|g" -e "s|^${datarootdir}|\${datarootdir}|g" -e "s|^${prefix}/share|\${datadir}|g"`) AC_SUBST(SESSIONBUSSERVICESDIR) AM_CONDITIONAL(SESSIONBUS,test x$SESSIONBUSSERVICESDIR != xno) AC_ARG_WITH(system-bus-services-dir, AS_HELP_STRING([--with-system-bus-services-dir=],[directory to install system bus configuration]), SESSIONBUSSERVICESDIR=$withval, SYSTEMBUSSERVICESDIR=`pkg-config --variable=system_bus_services_dir dbus-1 2> /dev/null | sed -e "s|^${datadir}|\${datadir}|g" -e "s|^${datarootdir}|\${datarootdir}|g" -e "s|^${prefix}/share|\${datadir}|g"`) AC_SUBST(SYSTEMBUSSERVICESDIR) AM_CONDITIONAL(SYSTEMBUS,test x$SYSTEMBUSSERVICESDIR != xno) AC_CHECK_FUNCS(clearenv) AC_CHECK_DECLS(strtold,,,[ #include ]) savedLIBS="$LIBS" LIBS="$DBUS_LIBS $LIBS" AC_CHECK_FUNCS(dbus_watch_get_unix_fd dbus_watch_get_fd) LIBS="$savedLIBS" savedLIBS="$LIBS" RESOLV_LIBS= AC_CHECK_LIB(resolv,main,RESOLV_LIBS=-lresolv) LIBS="$RESOLV_LIBS" AC_CHECK_HEADERS(resolv.h arpa/nameser.h) have_ns_initparse=false AC_LINK_IFELSE([AC_LANG_PROGRAM([ #ifdef HAVE_RESOLV_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif ],[ ns_msg msg; ns_initparse(NULL, 0, &msg); ])], have_ns_initparse=true, [LIBS="-lbind $LIBS" AC_LINK_IFELSE([AC_LANG_PROGRAM([ #ifdef HAVE_RESOLV_H #include #endif #ifdef HAVE_ARPA_NAMESER_H #include #endif ],[ ns_msg msg; ns_initparse(NULL, 0, &msg); ])], RESOLV_LIBS="-lbind $RESOLV_LIBS" have_ns_initparse=true, AC_MSG_WARN([cannot find ns_initparse() in libresolv or libbind]) have_ns_initparse=false )] ) AC_ARG_ENABLE(srv-location, AS_HELP_STRING([--disable-srv-location],[disable SRV location for servers]), SRV=$enableval, SRV=auto) case "x$SRV" in xyes) if ! $have_ns_initparse ; then AC_MSG_ERROR([cannot build with SRV location]) fi ;; xno) have_ns_initparse=false ;; xauto) ;; esac AC_MSG_CHECKING(for SRV location) if $have_ns_initparse ; then AC_DEFINE(HAVE_NS_INITPARSE,1,[Define if you have ns_initparse() and want to use SRV location]) AC_MSG_RESULT([yes, using $RESOLV_LIBS]) else AC_MSG_RESULT(no) RESOLV_LIBS= fi AC_SUBST(RESOLV_LIBS) LIBS="$savedLIBS" PKG_CHECK_MODULES(CERTMONGER,dbus-1 talloc tevent nss) PKG_CHECK_MODULES(GETCERT,dbus-1 talloc) PKG_CHECK_MODULES(XML,libxml-2.0) have_libxml=true PKG_CHECK_MODULES(CURL,libcurl) have_libcurl=true savedCFLAGS="$CFLAGS" savedCPPFLAGS="$CPPFLAGS" savedLDFLAGS="$LDFLAGS" CFLAGS="$CFLAGS $CURL_CFLAGS" CPPFLAGS="$CPPFLAGS $CURL_CFLAGS" LDFLAGS="$LDFLAGS $CURL_LIBS" AC_CHECK_DECLS([CURLOPT_KEYPASSWD,CURLOPT_SSLKEYPASSWD,CURLOPT_SSLCERTPASSWD],,,[#include ]) CFLAGS="$savedCFLAGS" CPPFLAGS="$savedCPPFLAGS" LDFLAGS="$savedLDFLAGS" PKG_CHECK_MODULES(JANSSON,jansson) have_jansson=true AC_ARG_WITH([xmlrpc], [AC_HELP_STRING([--with-xmlrpc], [Enable XML-RPC support])], [with_xmlrpc=${with_xmlrpc}], [with_xmlrpc=no]) AS_IF([test x"$with_xmlrpc" = xyes], [AC_DEFINE([WITH_XMLRPC], [1], [include XMLRPC support])]) AM_CONDITIONAL(WITH_XMLRPC,test x"$with_xmlrpc" = xyes) AS_IF([test x"$with_xmlrpc" = xyes], [ dnl PKG_CHECK_MODULES(XMLRPC,xmlrpc_client) # Not provided in upstream versions. savedCFLAGS="$CFLAGS" CFLAGS= AC_ARG_VAR(XMLRPC_C_CONFIG,[the full path of the xmlrpc-c-config command]) AC_PATH_PROG(XMLRPC_C_CONFIG,[xmlrpc-c-config],,[$PATH$PATH_SEPARATOR/usr/xmlrpc/bin$PATH_SEPARATOR/usr/xmlrpc-c/bin]) if test -z "$XMLRPC_C_CONFIG" ; then AC_MSG_ERROR(xmlrpc-c-config not found) fi AC_MSG_CHECKING(for XMLRPC CFLAGS) XMLRPC_CFLAGS="`${XMLRPC_C_CONFIG} client --cflags` `${XMLRPC_C_CONFIG} --cflags`" AC_MSG_RESULT([$XMLRPC_CFLAGS]) AC_SUBST(XMLRPC_CFLAGS) AC_MSG_CHECKING(for XMLRPC LIBS) XMLRPC_LIBS="`${XMLRPC_C_CONFIG} client --libs` `${XMLRPC_C_CONFIG} --libs`" AC_MSG_RESULT([$XMLRPC_LIBS]) AC_SUBST(XMLRPC_LIBS) CFLAGS="$CFLAGS $XMLRPC_CFLAGS" AC_CHECK_MEMBERS(struct xmlrpc_curl_xportparms.gssapi_delegation,,, [ #include #include ]) CFLAGS="$savedCFLAGS" ]) savedCFLAGS="$CFLAGS" savedCPPFLAGS="$CPPFLAGS" savedLDFLAGS="$LDFLAGS" CFLAGS= AC_ARG_VAR(KRB5_CONFIG,[the full path of the krb5-config command]) AC_PATH_PROG(KRB5_CONFIG,[krb5-config],,[$PATH$PATH_SEPARATOR/usr/kerberos/bin$PATH_SEPARATOR/usr/krb5/bin]) if test -z "$KRB5_CONFIG" ; then AC_MSG_ERROR(krb5-config not found) fi AC_MSG_CHECKING(for krb5 CFLAGS) KRB5_CFLAGS=`${KRB5_CONFIG} --cflags` AC_MSG_RESULT([$KRB5_CFLAGS]) AC_SUBST(KRB5_CFLAGS) AC_MSG_CHECKING(for krb5 LIBS) KRB5_LIBS=`${KRB5_CONFIG} --libs` AC_MSG_RESULT([$KRB5_LIBS]) AC_SUBST(KRB5_LIBS) CFLAGS="$CFLAGS $KRB5_CFLAGS" CPPFLAGS="$CPPFLAGS $KRB5_CFLAGS" LDFLAGS="$LDFLAGS $KRB5_LIBS" AC_CHECK_DECLS([krb5_princ_component,krb5_princ_name,krb5_princ_set_realm_length,krb5_princ_size,krb5_princ_type],,,[#include ]) AC_CHECK_FUNCS(krb5_free_unparsed_name krb5_get_init_creds_opt_alloc) AC_CHECK_FUNCS(krb5_get_error_message) CFLAGS="$savedCFLAGS" CPPFLAGS="$savedCPPFLAGS" LDFLAGS="$savedLDFLAGS" AM_CONDITIONAL(HAVE_OPENSSL,test x$withopenssl != xno) if test x$withopenssl != xno ; then if pkg-config libcrypto 2> /dev/null ; then PKG_CHECK_MODULES(OPENSSL,libcrypto) PKG_CHECK_MODULES(OPENSSL_SSL,libssl libcrypto) else PKG_CHECK_MODULES(OPENSSL,openssl) PKG_CHECK_MODULES(OPENSSL_SSL,openssl) fi AC_DEFINE(HAVE_OPENSSL,1,[Define if you have OpenSSL.]) CFLAGSsave="$CFLAGS" LIBSsave="$LIBS" CFLAGS="$OPENSSL_CFLAGS $CFLAGS -DOPENSSL_NO_DEPRECATED" LIBS="$OPENSSL_LIBS $LIBS" AC_CHECK_DECLS([OpenSSL_add_all_algorithms,OpenSSL_add_ssl_algorithms],,,[#include ]) AC_CHECK_DECLS(OPENSSL_free,,,[#include ]) AC_CHECK_FUNCS(ASN1_BIT_STRING_new) AC_CHECK_FUNCS(ASN1_GENERALIZEDTIME_new) AC_CHECK_FUNCS(ASN1_IA5STRING_new) AC_CHECK_FUNCS(ASN1_INTEGER_new) AC_CHECK_FUNCS(ASN1_OCTET_STRING_new) AC_CHECK_FUNCS(ASN1_OCTET_STRING_set) AC_CHECK_FUNCS(ASN1_PRINTABLESTRING_new) AC_CHECK_FUNCS(ASN1_STRING_get0_data) AC_CHECK_FUNCS(ASN1_STRING_get_data) AC_CHECK_FUNCS(ASN1_STRING_length) AC_CHECK_FUNCS(ASN1_STRING_new) AC_CHECK_FUNCS(ASN1_TIME_dup) AC_CHECK_FUNCS(ASN1_TIME_new) AC_CHECK_FUNCS(ASN1_TIME_set) AC_CHECK_FUNCS(EVP_PKEY_base_id) AC_CHECK_FUNCS(EVP_PKEY_id) AC_CHECK_FUNCS(EVP_PKEY_get_id) AC_CHECK_FUNCS(OBJ_get0_data) AC_CHECK_FUNCS(OBJ_length) AC_CHECK_FUNCS(X509_ATTRIBUTE_get0_object) AC_CHECK_FUNCS(X509_get0_notAfter) AC_CHECK_FUNCS(X509_get0_pubkey) AC_CHECK_FUNCS(X509_get0_serialNumber) AC_CHECK_FUNCS(X509_get_issuer_name) AC_CHECK_FUNCS(X509_get_key_usage) AC_CHECK_FUNCS(X509_get_subject_name) AC_CHECK_FUNCS(X509_REQ_get0_pubkey) AC_CHECK_FUNCS(X509_REQ_get0_signature) AC_CHECK_FUNCS(X509_REQ_set_subject_name) AC_CHECK_FUNCS(X509_set1_notAfter) AC_CHECK_FUNCS(X509_set1_notBefore) AC_CHECK_FUNCS(X509_set_issuer_name) AC_CHECK_FUNCS(X509_set_pubkey) AC_CHECK_FUNCS(X509_set_subject_name) AC_CHECK_FUNCS(X509_set_version) AC_CHECK_MEMBERS(X509.cert_info,,, [ #include ]) AC_MSG_CHECKING([if NETSCAPE_SPKI.sig_algor is a pointer or a struct]) have_sig_algor_pointer=unknown AC_LINK_IFELSE(AC_LANG_PROGRAM([ #include #include ],[ NETSCAPE_SPKI spki; spki.sig_algor = NULL; ]), AC_DEFINE(CM_NETSCAPE_SPKI_SIG_ALGOR_IS_POINTER,1,[Define if NETSCAPE_SPKI.sig_algor is a pointer]) have_sig_algor_pointer="pointer to X509_ALGOR", have_sig_algor_pointer=X509_ALGOR ) AC_MSG_RESULT($have_sig_algor_pointer) CFLAGS="$CFLAGSsave" LIBS="$LIBSsave" fi AM_CONDITIONAL(HAVE_NSS,test x$withnss != xno) if test x$withnss != xno ; then if pkg-config mozilla-nss 2> /dev/null ; then PKG_CHECK_MODULES(NSS,mozilla-nss) else PKG_CHECK_MODULES(NSS,nss) fi AC_DEFINE(HAVE_NSS,1,[Define if you have NSS.]) savedCFLAGS="$CFLAGS" savedCPPFLAGS="$CPPFLAGS" savedLDFLAGS="$LDFLAGS" savedLIBS="$LIBS" CFLAGS="$CFLAGS $NSS_CFLAGS" CPPFLAGS="$CPPFLAGS $NSS_CFLAGS" LDFLAGS="$LDFLAGS" LIBS="$NSS_LIBS" AC_MSG_CHECKING([if NSS supports "sql:" databases]) mkdir _nss_db_testdir || : AC_TRY_RUN([ #include #include #include int main(int argc, char **argv) { SECStatus status; PRErrorCode err; status = NSS_InitReadWrite((argc > 1) ? argv[1] : "sql:_nss_db_testdir"); if (status == SECSuccess) { return 0; } err = PR_GetError(); printf("%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT)); return 1; } ], AC_DEFINE(HAVE_SQL_NSSDB,1,[Define if your copy of NSS supports SQLite databases.]) have_sql_nssdb=yes, have_sql_nssdb=no, AC_DEFINE(HAVE_SQL_NSSDB,1,[Define if your copy of NSS supports SQLite databases.]) have_sql_nssdb="guessing yes") rm -f -r _nss_db_testdir AC_MSG_RESULT($have_sql_nssdb) AM_CONDITIONAL(HAVE_SQL_NSSDB,[test "x$have_sql_nssdb" != xno]) AC_MSG_CHECKING([if NSS supports "dbm:" databases]) mkdir _nss_db_testdir || : AC_TRY_RUN([ #include #include #include int main(int argc, char **argv) { SECStatus status; PRErrorCode err; status = NSS_InitReadWrite((argc > 1) ? argv[1] : "dbm:_nss_db_testdir"); if (status == SECSuccess) { return 0; } err = PR_GetError(); printf("%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT)); return 1; } ], AC_DEFINE(HAVE_DBM_NSSDB,1,[Define if your copy of NSS supports DBM databases.]) have_dbm_nssdb=yes, have_dbm_nssdb=no, AC_DEFINE(HAVE_DBM_NSSDB,1,[Define if your copy of NSS supports DBM databases.]) have_dbm_nssdb="guessing yes") rm -f -r _nss_db_testdir AC_MSG_RESULT($have_dbm_nssdb) AM_CONDITIONAL(HAVE_DBM_NSSDB,[test "x$have_dbm_nssdb" != xno]) CFLAGS="$savedCFLAGS" CPPFLAGS="$savedCPPFLAGS" LDFLAGS="$savedLDFLAGS" LIBS="$savedLIBS" fi AC_ARG_WITH(gmp, AS_HELP_STRING(--with-gmp, [use gmp for converting hex serial numbers to decimal]), withgmp=$withval, withgmp=no) if test $withgmp != no ; then CFLAGSsave="$CFLAGS" LIBSsave="$LIBS" if test $withgmp != yes ; then GMP_CFLAGS="-I$withgmp/include" GMP_LIBS="-L$withgmp/lib" else GMP_CFLAGS= GMP_LIBS= fi CFLAGS="$GMP_CFLAGS $CFLAGS" LIBS="$GMP_LIBS $LIBS" AC_CHECK_HEADERS(gmp.h) AC_CHECK_FUNC(mpz_set_str,, LIBS="-lgmp $LIBS" AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[mpz_get_str(NULL,10,NULL);])], [GMP_LIBS="$GMP_LIBS -lgmp"])) AC_MSG_CHECKING([for GMP]) if test $ac_cv_header_gmp_h = yes ; then AC_MSG_RESULT(found) AC_DEFINE(HAVE_GMP,1,[Define if you have GMP for hex-to-decimal conversions.]) else AC_MSG_ERROR(not found) fi CFLAGS="$CFLAGSsave" LIBS="$LIBSsave" fi AC_SUBST(GMP_CFLAGS) AC_SUBST(GMP_LIBS) AM_CONDITIONAL(USE_GMP,test $withgmp != no) if test $withgmp = no && test x$withopenssl = xno ; then AC_MSG_ERROR([Need at least one of OpenSSL or GMP for big number operations.]) fi SYSTEMD=no AC_ARG_ENABLE(systemd, AS_HELP_STRING([--enable-systemd],[install unit files for systemd]), SYSTEMD=$enableval, SYSTEMD=no) AC_SUBST(SYSTEMD) AM_CONDITIONAL(SYSTEMD,test x$SYSTEMD != xno) AC_SUBST(SYSTEMDSYSTEMUNITDIR) if test x$SYSTEMD = xyes ; then SYSTEMDSYSTEMUNITDIR=`pkg-config --variable=systemdsystemunitdir systemd 2> /dev/null` AC_MSG_RESULT(will install systemd unit files to $SYSTEMDSYSTEMUNITDIR) fi TMPFILES=no AC_ARG_ENABLE(tmpfiles, AS_HELP_STRING([--enable-tmpfiles],[install systemd tmpfiles.d configuration file for systemd (default: same as --enable-systemd)]), TMPFILES=$enableval, TMPFILES=$SYSTEMD) AC_SUBST(TMPFILES) AM_CONDITIONAL(TMPFILES,test x$TMPFILES != xno) if test x$TMPFILES = xyes ; then AC_MSG_RESULT(will install systemd tmpfiles.d file to ${prefix}/lib/tmpfiles.d) fi SYSVINIT=no AC_ARG_ENABLE(sysvinit, AS_HELP_STRING([--enable-sysvinit=/etc/init.d],[install sysvinit script in specified location]), SYSVINIT=$enableval, SYSVINIT=no) AC_SUBST(SYSVINIT) AM_CONDITIONAL(SYSVINIT,test x$SYSVINIT != xno) if test x$SYSVINIT != xno ; then AC_MSG_RESULT(will install sysvinit init script to $SYSVINIT) fi AC_ARG_ENABLE(pie, AS_HELP_STRING(--enable-pie,[Build position-independent executables.]), pie=$enableval, pie=no) if test x$pie = xyes ; then AC_MSG_RESULT(building position-independent executables) else AC_MSG_RESULT(NOT building position-independent executables) fi AM_CONDITIONAL(PIE,[test x$pie = xyes]) AC_ARG_ENABLE(now, AS_HELP_STRING(--enable-now,[Mark binaries with bind-now flag.]), now=$enableval, now=no) if test x$pie = xyes ; then AC_MSG_RESULT(building bind-now executables) else AC_MSG_RESULT(NOT building bind-now executables) fi AM_CONDITIONAL(NOW,[test x$now = xyes]) AC_ARG_ENABLE(dsa, AS_HELP_STRING(--disable-dsa,[Disable DSA key support, even if available.]), dsa=$enableval, dsa=maybe) if test x$dsa != xno ; then CFLAGSsave="$CFLAGS" LIBSsave="$LIBS" CFLAGS="$OPENSSL_CFLAGS $CFLAGS" LIBS="$OPENSSL_LIBS $LIBS" AC_CHECK_LIB(crypto,DSA_new) CFLAGS="$NSS_CFLAGS $CFLAGS" LIBS="$NSS_LIBS $LIBS" AC_CHECK_TYPE(SECKEYDSAPublicKey,,, [ AC_INCLUDES_DEFAULT #include ]) CFLAGS="$CFLAGSsave" LIBS="$LIBSsave" can_dsa=true if ! pkg-config --atleast-version=1.0 openssl ; then # CSR signing appears to be broken in 0.9.8e, so reject < 1.0 can_dsa=false fi if test x$ac_cv_lib_crypto_DSA_new = xno ; then can_dsa=false fi if test x$ac_cv_type_SECKEYDSAPublicKey = xno ; then can_dsa=false fi AC_MSG_CHECKING([for DSA support]) if $can_dsa ; then AC_MSG_RESULT(enabling DSA support) AC_DEFINE_UNQUOTED(CM_ENABLE_DSA,1,[Define to enable DSA support.]) MAN_DSA="" NO_MAN_DSA=".\\\" " dsa=yes else if test x$dsa != xyes ; then AC_MSG_WARN([unavailable, disabling]) dsa=no else AC_MSG_ERROR([unavailable]) fi MAN_DSA=".\\\" " NO_MAN_DSA="" fi else AC_MSG_RESULT(NOT enabling DSA support) MAN_DSA=".\\\" " NO_MAN_DSA="" dsa=no fi AM_CONDITIONAL(HAVE_DSA,[test x$dsa = xyes]) AC_SUBST(MAN_DSA) AC_SUBST(NO_MAN_DSA) AC_ARG_ENABLE(ec, AS_HELP_STRING(--disable-ec,[Disable EC key support, even if available.]), ec=$enableval, ec=maybe) if test x$ec != xno ; then CFLAGSsave="$CFLAGS" LIBSsave="$LIBS" CFLAGS="$OPENSSL_CFLAGS $CFLAGS" LIBS="$OPENSSL_LIBS $LIBS" AC_CHECK_LIB(crypto,EC_KEY_new_by_curve_name) CFLAGS="$NSS_CFLAGS $CFLAGS" LIBS="$NSS_LIBS $LIBS" AC_CHECK_FUNCS(SECKEY_CreateECPrivateKey) AC_CHECK_FUNCS(PK11_PrivDecrypt) AC_CHECK_FUNCS(NSS_OptionGet NSS_OptionSet) CFLAGS="$CFLAGSsave" LIBS="$LIBSsave" can_ec=true if test x$ac_cv_lib_crypto_EC_KEY_new_by_curve_name = xno ; then can_ec=false fi if test x$ac_cv_func_CreateECPrivateKey = xno ; then can_ec=false fi AC_MSG_CHECKING([for EC support]) if $can_ec ; then AC_MSG_RESULT(enabling EC support) AC_DEFINE_UNQUOTED(CM_ENABLE_EC,1,[Define to enable EC support.]) MAN_EC="" NO_MAN_EC=".\\\" " ec=yes else if test x$ec != xyes ; then AC_MSG_WARN([unavailable, disabling]) ec=no else AC_MSG_ERROR([unavailable]) fi MAN_EC=".\\\" " NO_MAN_EC="" fi else AC_MSG_RESULT(NOT enabling EC support) MAN_EC=".\\\" " NO_MAN_EC="" ec=no fi AM_CONDITIONAL(HAVE_EC,[test x$ec = xyes]) AC_SUBST(MAN_EC) AC_SUBST(NO_MAN_EC) AC_DEFINE_UNQUOTED(CM_DEFAULT_KEY_STORAGE_TYPE,cm_key_storage_nssdb,[Define to the default type of storage used for keys.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_KEY_STORAGE_LOCATION,"/etc/pki/nssdb",[Define to the default location of storage used for keys.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_KEY_TOKEN,NULL,[Define to the default token used for holding keys.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_KEY_NICKNAME,"Server-Cert",[Define to the default nickname given to keys.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_STORAGE_TYPE,cm_cert_storage_nssdb,[Define to the default type of storage used for certificates.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_STORAGE_LOCATION,"/etc/pki/nssdb",[Define to the default location of storage used for certificates.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_TOKEN,NULL,[Define to the default token used to store certificates.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_NICKNAME,"Server-Cert",[Define to the default nickname given to certificates.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_PUBKEY_TYPE,cm_key_rsa,[Define to the default public key type.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_RSA_EXPONENT,0x10001,[Define to the default RSA key exponent.]) AC_DEFINE_UNQUOTED(CM_DIGEST_MAX,(512/8),[Define to the maximum size (in bytes) of supported digests.]) CM_DEFAULT_PUBKEY_SIZE=2048 AC_DEFINE_UNQUOTED(CM_DEFAULT_PUBKEY_SIZE,$CM_DEFAULT_PUBKEY_SIZE,[Define to the default public key size.]) AC_SUBST(CM_DEFAULT_PUBKEY_SIZE) CM_MINIMUM_RSA_KEY_SIZE=1024 AC_SUBST(CM_MINIMUM_RSA_KEY_SIZE) CM_MINIMUM_DSA_KEY_SIZE=512 CM_MINIMUM_EC_KEY_SIZE=256 AC_DEFINE_UNQUOTED(CM_MINIMUM_RSA_KEY_SIZE,$CM_MINIMUM_RSA_KEY_SIZE,[Define to the minimum key size when generating RSA keys. Requests to generate smaller keys will be forced to this key size.]) AC_DEFINE_UNQUOTED(CM_MINIMUM_DSA_KEY_SIZE,$CM_MINIMUM_DSA_KEY_SIZE,[Define to the minimum key size when generating DSA parameters and keys. Requests to generate smaller keys will be forced to this key size.]) AC_DEFINE_UNQUOTED(CM_MINIMUM_EC_KEY_SIZE,$CM_MINIMUM_EC_KEY_SIZE,[Define to the minimum key size when selecting elliptic curve parameters. Requests to generate smaller keys will be forced to this key size.]) AC_SUBST(CM_MINIMUM_RSA_KEY_SIZE) AC_SUBST(CM_MINIMUM_DSA_KEY_SIZE) AC_SUBST(CM_MINIMUM_EC_KEY_SIZE) CM_DEFAULT_TTL_LIST="2419200, 604800, 259200, 172800, 86400, 43200, 21600, 7200, 3600" AC_DEFINE_UNQUOTED(CM_DEFAULT_TTL_LIST,[$CM_DEFAULT_TTL_LIST],[Define to the list of default time-left thresholds at which we need to warn the user.]) AC_SUBST(CM_DEFAULT_TTL_LIST) AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_SUBJECT_CN,"localhost",[Define to the last-ditch default CN value for a signing request.]) CM_DEFAULT_CERT_LIFETIME=1y AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_LIFETIME,"$CM_DEFAULT_CERT_LIFETIME",[Define to the default certificate lifetime for self-signed certificates.]) AC_SUBST(CM_DEFAULT_CERT_LIFETIME) AC_DEFINE_UNQUOTED(CM_DEFAULT_CERT_SERIAL,"01",[Define to the default starting serial number for self-signed certificates.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_NOTIFICATION_METHOD,cm_notification_syslog,[Define to the default method of notification.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_NOTIFICATION_MAIL,"root",[Define to the address where notification mail should be sent by default.]) CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY=daemon.notice AC_SUBST(CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY) AC_DEFINE_UNQUOTED(CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY,"$CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY",[Define to the syslog facility from which notification messages should be sent by default.]) AC_DEFINE(CM_DELAY_SOON,5,[Define to the time to wait for something that will happen soon.]) AC_DEFINE(CM_DELAY_SOONISH,30,[Define to the time to wait for something that will happen soon, but not that soon.]) AC_DEFINE(CM_DELAY_CA_POLL,(7 * 24 * 60 * 60),[Define to the time to wait between attempts to see if the CA issued a certificate.]) AC_DEFINE(CM_DELAY_CADATA_POLL,(6 * 60 * 60),[Define to the time to wait between attempts to fetch the CA certificate, if it was unreachable.]) AC_DEFINE(CM_DELAY_CA_POLL_MINIMUM,(5 * 60),[Define to the absolute minimum time to wait between attempts to see if the CA issued a certificate.]) AC_DEFINE(CM_DELAY_CA_POLL_MAXIMUM,(365 * 24 * 60 * 60),[Define to the absolute maximum time to wait between attempts to see if the CA issued a certificate.]) AC_DEFINE(CM_DELAY_MONITOR_POLL,(24 * 60 * 60),[Define to the time to wait between attempts to re-read a certificate and check for expiration.]) AC_DEFINE(CM_DELAY_MONITOR_POLL_MINIMUM,(30 * 60),[Define to the absolute minimum time to wait between attempts to re-read a certificate and check for expiration.]) AC_DEFINE(CM_DELAY_MONITOR_POLL_MAXIMUM,(7 * 24 * 60 * 60),[Define to the absolute maximum time to wait between attempts to re-read a certificate and check for expiration.]) AC_DEFINE(CM_DELAY_NETLINK,(60),[Define to the time to wait after a netlink routing notification to retry submissions.]) CM_SELF_SIGN_CA_NAME=SelfSign AC_SUBST(CM_SELF_SIGN_CA_NAME) AC_DEFINE_UNQUOTED(CM_SELF_SIGN_CA_NAME,"$CM_SELF_SIGN_CA_NAME",[Define to the name that the internal self-signing not-really-a-CA will be known by.]) AC_DEFINE_UNQUOTED(CM_DEFAULT_HELPER_PATH,"$mylibexecdir",[Define to the default path of submission helpers.]) AC_DEFINE(WITH_IPA,1,[Define to ensure that there's always an IPA CA defined.]) CM_IPA_CA_NAME=IPA AC_SUBST(CM_IPA_CA_NAME) AC_DEFINE_UNQUOTED(CM_IPA_CA_NAME,"$CM_IPA_CA_NAME",[Define to the name that the default IPA CA will be known by.]) AC_DEFINE_UNQUOTED(CM_IPA_HELPER_PATH,"$mylibexecdir/ipa-submit",[Define to the path of the IPA submission helper.]) AM_CONDITIONAL(WITH_IPA,true) AC_DEFINE(WITH_CERTMASTER,1,[Define to ensure that there's always a CERTMASTER CA defined.]) CM_CERTMASTER_CA_NAME=certmaster AC_SUBST(CM_CERTMASTER_CA_NAME) AC_DEFINE_UNQUOTED(CM_CERTMASTER_CA_NAME,"$CM_CERTMASTER_CA_NAME",[Define to the name that the default certmaster CA will be known by.]) AC_DEFINE_UNQUOTED(CM_CERTMASTER_HELPER_PATH,"$mylibexecdir/certmaster-submit",[Define to the path of the CERTMASTER submission helper.]) AM_CONDITIONAL(WITH_CERTMASTER,true) AC_DEFINE(WITH_LOCAL,1,[Define to ensure that there's always a local CA defined.]) CM_LOCAL_CA_NAME=local AC_SUBST(CM_LOCAL_CA_NAME) AC_DEFINE_UNQUOTED(CM_LOCAL_CA_NAME,"$CM_LOCAL_CA_NAME",[Define to the name that the local CA will be known by.]) AC_DEFINE_UNQUOTED(CM_LOCAL_HELPER_PATH,"$mylibexecdir/local-submit",[Define to the path of the local submission helper.]) AM_CONDITIONAL(WITH_LOCAL,true) AC_DEFINE_UNQUOTED(CM_SCEP_HELPER_PATH,"$mylibexecdir/scep-submit",[Define to the path of the SCEP submission helper.]) CM_DEFAULT_IDLE_TIMEOUT=300 AC_SUBST(CM_DEFAULT_IDLE_TIMEOUT) AC_DEFINE_UNQUOTED(CM_DEFAULT_IDLE_TIMEOUT,$CM_DEFAULT_IDLE_TIMEOUT,[Define to the default idle-timeout when bus-activated.]) CFLAGSsave="$CFLAGS" LIBSsave="$LIBS" AC_CHECK_HEADER(ldap.h,,AC_MSG_ERROR(ldap.h not found)) AC_CHECK_FUNC(ldap_initialize,,AC_CHECK_LIB(ldap,ldap_initialize)) AC_CHECK_FUNC(ldap_sasl_interactive_bind_s,,AC_CHECK_LIB(ldap,ldap_sasl_interactive_bind_s)) AC_CHECK_FUNC(ldap_str2dn,,AC_CHECK_LIB(ldap,ldap_str2dn)) AC_CHECK_FUNC(ldap_dnfree,,AC_CHECK_LIB(ldap,ldap_dnfree)) LDAP_CFLAGS="$CFLAGS" LDAP_LIBS="$LIBS" CFLAGS="$CFLAGSsave" LIBS="$LIBSsave" AC_SUBST(LDAP_CFLAGS) AC_SUBST(LDAP_LIBS) AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],[do not handle international dnsName subjectAltNames or international domain names during service location]), if test x$with_idn = xno ; then idn=false else idn=true fi, idn=true) if $idn ; then PKG_CHECK_MODULES(IDN,libidn2) AC_DEFINE(CM_USE_IDN,1,[Define if dnsName subjectAltNames should be encoded properly, and if international domain names should be handled during service location.]) fi AC_ARG_WITH(uuid, AS_HELP_STRING([--with-uuid],[populate subjectUniqueID in self-signed certs]), [uuid=$with_uuid], [uuid=auto]) if test x$with_uuid = xyes ; then PKG_CHECK_MODULES(UUID,uuid) else if test x$with_uuid != xno ; then if pkg-config uuid ; then PKG_CHECK_MODULES(UUID,uuid) uuid=yes fi fi fi # Older uuid pkgconfig sets us up to need . Newer # versions set us up to need . if test x$uuid = xyes ; then savedCFLAGS="$CFLAGS" CFLAGS="$UUID_CFLAGS" AC_CHECK_HEADERS(uuid.h uuid/uuid.h) CFLAGS="$savedCFLAGS" if test x$ac_cv_header_uuid_uuid_h = xno ; then if test x$ac_cv_header_uuid_h = xno ; then AC_MSG_ERROR(uuid.h header file not found) fi fi AC_DEFINE(HAVE_UUID,1,[Define to have the ability to populate subjectUniqueID in self-signed certs.]) fi CM_DEFAULT_POPULATE_UNIQUE_ID=no AC_SUBST(CM_DEFAULT_POPULATE_UNIQUE_ID) AC_DEFINE_UNQUOTED(CM_DEFAULT_POPULATE_UNIQUE_ID,"$CM_DEFAULT_POPULATE_UNIQUE_ID",[Define to the default for the selfsign/populate_unique_id configuration setting.]) AM_CONDITIONAL(HAVE_UUID,test x$uuid = xyes) AC_SUBST(UUID_CFLAGS) AC_SUBST(UUID_LIBS) LIBSsave="$LIBS" AC_CHECK_HEADERS(popt.h) if test x$ac_cv_header_popt_h != xyes ; then AC_MSG_ERROR(popt.h header file not found) fi AC_CHECK_FUNC(poptGetContext,,AC_CHECK_LIB(popt,poptGetContext)) if test x$ac_cv_func_poptGetContext != xyes ; then if test x$ac_cv_lib_popt_poptGetContext != xyes ; then AC_MSG_ERROR(libpopt not found) fi fi POPT_LIBS="$LIBS" LIBS="$LIBSsave" AC_SUBST(POPT_CFLAGS) AC_SUBST(POPT_LIBS) else AM_CONDITIONAL(SESSIONBUS,false) AM_CONDITIONAL(SYSTEMBUS,false) AM_CONDITIONAL(HAVE_OPENSSL,false) AM_CONDITIONAL(HAVE_NSS,false) AM_CONDITIONAL(HAVE_SQL_NSSDB,false) AM_CONDITIONAL(HAVE_DBM_NSSDB,false) AM_CONDITIONAL(USE_GMP,false) AM_CONDITIONAL(SYSTEMD,false) AM_CONDITIONAL(TMPFILES,false) AM_CONDITIONAL(SYSVINIT,false) AM_CONDITIONAL(PIE,false) AM_CONDITIONAL(NOW,false) AM_CONDITIONAL(HAVE_DSA,false) AM_CONDITIONAL(HAVE_EC,false) AM_CONDITIONAL(WITH_IPA,false) AM_CONDITIONAL(WITH_CERTMASTER,false) AM_CONDITIONAL(WITH_XMLRPC,false) AM_CONDITIONAL(WITH_LOCAL,false) AM_CONDITIONAL(HAVE_UUID,false) fi AC_CONFIG_COMMANDS(src_introspect_sh,[chmod +x src/introspect.sh]) AC_OUTPUT(Makefile src/Makefile dbus/Makefile systemd/Makefile sysvinit/Makefile sysvinit/certmonger tests/Makefile tests/tools/Makefile dbus/org.fedorahosted.certmonger.conf dbus/org.fedorahosted.certmonger.service src/introspect.sh src/certmonger.8 src/getcert.1 src/getcert-request.1 src/getcert-list.1 src/getcert-list-cas.1 src/getcert-start-tracking.1 src/getcert-stop-tracking.1 src/selfsign-getcert.1 src/ipa-getcert.1 src/getcert-resubmit.1 src/certmonger-certmaster-submit.8 src/certmonger-ipa-submit.8 src/certmonger-dogtag-ipa-renew-agent-submit.8 src/certmaster-getcert.1 src/certmonger.conf.5 po/Makefile.in src/certmonger.conf systemd/certmonger.service systemd/certmonger.conf systemd/org.fedorahosted.certmonger.service src/getcert-refresh.1 src/getcert-refresh-ca.1 src/local-getcert.1 src/certmonger-local-submit.8 src/getcert-status.1 src/certmonger-dogtag-submit.8 src/certmonger-scep-submit.8 src/getcert-add-ca.1 src/getcert-add-scep-ca.1 src/getcert-modify-ca.1 src/getcert-remove-ca.1 src/getcert-rekey.1) certmonger-0.79.19/dbus/0000755000175000017500000000000014511314133014367 5ustar gitgit00000000000000certmonger-0.79.19/dbus/Makefile.am0000644000175000017500000000034014511314133016420 0ustar gitgit00000000000000if SESSIONBUS servicedir = @SESSIONBUSSERVICESDIR@ service_DATA = org.fedorahosted.certmonger.service endif if SYSTEMBUS systemdbusdir = $(sysconfdir)/dbus-1/system.d systemdbus_DATA = org.fedorahosted.certmonger.conf endif certmonger-0.79.19/dbus/org.fedorahosted.certmonger.conf.in0000644000175000017500000000163614511314133023252 0ustar gitgit00000000000000 certmonger-0.79.19/dbus/org.fedorahosted.certmonger.service.in0000644000175000017500000000011314511314133023752 0ustar gitgit00000000000000[D-BUS Service] Name=@CM_DBUS_NAME@ Exec=@mylibexecdir@/certmonger-session certmonger-0.79.19/doc/0000755000175000017500000000000014511314133014177 5ustar gitgit00000000000000certmonger-0.79.19/doc/api.txt0000644000175000017500000002737114511314133015523 0ustar gitgit00000000000000This is modeled after the NetworkManager API, which seems to expose quite a bit to unprivileged processes running on the desktop. http://people.redhat.com/dcbw/NetworkManager/NetworkManager%20DBUS%20API.txt Despite efforts, this may not match introspection data and the implementation, since they're only kept in agreement manually. These may not all be implemented yet, but if you find a piece you need, please add a ticket or a patch to do so. Eventually we'll get it all. The D-Bus API: o service name = org.fedorahosted.certmonger o object layout /org/fedorahosted/certmonger interface=org.fedorahosted.certmonger - find_request_by_nickname arguments: nickname -> string of request's nickname returns: path -> object path for request, if found - get_requests returns: array of paths -> object paths for requests - get_supported_key_types returns: array of string -> "RSA" - get_supported_key_storage returns: array of string -> "NSSDB", "FILE" - get_supported_cert_storage returns: array of string -> "NSSDB", "FILE" - add_request arguments: [dict{string,variant{string/path/array-of-string/number/boolean}}] {"NICKNAME"("nickname"),string} {"KEY_TYPE"("key-type"),"RSA"/"DSA"/"EC"} {"KEY_SIZE"("key-size"),integer} {"KEY_STORAGE"("key-storage"),"NSSDB"/"FILE"/"NONE"}* {"KEY_LOCATION"("key-file"/"key-database"),string}* {"KEY_NICKNAME"("key-nickname"),string} {"KEY_TOKEN"("key-token"),string} {"KEY_PIN"("key-pin"),string} {"KEY_PIN_FILE"("key-pin-file"),string} {"CERT_STORAGE"("cert-storage"),"NSSDB"/"FILE"}* {"CERT_LOCATION"("cert-file"/"cert-database"),string}* {"CERT_NICKNAME"("cert-nickname"),string} {"CERT_TOKEN"("cert-token"),string} {"TRACK"("monitoring"),boolean} {"RENEW"("autorenew"),boolean} {"SUBJECT"("template-subject"),string} {"KU"("template-ku"),string (bit field)} {"EKU"("template-eku"),array-of-string (oids)} {"PRINCIPAL"("template-principal"),array-of-string (principal names)} {"DNS"("template-hostname"),array-of-string (dns names)} {"EMAIL"("template-email"),array-of-string (email addresses)} {"CA"("ca"),path (known CA to use)} {("ca-profile"),string (known CA profile to use)} {("template-ip-address"),array-of-string (IP addresses in text form)} (since 0.75) {("template-is-ca"),boolean} {("template-ca-path-length"),integer} {("template-ocsp"),array-of-string (ocsp responder URIs)} {("template-crldp"),array-of-string (CRL distribution point URIs)} {("template-ns-comment"),string (Netscape comment)} {("template-profile"),string (certificate profile)} {("template-ms-certificate-template"),string (MS V2 template specifier; format: :[:] )} {("template-issuer"),string (requested issuer)} {("template-challenge-password"),string (password to add to CSR)} {("template-challenge-password-file"),string (password file) {("cert-presave-command"),string} {("cert-postsave-command"),string} * = required values returns: boolean -> succeeded path (optional) -> object path for new request - remove_request arguments: path -> object path for request returns: boolean -> succeeded - find_ca_by_nickname arguments: nickname -> string of ca's nickname returns: path -> object path for ca, if found - get_known_cas returns: array of path -> object paths for known cas - add_known_ca arguments: string -> ca nickname string -> external helper command array of string (optional) -> known issuer names used by ca returns: boolean -> succeeded - remove_known_ca arguments: path -> object path for ca returns: boolean -> succeeded (objects whose names are returned by "get-requests" or "get-defaults") interface=org.fedorahosted.certmonger.request - get_nickname ("nickname" property) returns: string - get_status ("status"/"stuck" property pair) returns: string -> state name boolean -> i-am-stuck - get_key_type_and_size ("key-type"/"key-size" property pair) returns: string -> key algorithm number -> key size - get_key_storage_info ("key-storage"/"key-file"/"key-database"/"key-nickname"/"key-token" property set) returns: string -> "file", "nssdb" string(required for "nssdb" or "file") -> filename (for "file"), or directory (for "nssdb") string(required for "nssdb") -> nssdb nickname string(optional) -> nssdb token name - get_cert_storage_info ("key-storage"/"key-file"/"key-database"/"key-nickname"/"key-token" property set) returns: string -> "file", "nssdb" string -> filename (for "file"), or directory (for "nssdb") string(required for "nssdb") -> nssdb nickname string(optional) -> nssdb token name - get_cert_data ("cert" property) returns: string -> certificate in PEM format - get_cert_info ("issuer"/"serial"/"subject"/"email"/"hostname"/"principal"/"eku" property set) returns: string -> issuer string -> serial number string -> subject number -> expiration (unix time) array of string -> email addresses array of string -> dns names array of string -> principal names number -> key usage as bitfield based on RFC5280's values array of string -> oid values - get_monitoring ("monitoring" property) returns: boolean -> enabled? - get_cert_last_checked ("last-checked" property) returns: number -> time of last check for expiration (unix time) - get_notification_info ("notification-type"/"notification-syslog-priority"/"notification-email" property set) returns: string -> method ("syslog", "email") string -> destination (log level or recipient) - get_autorenew ("autorenew" property) returns: boolean -> enabled? - get_csr_info ("template-subject"/"template-email"/"template-hostname"/"template-principal"/"template-eku" property set) returns: string -> subject array of string -> email addresses array of string -> dns names array of string -> principal names number -> key usage as bitfield based on RFC5280's values array of string -> oid values - get_key_pin ("key-pin" property) returns: string -> key storage PIN - get_key_pin_file ("key-pin-file" property) returns: string -> path of file containing key storage PIN - get_csr_data ("csr" property) returns: string -> signing request in PEM format - get_ca ("ca" property) returns: path(optional) -> path to CA object - get_submitted_date ("submitted-date" property) returns: number(optional) -> time of last submission to a CA (as time_t) - get_submitted_cookie ("ca-cookie" property) returns: string(optional) -> CA-specific value - get_ca_error ("ca-error" property) returns: text(optional) -> error text sent by the CA - modify arguments: [dict{string,variant{string/path/array-of-string/number/boolean}}] {"NICKNAME"("nickname"),string} {"CA"("ca"),path (known CA to use)} {("ca-profile"),string (known CA profile to use)} {"TRACK"("monitoring"),boolean} {"RENEW"("autorenew"),boolean} {"SUBJECT"("template-subject"),string} {"KEY_PIN"("key-pin"),string} {"KEY_PIN_FILE"("key-pin-file"),string} {"KU"("template-ku"),string (bit field)} {"EKU"("template-eku"),array-of-string (oids)} {"PRINCIPAL"("template-principal"),array-of-string (principal names)} {"DNS"("template-hostname"),array-of-string (dns names)} {"EMAIL"("template-email"),array-of-string (email addresses)} {("template-ip-address"),array-of-string (IP addresses in text form)} (since 0.75) {("template-is-ca"),boolean} {("template-ca-path-length"),integer} {("template-ocsp"),array-of-string (ocsp responder URIs)} {("template-crldp"),array-of-string (CRL distribution point URIs)} {("template-ns-comment"),string (Netscape comment)} {("template-profile"),string (certificate profile)} {("template-ms-certificate-template"),string (MS V2 template specifier; format: :[:] )} {("template-issuer"),string (requested issuer)} {("template-challenge-password"),string (password to add to CSR)} {("template-challenge-password-file"),string (password file) {("cert-presave-command"),string} {("cert-postsave-command"),string} - nickname for request argument: string -> new ID - pin for key storage argument: string -> PIN used for key storage - pin file for key storage argument: string -> name of file containing PIN used for key storage - requested subject name argument: string -> requested subject - requested subject alternative name(s): email argument: array of string -> new requested addresses - requested subject alternative name(s): dnsname argument: array of string -> new requested hostnames - requested subject alternative name(s): principalname argument: array of string -> new requested principal names - requested new key usage argument: number -> key usage as bitfield based on RFC5280's values - requested new extended key usage argument: array of string -> requested OIDs - known-ca to use argument: path -> object path of CA returns: boolean -> ok path -> object path, in case it changed - refresh returns: boolean -> in progress - resubmit (for requests that have been denied, generates a new csr) returns: boolean -> working-on-it (objects whose names are returned by "get-known-cas") interface=org.fedorahosted.certmonger.ca - get_nickname ("nickname" property) returns: string - get_is_default ("is-default" property) returns: boolean -> is-the-default-ca - get_type returns: string -> "EXTERNAL" if this is implemented by an external helper - get_location returns: string -> path to external helper - get_serial returns: string -> hex value (optional) - get_issuer_names ("issuer-names" property) returns: array of string (optional) -> set of known issuer names - modify - nickname arguments: string -> name of ca returns: boolean -> changed? - is-default arguments: boolean -> should-be-the-default-ca returns: boolean -> is-the-default-ca - helper-location arguments: string -> path to external helper returns: boolean -> changed? - associated issuer names (for when we have to guess which CA to use) arguments: array of string (optional) -> set of issuer names - refresh returns: boolean -> in progress Marshallers needed: Arguments: string path string,string,string,array-of-string string,string boolean array-of-string dict{string,variant{string/array-of-string/number/boolean}} Return: boolean number string path boolean,string boolean,path string,boolean string,number string,string array-of-path array-of-string string,string,string string,string,string,string string,string,string,array-of-string string,string,string,number,array-of-string,array-of-string,array-of-string,number,array-of-string certmonger-0.79.19/doc/certmaster-submit.txt0000644000175000017500000000146114511314133020414 0ustar gitgit00000000000000The submission protocol is a single XMLRPC. Request to http://server:port/, method = "wait_for_cert". The port, default "51235", is given in the server's certmaster.conf, and both the server and the port number are given in the client's minion.conf. The client does not authenticate. Request parameters are a single argument, PEM-formatted CSR, with the limitation that the header must be for "CERTIFICATE REQUEST" and not "NEW CERTIFICATE REQUEST". (The request as-sent is compared to a rebuilt copy which uses this header to determine if the request matches one which has already been received.) Response is a sequence of (boolean, string, string), either (true, issued-cert, issuer-cert), or (false, '', ''). The issued certificate is returned in PEM format. - Based on certmaster.py from certmaster 0.25. certmonger-0.79.19/doc/design.txt0000644000175000017500000005734014511314133016222 0ustar gitgit00000000000000The life cycle of a certificate: * Generating a key pair. * Generating a CSR containing public key. * Submitting CSR to a CA. * Checking for response from CA. * Waiting for certificate to near expiration. Administrative action can also add these states: * On hold * Revoked We model that life cycle as a state machine. Now with some arbitrarily-named states for our per-certificate state machine: * Generating a key pair. States: NEED_KEY_PAIR, GENERATING_KEY_PAIR [*], NEED_KEY_GEN_PERMS, NEED_KEY_GEN_TOKEN, NEED_KEY_GEN_PIN, HAVE_KEY_PAIR * Reading info about key pair. NEED_KEYINFO, READING_KEYINFO [*], NEED_KEYINFO_READ_TOKEN, NEED_KEYINFO_READ_PIN, HAVE_KEYINFO * Generating a CSR containing public key. States: NEED_CSR, GENERATING_CSR [*], NEED_CSR_GEN_TOKEN, NEED_CSR_GEN_PIN, HAVE_CSR * Generating SCEP data, if we need it. States: NEED_SCEP_DATA, GENERATING_SCEP_DATA [*], NEED_SCEP_GEN_TOKEN, NEED_SCEP_GEN_PIN, NEED_SCEP_ENCRYPTION_CERT, NEED_SCEP_RSA_CLIENT_KEY, HAVE_SCEP_DATA * Submitting CSR to a CA. States: NEED_TO_SUBMIT, SUBMITTING [*] * Don't know which CA to submit to. States: NEED_CA [*] * Don't have complete information about CA. States: CA_UNCONFIGURED [*] * Can't contact CA. States: CA_UNREACHABLE [*] * Rejected, very sad. States: CA_REJECTED [*] * CA is thinking. States: CA_WORKING [*] * Saving certificate to the desired location and parsing it for the information we think is interesting. States: NEED_TO_SAVE_CERT, PRE_SAVE_CERT[*], START_SAVING_CERT, SAVING_CERT [*], NEED_CERTSAVE_PERMS, NEED_CERTSAVE_TOKEN, NEED_CERTSAVE_PIN, NEED_TO_READ_CERT, READING_CERT [*], SAVED_CERT, POST_SAVED_CERT[*] * Waiting for certificate to near expiration. States: MONITORING * Notifying the admin of impending/passed expiration. States: NEED_TO_NOTIFY_VALIDITY, NOTIFYING_VALIDITY [*] * Notifying the admin of CA rejection. States: NEED_TO_NOTIFY_REJECTION, NOTIFYING_REJECTION [*] * Notifying the admin of CA issued cert, but not saved. States: NEED_TO_NOTIFY_ISSUED_FAILED, NOTIFYING_ISSUED_FAILED [*] * Notifying the admin of that we failed to save CA certs. States: NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED, NOTIFYING_ONLY_CA_SAVE_FAILED * Saving CA certs while saving an issued cert. States: NEED_TO_SAVE_CA_CERTS, START_SAVING_CA_CERTS, SAVING_CA_CERTS [*], NEED_CA_CERT_SAVE_PERMS * Notifying the admin of CA issued cert, and saved. States: NEED_TO_NOTIFY_ISSUED_SAVED, NOTIFYING_ISSUED_SAVED [*] * Saving CA certs while not saving an issued cert. States: NEED_TO_SAVE_ONLY_CA_CERTS, START_SAVING_ONLY_CA_CERTS, SAVING_ONLY_CA_CERTS [*] * Waiting for user input States: NEED_GUIDANCE [*] * Getting our bearings States: NEWLY_ADDED, NEWLY_ADDED_READING_KEYINFO [*], NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN, NEWLY_ADDED_NEED_KEYINFO_READ_PIN, NEWLY_ADDED_START_READING_CERT, NEWLY_ADDED_READING_CERT [*], NEWLY_ADDED_DECIDING [*] [*] Denotes states in which we have to wait for instructions from the user or completion of interaction with external systems. State logic: NEED_KEY_PAIR: start-key-generation state_next = GENERATING_KEY_PAIR state_transition = now break GENERATING_KEY_PAIR: if starting-up state_next = NEED_KEY_PAIR state_transition = now else if keygen-finished if key-was-stored-successfully state_next = HAVE_KEY_PAIR state_transition = now elseif key-store-needs-token state_next = NEED_KEY_GEN_TOKEN state_transition = now elseif key-store-needs-pin state_next = NEED_KEY_GEN_PIN state_transition = now elseif key-store-needs-perms state_next = NEED_KEY_GEN_PERMS state_transition = now else state_next = NEED_KEY_PAIR state_transition = now else state_next = GENERATING_KEY_PAIR state_transition = when-notified break NEED_KEY_GEN_PERMS: if starting-up state_next = NEED_KEY_PAIR state_transition = now break NEED_KEY_GEN_TOKEN: if starting-up state_next = NEED_KEY_PAIR state_transition = soon break NEED_KEY_GEN_PIN: if starting-up state_next = NEED_KEY_PAIR state_transition = now break HAVE_KEY_PAIR: state_next = NEED_KEYINFO state_transition = now break NEED_KEYINFO: start-reading-key-information state_next = READING_KEYINFO state_transition = now break READING_KEYINFO: if starting-up state_next = NEED_KEYINFO state_transition = now else if finished-reading-key-information state_next = HAVE_KEYINFO state_transition = now elseif key-store-needs-token state_next = NEED_KEYINFO_READ_TOKEN state_transition = now elseif key-store-needs-pin state_next = NEED_KEYINFO_READ_PIN state_transition = now else state_next = NEED_KEY_PAIR state_transition = now break NEED_KEYINFO_READ_TOKEN: if starting-up state_next = NEED_KEYINFO state_transition = soon break NEED_KEYINFO_READ_PIN: if starting-up state_next = NEED_KEYINFO state_transition = soon break HAVE_KEYINFO: state_next = NEED_CSR state_transition = now break NEED_CSR: if starting-up state_next = HAVE_KEYINFO state_transition = now else if don't-have-a-full-template fill-in-template-values-based-on-defaults start-csr-generation-using-template-values state_next = GENERATING_CSR state_transition = now break GENERATING_CSR: if starting-up state_next = HAVE_KEYINFO state_transition = now else if csrgen-finished if csr-was-stored state_next = HAVE_CSR state_transition = now elseif key-store-needs-token state_next = NEED_CSR_GEN_TOKEN state_transition = now elseif key-store-needs-pin state_next = NEED_CSR_GEN_PIN state_transition = now else state_next = NEED_CSR state_transition = now else state_next = GENERATING_CSR state_transition = when-notified break NEED_CSR_GEN_TOKEN: if starting-up state_next = HAVE_KEYINFO state_transition = soon break NEED_CSR_GEN_PIN: if starting-up state_next = HAVE_KEYINFO state_transition = now break HAVE_CSR: state_next = NEED_TO_SUBMIT state_transition = now break NEED_SCEP_DATA: if starting-up state_next = HAVE_KEYINFO state_transition = now else if don't-have-a-full-template fill-in-template-values-based-on-defaults start-csr-generation-using-template-values state_next = GENERATING_SCEP_DATA state_transition = now break GENERATING_SCEP_DATA: if starting-up state_next = NEED_SCEP_DATA state_transition = now else if scepgen-finished if scep-data-was-stored state_next = HAVE_SCEP_DATA state_transition = now elseif key-store-needs-token state_next = NEED_SCEP_GEN_TOKEN state_transition = now elseif key-store-needs-pin state_next = NEED_SCEP_GEN_PIN state_transition = now elseif requires-ra-encryption-cert state_next = NEED_SCEP_ENCRYPTION_CERT state_transition = now else state_next = NEED_SCEP_RSA_CLIENT_KEY state_transition = now else state_next = GENERATING_SCEP_DATA state_transition = when-notified break NEED_SCEP_GEN_TOKEN: if starting-up state_next = NEED_SCEP_DATA state_transition = soon break NEED_SCEP_GEN_PIN: if starting-up state_next = NEED_SCEP_DATA state_transition = now break NEED_SCEP_ENCRYPTION_CERT: if starting-up state_next = NEED_SCEP_DATA state_transition = now break NEED_SCEP_RSA_CLIENT_KEY: if starting-up state_next = NEED_SCEP_DATA state_transition = now break HAVE_SCEP_DATA: state_next = NEED_TO_SUBMIT state_transition = now break NEED_TO_SUBMIT: if starting-up state_next = HAVE_CSR state_transition = now else start-csr-submission if csr-submission-started state_next = SUBMITTING state_transition = now else if don't-know-a-ca state_next = NEED_CA state_transition = now break SUBMITTING: if starting-up state_next = HAVE_CSR state_transition = now else if csr-submission-attempt-completed if ca-issued-cert state_next = NEED_TO_SAVE_CERT state_transition = now elseif ca-rejected-us if already-had-a-cert state_next = MONITORING state_transition = now else state_next = CA_NEED_TO_NOTIFY_REJECTION state_transition = later elseif ca-is-unreachable store-ca-cookie state_next = CA_UNREACHABLE state_transition = later elseif ca-is-thinking-about-it-and-have-cookie store-ca-cookie state_next = CA_WORKING state_transition = soon elseif ca-is-underconfigured if already-had-a-cert state_next = MONITORING state_transition = now else store-ca-cookie state_next = CA_UNCONFIGURED state_transition = later elseif need-scep-data state_next = NEED_SCEP_DATA state_transition = now elseif need-rekey state_next = NEED_REKEY state_transition = now else state_next = NEED_GUIDANCE state_transition = now else state_next = SUBMITTING state_transition = when-notified break NEED_TO_SAVE_CERT: if pre-save-command-configured start-configured-pre-save-command state_next = PRE_SAVE_CERT state_transition = now else state_next = START_SAVING_CERT state_transition = now break PRE_SAVE_CERT: if starting-up state_next = NEED_TO_SAVE_CERT state_transition = now else if pre-save-completed state_next = START_SAVING_CERT state_transition = now break START_SAVING_CERT: start-saving-cert state_next = SAVING_CERT state_transition = now break SAVING_CERT: if starting-up state_next = NEED_TO_SAVE_CERT state_transition = now else if cert-save-completed state_next = NEED_TO_SAVE_CA_CERTS state_transition = now else if cert-save-needs-perms state_next = NEED_CERTSAVE_PERMS state_transition = now elseif cert-save-needs-token state_next = NEED_CERTSAVE_TOKEN state_transition = now elseif cert-save-needs-pin state_next = NEED_CERTSAVE_PIN state_transition = now else state_next = NEED_TO_NOTIFY_ISSUED_SAVE_FAILED state_transition = now break NEED_CERTSAVE_PERMS: if starting-up state_next = NEED_TO_SAVE_CERT state_transition = now break NEED_CERTSAVE_TOKEN: if starting-up state_next = NEED_TO_SAVE_CERT state_transition = now break NEED_CERTSAVE_PIN: if starting-up state_next = NEED_TO_SAVE_CERT state_transition = now break NEED_TO_SAVE_CA_CERTS: state_next = START_SAVING_CA_CERTS state_transition = now START_SAVING_CA_CERTS: if starting-up state_next = NEED_TO_SAVE_CA_CERTS state_transition = now else start-saving-ca-certs state_next = SAVING_CA_CERTS state_transition = now break SAVING_CA_CERTS: if starting-up state_next = NEED_TO_SAVE_CA_CERTS state_transition = now else if saving-ca-certs-complete state_next = NEED_TO_READ_CERT state_transition = now else if permissions-problem state_next = NEED_CA_CERT_SAVE_PERMS state_transition = now else state_next = NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED state_transition = now NEED_CA_CERT_SAVE_PERMS: if starting-up state_next = NEED_TO_SAVE_CA_CERTS state_transition = now break NEED_TO_READ_CERT: start-reading-cert state_next = READING_CERT state_transition = now break READING_CERT: if starting-up state_next = NEED_TO_READ_CERT state_transition = now else if cert-read-completed if post-save-command-configured start-configured-post-save-command state_next = POST_SAVED_CERT state_transition = now else state_next = NEED_TO_NOTIFY_ISSUED_SAVED state_transition = now break POST_SAVED_CERT: if starting-up state_next = NEED_TO_NOTIFY_ISSUED_SAVED state_transition = now else if post-save-completed state_next = NEED_TO_NOTIFY_ISSUED_SAVED state_transition = now SAVED_CERT: state_next = NEED_TO_SAVE_CA_CERTS state_transition = now break NEED_TO_SAVE_ONLY_CA_CERTS: state_next = START_SAVING_ONLY_CA_CERTS state_transition = now START_SAVING_ONLY_CA_CERTS: if starting-up state_next = NEED_TO_SAVE_ONLY_CA_CERTS state_transition = now else start-saving-only-ca-certs state_next = SAVING_ONLY_CA_CERTS state_transition = now break SAVING_ONLY_CA_CERTS: if starting-up state_next = NEED_TO_SAVE_ONLY_CA_CERTS state_transition = now else if saving-ca-certs-complete state_next = MONITORING state_transition = now else if permissions-problem state_next = NEED_CA_CERT_SAVE_PERMS state_transition = now else state_next = NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED state_transition = now NEED_TO_NOTIFY_REJECTION: start-notifying state_next = NOTIFYING_REJECTION state_transition = now break NOTIFYING_REJECTION: if starting-up state_next = NEED_TO_NOTIFY_REJECTION state_transition = now else if notification-completed state_next = CA_REJECTED state_transition = now break NEED_TO_NOTIFY_ISSUED_SAVE_FAILED: start-notifying state_next = NOTIFYING_ISSUED_SAVE_FAILED state_transition = now break NOTIFYING_ISSUED_SAVE_FAILED: if starting-up state_next = NEED_TO_NOTIFY_ISSUED_SAVE_FAILED state_transition = now else if notification-completed state_next = START_SAVING_CERT state_transition = soonish break NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED start-notifying state_next = NOTIFYING_ISSUED_CA_SAVE_FAILED state_transition = now break NOTIFYING_ISSUED_CA_SAVE_FAILED if starting-up state_next = NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED state_transition = now else if notification-completed state_next = MONITORING state_transition = soonish break NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED start-notifying state_next = NOTIFYING_ONLY_CA_SAVE_FAILED state_transition = now break NOTIFYING_ONLY_CA_SAVE_FAILED if starting-up state_next = NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED state_transition = now else if notification-completed state_next = MONITORING state_transition = now break NEED_TO_NOTIFY_ISSUED_SAVED: start-notifying state_next = NOTIFYING_ISSUED_SAVED state_transition = now break NOTIFYING_ISSUED_SAVED: if starting-up state_next = NEED_TO_NOTIFY_ISSUED_SAVED state_transition = now else if notification-completed state_next = MONITORING state_transition = now break CA_REJECTED: state_transition = soon break CA_WORKING: if starting-up state_next = HAVE_CSR state_transition = now else state_next = NEED_TO_SUBMIT state_transition = soon break CA_UNREACHABLE: if starting-up state_next = HAVE_CSR state_transition = now else state_next = NEED_TO_SUBMIT state_transition = soon break CA_UNCONFIGURED: if starting-up state_next = HAVE_CSR state_transition = now break NEED_CA: if starting-up state_next = HAVE_CSR state_transition = now break NEED_GUIDANCE: if have-guidance state_next = as-guided state_waitfor = now else state_next = NEED_GUIDANCE state_transition = timeout break MONITORING: if certificate-is-expired or (expiration-time-is-below-notify-threshold-value and expiration-time-was-above-notify-threshold-value) update-template-values-based-on-cert state_next = NEED_TO_NOTIFY_VALIDITY state_transition = now else if (expiration-time-is-below-renewal-threshold-value and expiration-time-was-above-renewal-threshold-value) if due-for-rekey state_next = NEED_KEY_PAIR else state_next = NEED_CSR state_transition = now else state_next = MONITORING state_transition = timeout break NEED_TO_NOTIFY_VALIDITY: if starting-up state_next = MONITORING state_transition = now else start-notifying state_next = NOTIFYING_VALIDITY state_transition = now break NOTIFYING_VALIDITY: if starting-up state_next = NEED_TO_NOTIFY_VALIDITY state_transition = now else if notification-completed if this-cert-gets-autorenew and (expiration-time-is-below-renewal-threshold-value and expiration-time-was-above-renewal-threshold-value) if due-for-rekey state_next = NEED_KEY_PAIR else state_next = NEED_CSR state_transition = now else state_next = MONITORING state_transition = timeout break NEWLY_ADDED: if key-storage-is-known state_next = NEWLY_ADDED_START_READING_KEYINFO state_transition = now else state_next = NEWLY_ADDED_START_READING_CERT state_transition = now break NEWLY_ADDED_START_READING_KEYINFO: start-reading-key-information state_next = NEWLY_ADDED_READING_KEYINFO state_transition = now break NEWLY_ADDED_READING_KEYINFO: if starting-up state_next = NEWLY_ADDED_START_READING_KEYINFO state_transition = now else if finished-reading-key-information state_next = NEWLY_ADDED_START_READING_CERT state_transition = now elseif key-store-needs-token state_next = NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN state_transition = now elseif key-store-needs-pin state_next = NEWLY_ADDED_NEED_KEYINFO_READ_PIN state_transition = now else state_next = NEWLY_ADDED_START_READING_CERT state_transition = now break NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN: if starting-up state_next = NEWLY_ADDED_START_READING_KEYINFO state_transition = now break NEWLY_ADDED_NEED_KEYINFO_READ_PIN: if starting-up state_next = NEWLY_ADDED_START_READING_KEYINFO state_transition = now break NEWLY_ADDED_START_READING_CERT: start-reading-cert state_next = NEWLY_ADDED_READING_CERT state_transition = now break NEWLY_ADDED_READING_CERT: if starting-up state_next = NEWLY_ADDED_START_READING_CERT state_transition = now else if finished-reading-cert state_next = NEWLY_ADDED_DECIDING state_transition = now break NEWLY_ADDED_DECIDING: if entry-has-no-associated-ca try-to-set-ca-using-known-ca-list if we-have-a-cert if we-have-ca-certs-to-save state_next = NEED_TO_SAVE_ONLY_CA_CERTS state_transition = now else state_next = MONITORING state_transition = now else if key-storage-is-known if key-is-present state_next = NEED_CSR state_transition = now else state_next = NEED_KEY_PAIR state_transition = now else state_next = NEED_GUIDANCE state_transition = now break Types of actions and user guidance: Reenroll-from-scratch ("request -g"): state_next = NEED_KEY_PAIR state_transition = now Submit-key ("request", if no csr or arguments alter it): state_next = NEED_CSR state_transition = now Submit-csr (automatic for "request") state_next = HAVE_CSR state_transition = now Resubmit-csr (need to add "resubmit") state_next = HAVE_CSR state_transition = now Start-Tracking-with-AutoRenew ("start-tracking"): add-cert-to-monitoring-list state_next = MONITORING state_transition = now Start-Tracking-without-AutoRenew ("start-tracking"): add-cert-to-monitoring-list state_next = MONITORING state_transition = now Cancel ("stop-tracking"): remove-cert-from-monitoring-list Status ("list"): dump-monitoring-list Data we need to track for each certificate/task/dbentry: * Type of key pair to generate [or use default settings] default: RSA,2048 * Location of key pair [use-once default] default: NSS,/etc/pki/nssdb,,Server-Key-default * Location of certificate [use-once default] default: NSS,/etc/pki/nssdb,,Server-Cert-default * Cached certificate issuer/serial/subject/spki/expiration/host/email * The last time we checked if expiration was imminent. * Interesting TTL values [or use default settings] default: 30*24*60*60,7*24*60*60,3*24*60*60,2*24*60*60,1*24*60*60 * How to notify administrator [or use default settings] syslog(LOG_AUTHPRIV?) or mail to root@? * CSR template information [or imported from existing certificate] * subject (cn=host name) * SANs¹ * DNS * email * principal name * IP addresses * ku¹, eku¹ ¹ Encoded as extensionRequest attributes. * Certificate State (state_current) * Whether to autorenew-at-expiration [or use default settings] * Whether to start monitoring at issue [or use default settings] * Type and location of CA [or use default settings] * Value of CA cookie for in-progress submissions. * Date of submission for in-progress submissions. When we interact with CAs, there are things that we "know" about them, or would like to know: * A nickname by which we refer to the CA. * The certificate which the CA uses as the issuer of certificates for end entities. * The root of the chain of trust, if it's not the CA's issuer certificate, and any other certificates in the chain between them. * A set of mandatory-to-supply pieces of information when we're requesting a new or renewed certificate from the CA. For IPA, for example, during requests for a new certificate (it doesn't distinguish between "new" and "renew" cases), this is the Kerberos principal name of the subject for whom we're requesting the certificate. * If it supports different types of enrollment (known as profiles in Dogtag, or as templates in ADCS), what the options are, and if there's a recommended default. Each of these pieces of information which we might obtain from the CA is essentially either missing, current, in the process of being fetched, or in the process of being disseminated out to the rest of the local system. We can model the states for each of these using roughly the same set of states: * Pulling data from the CA: States: NEED_TO_REFRESH,REFRESHING,UNREACHABLE * Saving the data obtained from the CA to places where it's expected: States: NEED_TO_SAVE_DATA,PRE_SAVE_DATA,START_SAVING_DATA, SAVING_DATA,POST_SAVE_DATA,SAVED_DATA * Figuring out when we'll need to re-fetch data: NEED_TO_ANALYZE, ANALYZING * Waiting until we need to re-fetch data: States: IDLE And this state machine: NEED_TO_REFRESH: start-refresh-submission if refresh-submission-started state_next = REFRESHING state_transition = now else state_transition = later break REFRESHING: if refresh-submission-attempt-completed if ca-gave-us-data state_next = NEED_TO_SAVE_DATA state_transition = now elseif ca-needs-retry state_next = NEED_TO_REFRESH state_transition = later elseif ca-is-unreachable state_next = UNREACHABLE state_transition = now else state_next = DISABLED state_transition = now else state_next = REFRESHING state_transition = when-notified break NEED_TO_SAVE_DATA: if pre-save-command-configured start-configured-pre-save-command state_next = PRE_SAVE_DATA state_transition = now else state_next = START_SAVING_DATA state_transition = now break PRE_SAVE_DATA: if pre-save-completed state_next = START_SAVING_DATA state_transition = now break START_SAVING_DATA: start-saving-data if saving-data-started state_next = SAVING_DATA state_transition = now break SAVING_DATA: if done-saving-data if post-save-command-configured start-configured-post-save-command state_next = POST_SAVE_DATA state_transition = now else state_next = SAVED_DATA state_transition = now break POST_SAVE_DATA: if post-save-completed state_next = SAVED_DATA state_transition = now break SAVED_DATA: state_next = NEED_TO_ANALYZE state_transition = now NEED_TO_ANALYZE: start-analysis if analysis-started state_next = ANALYZING state_transition = now else state_next = IDLE state_transition = now break ANALYZING: if fetched-data-will-need-to-be-refreshed: state_next = NEED_TO_REFRESH state_transition = timeout else: state_next = IDLE state_transition = now UNREACHABLE: state_next = NEED_TO_REFRESH state_transition = now certmonger-0.79.19/doc/dogtag-notes-2.txt0000644000175000017500000000273014511314133017474 0ustar gitgit00000000000000Okay, I've worked out some of the logic and which servlets we need to call. * Submit the client request.[[BR]] * if (enrolling-a-new-certificate):[[BR]] submit via HTTP to ''/ca/ee/ca/profileSubmit'':[[BR]] profileId=''profile''[[BR]] cert_request_type=''pkcs10''[[BR]] cert_request=''base64''[[BR]] * if (renewing-an-already-issued-certificate):[[BR]] submit via HTTP to ''/ca/ee/ca/profileSubmit'':[[BR]] renewal=true[[BR]] serial_num=''decimal serial number''[[BR]] profileId=''profile''[[BR]] * Maybe approve the request ourselves.[[BR]] * if (we're-an-agent):[[BR]] read default values via authenticated HTTPS to ''/ca/agent/ca/profileReview''[[BR]] requestId=''decimal''[[BR]] (pick up all ''defId'' and ''defVal'' values with ''defConstraint'' NOT ''readonly''; if ''defSyntax'' is ''choice'' and ''defVal'' is not set, use the first item in the comma-separated ''defConstraint'' list)[[BR]] issue via authenticated HTTPS to ''/ca/agent/ca/profileProcess''[[BR]] requestId=''decimal''[[BR]] op=approve[[BR]] (all ''defId'' and ''defVal'' values as key/value pairs)[[BR]] requestNotes=''free-form text''[[BR]] * Check that the certificate was issued.[[BR]] * HTTP to ''/ca/ee/ca/checkRequest''[[BR]] requestId=''decimal request ID''[[BR]] importCert=true[[BR]] * Retrieve the new certificate.[[BR]] * if (certificate-is-ready):[[BR]] HTTP to ''/ca/ee/ca/displayCertFromRequest''[[BR]] requestId=''decimal request ID''[[BR]] certmonger-0.79.19/doc/dogtag-notes.txt0000644000175000017500000003644014511314133017342 0ustar gitgit00000000000000http://www.redhat.com/docs/manuals/cert-system/pdf/cms601custom.pdf Use GET http://cats.bos.redhat.com:9180/ca/ee/ca/getBySerial?serialNumber=14 (yes, that's a hex serial number). - older stuff - http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/SSLGet-Usage.html POST http://cats.bos.redhat.com:9180/ca/ee/ca/profileSubmit profileId=caServerCert&cert_request_type=pkcs10&requestor_name=TPS-server.example.com-7889&cert_request=MIIBGTCBxAIBADBfMSgwJgYDVQQKEx8yMDA2MTEwNngxMiBTZmJheSBSZWRoYXQgRG9tYWluMRIwEAYDVQQLEwlyaHBraS10cHMxHzAdBgNVBAMTFndhdGVyLnNmYmF5LnJlZGhhdC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAsMcYjKD2cDJOeKjhuAiyaC0YVh8hUzfcrf7ZJlVyROQx1pQrHiHmBQbcCdQxNzYK7rxWiR62BPDR4dHtQzj8RwIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQAKpuTYGP%2BI1k50tjn6enPV6j%2B2lFFjrYNwlYWBe4qYhm3WoA0tIuplNLpzP0vw6ttIMZkpE8rcfAeMG10doUpp&xmlOutput=true&sessionID=-4771521138734965266&auth_hostname=cats.bos.redhat.com&auth_port=9180 Returns "2Request Deferred - defer request 21" Dig the request ID out of the XML. GET http://cats.bos.redhat.com:9180/ca/ee/ca/checkRequest?requestId=21 You'll get some horrific code with javascript mixed in. snippet: Check header.status (UGH!). "pending";"complete" snippet 2: GET http://cats.bos.redhat.com:9180/ca/ee/ca/displayBySerial?serialNumber=0x14 As of 7.3, all of profileSubmit, checkRequest, and displayBySerial should support XML output of some kind, but it's not until 8.0 that checkRequest gives us the serial number of the issued cert when it tells us that our request succeeded, so if the goal is to avoid scraping Javascript, we have to require 8.0. certmonger-0.79.19/doc/fips.txt0000644000175000017500000000104514511314133015701 0ustar gitgit00000000000000Notes on running in FIPS mode: * All NSS databases need PINs, typically UTF-8 values of 7-255 characters in length, composed of at members of least three of these classes: * Upper-case ASCII character (unless it's the first character) * Lower-case ASCII character * Digit (unless it's the last character) * Other ASCII character * Other character * Attempts to generate keys of certain sizes less than allowed by the underlying crypto libraries will fail. The daemon will attempt to retry using its compile-time default key size. certmonger-0.79.19/doc/ftw.txt0000644000175000017500000001350714511314133015546 0ustar gitgit00000000000000For The Wiki IPA Client Design To be able to request a certificate from the IPA client automatically there should be a utility tightly integrated with the IPA client that would aid in requesting the certificate for a service running on the host. The following diagram shows all the IPA client components involved in the operation. ┌───────────────┐ │ ipa-getcert │ │ utility │ └───────────────┘ │ │ D-Bus interface │ ┌──────────────┐ ┌──────────┐ │ certmonger │ │ │ │ system │────── XML-RPC Connection to IPA ──────│ IPA CA │ │ daemon │ │ │ └──────────────┘ └──────────┘ 1. The cert utility, named ipa-getcert in the diagram, will accept command line parameters and issue requests to certmonger. This is the only thing it will do. 2. The daemon will be event-based, like most other services on the client designed so far. It will respond to requests from the ipa-getcert client, and if necessary, poll for completion of any time-consuming tasks that it has started. Such tasks include: * key generation * generating certificate signing requests (CSRs) * submitting signing requests to CAs 3. The daemon keeps track of its own work items. The client can afford to be rather dumb by comparison. 4. As an implementation detail, the daemon talks to the CA by means of a helper which it runs. The helper can also be run directly for troubleshooting purposes, and even replaced entirely. Command Line Utility Now it's time to talk about how ipa-getcert is used. At its core, the tool's function is analogous to that of ipa-getkeytab, so we're aiming for a command-line interface which feels familiar. There are five general tasks which the tool needs to be able to do: * Request a new certificate and track (by default or not, if told not to) its expiration date. * Resubmit a previously-denied enrollment request. * Start tracking expiration for an already-provisioned certificate. * Stop tracking expiration for an already-provisioned certificate. * Status: list current pending requests and/or currently tracked certs and the set of known CAs. In the case of requesting a certificate the command looks like this: ipa-getcert request [options] Required arguments: * If using an NSS database for storage: -d DIR NSS database for key and cert -n NAME nickname for NSS-based storage (only valid with -d) -t NAME optional token name for NSS-based storage (only valid with -d) * If using files for storage: -k FILE PEM file for private key -f FILE PEM file for certificate (only valid with -k) Optional arguments: * Certificate handling settings: -I NAME nickname to assign to the request -g SIZE size of key to be generated if one is not already in place -r attempt to renew the certificate when expiration nears (default) -R don't attempt to renew the certificate when expiration nears -c CA use the specified CA rather than the default (IPA's) * Parameters for the signing request: -N NAME set requested subject name (default: CN=) -U EXTUSAGE set requested extended key usage OID -K NAME set requested principal name -D DNSNAME set requested DNS name -E EMAIL set requested email address The simplest invocation might look like this: ipa-getcert -d /etc/pki/nssdb -n "ServerCert" In case of starting to track a certificate's expiration, one shall provide the following command line: ipa-getcert start-tracking [options] Required arguments: * If modifying an existing request: -i NAME nickname of an existing tracking request * If using an NSS database for storage: -d DIR NSS database for key and cert -n NAME nickname for NSS-based storage (only valid with -d) -t NAME optional token name for NSS-based storage (only valid with -d) * If using files for storage: -k FILE PEM file for private key -f FILE PEM file for certificate (only valid with -k) Optional arguments: * Certificate handling settings: -I NAME nickname to give to tracking request -r attempt to renew the certificate when expiration nears (default) -R don't attempt to renew the certificate when expiration nears -c CA use the specified CA rather than the default If there's no certificate in the specified location, the daemon will attempt to have one issued. The daemon will cache information about the certificate for bookkeeping. In case of stopping the tracking of a certificate's expiration, it would be more like this: Usage: getcert stop-tracking [options] Required arguments: * By request identifier: -i NAME nickname for tracking request * If using an NSS database for storage: -d DIR NSS database for key and cert -n NAME nickname for NSS-based storage (only valid with -d) -t NAME optional token name for NSS-based storage (only valid with -d) * If using files for storage: -k FILE PEM file for private key -f FILE PEM file for certificate (only valid with -k) The status commands list the work items that the daemon is tracking. Usage: getcert list [options] Optional arguments: * General options: -c CA list only requests and certs associated with this CA -r list only information about in-progress enrollment requests -t list only information about tracked certificates certmonger-0.79.19/doc/getting-started.txt0000644000175000017500000002264314511314133020054 0ustar gitgit00000000000000Background: Certificates An X.509 certificate (also commonly known as an SSL certificate), basically, contains a public key and an indication of to whom the key belongs (referred to as the certificate's _subject_) that have been cryptographically signed. By signing the certificate, the _issuer_ asserts that the key belongs to the _subject_. If the certificate is being used by an SSL-enabled server, for example, where the public key is used to help set up the encryption, a client who verifies the signature has verified that the issuer asserted that the party on the other end of the connection, who used the public key, has a specific name. If that name doesn't match the hostname that the client intended to connect with, then cleary something has gone wrong. The client may have connected to the wrong server. If the certificate isn't signed by an _issuer_ that the client trusts to be honest about things, then the client can't trust that the _subject_ name in the certificate isn't forged. The _issuer_ who signs certificates is called a _certifying_ _authority_, or alternately, a _certificate_ _authority_ (or more simply as a _CA_). If you're deploying an SSL-enabled service, the certificates it uses need to be _issued_ (verified and signed) by a CA that your clients trust. Background: Certificate Extensions An X.509 certificate minimally needs to contain the subject's name and that subject's public key. An issuer is also free to embed arbitrary data into a certificate in the certificate's _extensions_ field. Extensions are identified by OID and the data they contain is in a format specific to that OID. While this flexibility could allow for all sorts of hijinks, in order to be useful, an extension needs to be understood by all of the parties that will use the certificate in some way, so in practice most certificates will only contain some of a number of widely-used extensions. One of the more commonly-used extensions is the subjectAlternateName (also known as subjectAltName, or SAN) extension. It contains one or more names by which the subject might also be known. Because the _subject_ field of a certificate is formatted as a _distinguished_ _name_, for example, SSL clients typically have to extract the hostname from the subject field, which can be an error-prone process, in order to compare them with the hostname that the client attempted to use. A SAN of type _dnsName_ with the hostname as its value removes all ambiguity. The SAN extension can also contain other types of names, for example IPv4 and IPv6 addresses, email addresses, and Kerberos principal names. Background: Certificate Requests In order to obtain a certificate, the CA needs to obtain a copy of the public key which should be recorded in the certificate. Most often, this key is combined with other requested information, such as a requested subject name, into a _certificate_ _signing_ _request_ (a CSR) and submitted to the CA for processing. The CSR is usually signed with the submitter's private key. A CSR can also contain arbitrary attributes, and one of those attributes can be a set of requested extension values. In this way, a client can supply almost all of the contents of the certificate it desires as part of its request. While this can be very useful in some scenaries, it's important to recognize that in assembling a certificate to be issued, the CA is free to validate, reject, or simply discard any part of the client's request. Where certmonger Fits In The certmonger daemon, along with its command-line clients, attempts to simplify the process of generating public/private key pairs and CSRs and submitting CSRs to CAs for signing. Perhaps the simplest use case is to generate a certificate which is signed by the subject itself. (They're not very useful in production, but they're great for testing.) selfsign-getcert request -f /tmp/server.crt -k /tmp/server.key What we've done above is to tell certmonger that we want a key to be stored in the file /tmp/server.key, to get a corresponding certificate, and to store that certificate in the file /tmp/server.crt. (Using selfsign-getcert to tell it that also implicitly tells it to go ahead and _self-sign_ the CSR, which it generates and uses internally, with the subject's own key.) What certmonger did was to check if there was already a key there, and since there wasn't, to go ahead and generate one. That done, it created a CSR and then used the same key to produce a signed certificate. The daemon usually runs with sufficient privileges to be able to read and write to most locations that we might tell it to use for storing the certificate and key. However, as an added precaution, on systems where a mandatory access control system is in use, the daemon will typically be permitted to read and write only to a narrowly-defined set of locations. For example, on systems using SELinux, certmonger will often not be allowed to use /tmp because the directory is marked with the label "tmp_t". We would first need to create an alternate location with the label "cert_t" for certmonger's use: mkdir -p /tmp/certs chcon -t cert_t /tmp/certs cd /tmp/certs selfsign-getcert request -f ./server.crt -k ./server.key The example above used plain files for holding the key and the certificate, but we could have specified storage using an NSS database by passing the database's location and a nickname to give to the certificate, like so: selfsign-getcert request -d /tmp -n Testing-Certificate Of course, we had to supply a certificate nickname, because certmonger isn't all that creative. We used a nickname of "Testing-Certificate" because, well, why not? We can tell certmonger to embed a specific _subject_ name into the CSR, and we can tell it to include one or more of several types of SAN values, too: -N _subject_ -> specifies a subject name -K _principal_add -> specifies a Kerberos principal name SAN -D _hostname_ -> specifies a dnsName SAN -E _email_ -> specifies an rfc822address (email) SAN Let's create another certificate: selfsign-getcert request -f /tmp/babs.crt -k /tmp/babs.key \ -N "CN=Babs Jensen" -K bjensen@EXAMPLE.COM -E babs@example.com For flat files, we can use OpenSSL to look at the certificate's contents. Have a look at the first certificate we generated: openssl x509 -noout -text -in /tmp/server.crt You'll notice that even though we didn't specify what to put in the certificate, certmonger went ahead and added some things. These are its default settings. Now look at the one we just generated for Babs: openssl x509 -noout -text -in /tmp/babs.crt You'll see that the subject name is the one we requested, and that the email address is being shown correctly. As of this writing, the openssl command doesn't know how to display Kerberos principal names, but that's okay. While we're here, we can use NSS's certutil to examine the second certificate we generated: certutil -d /tmp -L -n Testing-Certificate The output format is a bit different, but the contents of the certificate should be pretty much the same. You may have noticed that in each case, the certificates had a validity time associated with them -- after a certain point, they won't be considered valid any more. That's okay. We can tell certmonger to go ahead and get a new certificate when the existing one expires: selfsign-getcert start-tracking -f /tmp/server.crt -r We could have added the "-r" when we initially requested the certificate and skipped this step, but this is documentation, so sometimes we go the long way. Using certmonger's Built-in "Toy" CA Using a toy CA to sign certificates is slightly more useful than self-signing certificates, because you can issue multiple certificates, all signed by a single signing certificate, and only have to deal with distributing one copy of the signing certificate to the various places where it'll be needed. The certmonger package includes a "local" signer which uses a its own self-signed certificate to sign certificates. Using it instead of self-signing is straightforward: local-getcert request -r \ -f /etc/httpd/conf/ssl.crt/server.crt \ -k /etc/httpd/conf/ssl.key/server.key \ -F /etc/httpd/conf/ssl.crt/ca.crt \ -N CN=`hostname --fqdn` \ -D `hostname --fqdn` \ -U id-kp-serverAuth local-getcert request -r \ -f /etc/ldap/server.crt \ -k /etc/ldap/server.key \ -F /etc/ldap/ca.crt \ -N CN=`hostname --fqdn` \ -D `hostname --fqdn` \ -U id-kp-serverAuth In this example, both /etc/httpd/conf/ssl.crt/ca.crt and /etc/ldap/ca.crt will contain copies of the same certificate, and a client connecting to either of the two services will only need to be given a copy of one of the files in order to verify the certificate used by either service. The "local" signer doesn't support revoking certificates, whether in response to a key compromise or for any of several less catastrophic reasons, so it's not recommended for general use, either. Using certmonger With Real CAs Having certmonger send a CSR to a real CA rather than itself signing everything is supposed to be trivial. For example, certmonger already "knows" how to interact with the CA component of an IPA system, so the only thing you'd do differently is call "ipa-getcert" instead of "selfsign-getcert" or "local-getcert". ipa-getcert request -r \ -f /etc/httpd/conf/ssl.crt/server.crt \ -k /etc/httpd/conf/ssl.key/server.key \ -N CN=`hostname --fqdn` \ -D `hostname --fqdn` \ -U id-kp-serverAuth That's all there is to it. If there's more than that to it, that's a bug. certmonger-0.79.19/doc/gpl-3.0.txt0000644000175000017500000010451314511314133016024 0ustar gitgit00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . certmonger-0.79.19/doc/helpers.txt0000644000175000017500000002562314511314133016412 0ustar gitgit00000000000000Except for when it's self-signing certificates, the certmonger daemon interfaces with CAs by calling out to enrollment helpers. The helpers pass signing requests to CAs, pass issued certificates back, and if they support it, are used to fetch other data about CAs as well. The certmonger daemon passes information to helpers through the environment when it runs them. The helpers communicate results back to the daemon using a combination of exit status and data provided on standard output. When certmonger runs a helper, the $CERTMONGER_OPERATION is used to indicate what the daemon expects the helper to do. If a helper does not implement an operation specified in the $CERTMONGER_OPERATION variable, it should exit with status 6 to indicate that the operation is not supported. I recommend that helpers be written so that they can be run interactively for troubleshooting purposes. The most frequent case is enrollment, so when $CERTMONGER_OPERATION is not set, it's suggested that "SUBMIT" is assumed. For testing purposes, a helper can be added by creating a file in the CAs directory (usually /var/lib/certmonger/cas) with these contents: id=Test ca_type=EXTERNAL ca_is_default=0 ca_external_helper=/usr/libexec/certmonger/my-helper Equivalently, this can be accomplished by running: getcert add-ca -c Test -e "/usr/libexec/certmonger/my-helper" Passing the "-c Test" flag to the "getcert request", "getcert resubmit", or "getcert rekey" commands will then cause the daemon to use your helper to attempt the appropriate operation. Note that the command can include options, but things are less likely to break if the helper has sensible defaults. The following sections describe what should happen for each operation when a helper is called. * "SUBMIT" This is called the first time the daemon attempts to send an enrollment request to a CA. The signing data, in PEM form, is provided in the environment. Some of the data from the request is also broken out and provided in the environment: * CERTMONGER_REQ_SUBJECT The subject name from the request, in text form. * CERTMONGER_REQ_EMAIL Any rfc822Name subject alt name values from the request. * CERTMONGER_REQ_HOSTNAME Any dNSName subject alt name values from the request. * CERTMONGER_REQ_PRINCIPAL Any Kerberos principal name subject alt name values from the request. * CERTMONGER_CA_PROFILE The name of the enrollment profile/template/certtype to use, if one was specified. * CERTMONGER_CSR The actual enrollment request, PKCS#10 format, PEM-encoded. * CERTMONGER_CERTIFICATE An older certificate, if we were previously issued one. If multiple options were passed in for CERTMONGER_REQ_EMAIL, CERTMONGER_REQ_HOSTNAME, CERTMONGER_REQ_PRINCIPAL or CERTMONGER_REQ_IP_ADDRESS (0.78+) then the variable will include all values passed in delimited by \n. These are also present starting with version 0.73: * CERTMONGER_CA_NICKNAME The name by which the CA is known, and would have been specified to the -c option to the "getcert" command. If your helper is called in multiple CA configurations, you may want to use this value to distinguish between them in order to provide different behavior. * CERTMONGER_SPKAC The signing request as a signed public key and challenge (SPKAC). * CERTMONGER_SPKI The subjectPublicKeyInfo field from the signing request. * CERTMONGER_KEY_TYPE The type of key included in the signing request. These may also be present starting with version 0.77, though you probably won't use them: * CERTMONGER_SCEP_CA_IDENTIFIER An identifier to pass to an SCEP server when requesting its capabilities list or copies of it and its CA's certificate. * CERTMONGER_PKCSREQ An SCEP PKCSReq pkiMessage. If the daemon is attempting to change keys, this will be signed with the old key. * CERTMONGER_PKCSREQ_REKEY An SCEP PKCSReq pkiMessage. If the daemon is attempting to change keys, this will be signed with the new key, otherwise it is not set. * CERTMONGER_GETCERTINITIAL An SCEP GetCertInitial pkiMessage. If the daemon is attempting to change keys, this will be signed with the old key. * CERTMONGER_GETCERTINITIAL_REKEY An SCEP GetCertInitial pkiMessage. If the daemon is attempting to change keys, this will be signed with the new key, otherwise it is not set. * CERTMONGER_SCEP_RA_CERTIFICATE The SCEP server's RA certificate. * CERTMONGER_SCEP_CA_CERTIFICATE The SCEP server's CA certificate. * CERTMONGER_SCEP_CERTIFICATES Additional certificates in the SCEP server's certifying chain. These are also present starting with version 0.78: * CERTMONGER_REQ_IP_ADDRESS Any iPAddress subject alt name values from the request. These are also present starting with version 0.79: * CERTMONGER_CA_ISSUER The requested issuer for enrollment. The helper is expected to use this information, along with whatever credentials it has or is passed on the command line, to send the signing request to the CA. * If a certificate is issued, output it in PEM form and exit with status 0. See footnote 1 for information about formatting the result. * If the client should wait for a period of time, output a "cookie" value and exit with status 1. The daemon will try again later at a time of its choosing (the default is currently 7 days). * If the request was rejected outright, output an error message, and exit with status 2. * If there was an error connecting to the server, output an error message and exit with status 3. The daemon will try again later. * If the helper requires additional configuration data, output an error message and exit with status 4. * If the client should wait for a specific period of time (for example, if the CA has told it when to try again), output a delay size in seconds, a newline, and a "cookie" value, and exit with status 5. The daemon will try again after the specified amount of time has passed. * If the helper needs SCEP data, exit with status 16. Your helper probably won't need to do this. * If the CA indicates that the client needs to try again using a different key pair in the signing request (for example, if its policy limits the number of times a particular key pair can be enrolled, or the length of time one can be in service), exit with status 17. The daemon will generate a new key pair and try again. * If the helper does not understand what is being asked of it, exit with status 6. You should never return this value for "SUBMIT" or "POLL", but it is mentioned here so that we can refer to this list later. * "POLL" If the helper previously returned with status 1 or 5, this is the daemon trying again. The same information supplied for "SUBMIT" requests will be provided in the environment. Additionally, the "CERTMONGER_CA_COOKIE" variable will hold the cookie value returned by the previous call to the helper. If your process requires multiple steps, the cookie is suitable for keeping track of which step is next. If your helper never returns status 1 or 5, this will not be used, and you need not implement logic for it. Report results as you would for the "SUBMIT" operation. * "IDENTIFY": Output version information for your helper, and exit with status 0. This information is tracked by the daemon and included in the output of the "getcert list-cas -v" command. Optional. * "GET-NEW-REQUEST-REQUIREMENTS" Output a list of environment variable names which are expected to have non-empty values when the helper is run in SUBMIT or POLL mode. The list can be either comma- or newline-separated. At some point, we'll teach getcert to instruct people to supply values that are required by the CA that they intend to use if it finds that they didn't supply one of these. Support for this operation is optional. * "GET-RENEW-REQUEST-REQUIREMENTS" Just like "GET-NEW-REQUEST-REQUIREMENTS", except for cases when the client attempts to renew an already-issued certificate. In most cases, your helper will want to do the same thing for "GET-RENEW-REQUEST-REQUIREMENTS" as it does for "GET-NEW-REQUEST-REQUIREMENTS" Support for this operation is optional. * "GET-SUPPORTED-TEMPLATES" Output a list of supported profile/template/certtype names offered and recognized by the CA. The list can be either comma- or newline-separated. At some point, we'll teach getcert to validate values it receives for its -T option against this list. Support for this operation is optional. * "GET-DEFAULT-TEMPLATE" Output a single supported profile/template/certtype name offered and recognized by the CA. If there is no default, output nothing. At some point, we'll teach getcert to use this value as a default if it is not passed the -T option. Support for this operation is optional. * "FETCH-SCEP-CA-CAPS" If your helper uses SCEP, connect to the server, issue a GetCACaps request, and output the results. Most helpers are not expected to implement this, and should exit with status 6 to indicate that they don't support it. * "FETCH-SCEP-CA-CERTS" If your helper uses SCEP, connect to the server, issue a GetCACert and GetCAChain requests, and output the results. Most helpers are not expected to implement these, and should exit with status 6 to indicate that they don't support it. * "FETCH-ROOTS" If the helper has a way to read the CA's root certificate over an authenticated and integrity-protected channel, output a suggested nickname, the certificate in PEM format. If there are other trusted certificates, follow that with a blank line and one or more nickname/certificate sequences. If there are other certificates which the client might need (for example, others in the certifying chain), repeat for those. Note that if there are chain certificates but no supplemental root certificates, the root certificate should be followed by two blank lines. Support for this operation is optional. If you can not guarantee that the data produced is authenticated and has not been tampered with, do not implement this. The format described here is recognized to be error-prone and will be replaced with a JSON object in the future. * (not set) To ease troubleshooting, my suggestion is to treat the CERTMONGER_OPERATION not being set as if it was set to SUBMIT, or POLL if a cookie value is passed to your helper via a command-line option. * Anything else. For future-proofing, exit with status 6. Footnotes: 1. When a certificate is issued, it can be output as a PEM-formatted X.509 certificate, a PEM-formatted "certificates only" PKCS#7 signed-data item, a PEM-formatted PKCS#7 enveloped-data with encapsulated content identified as type "data", containing either an X.509 certificate or PKCS#7 signed-data item in binary form, or any of the previous in binary form. When PEM formatting is used, multiple PEM-formatted items can be output if needed. certmonger-0.79.19/doc/helpers/0000755000175000017500000000000014511314133015641 5ustar gitgit00000000000000certmonger-0.79.19/doc/helpers/anchor-submit.py0000644000175000017500000001203514511314133020767 0ustar gitgit00000000000000#!/usr/bin/python """ Overly simplistic certmonger helper, conforming to https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/helpers.txt and using the anchor v1 API documented at https://github.com/openstack/anchor/blob/master/doc/source/api.rst Error handling could use some work, and the configuration and client credentials are hard-coded below. """ import os import sys import requests def main(): """ Check $CERTMONGER_OPERATION to see what we should do. We only support the (mandatory) SUBMIT and (optional) IDENTIFY and FETCH-ROOTS operations, and only FETCH-ROOTS if the (hard-coded) server address uses the "https" scheme. For every other operation, we exit with status indicating that we don't support it. If the operation isn't set, we assume we're in SUBMIT mode, and to make things easier to troubleshoot, if the CSR isn't provided in the environment, we try to read one from stdin. If we're in SUBMIT mode, we post the CSR to the "sign" endpoint for the "default" RA and read back either a certificate or an error message. In FETCH-ROOTS mode, we read the root certificate and relay it back. In IDENTIFY mode, we just output version information. Anything else, we don't support. """ # These would be better off as command line options or settings in a # configuration file, but since this is just a sample, we just hard-code # them. server = "http://localhost:5016/v1/%s/default" user = "myusername" secret = "simplepassword" # Key off of what we're being asked to do. We always get an instant reply, # so we won't ever be called to "POLL". We don't currently have any # parameters that absolutely must be specified, so there's no need to list # them in out in a handler for "GET-NEW-REQUEST-REQUIREMENTS". We don't # have a notion of enrollment profiles, so there's no need to handle # "GET-SUPPORTED-TEMPLATES". operation = os.getenv("CERTMONGER_OPERATION") if operation == "IDENTIFY": # Output some version information. sys.stdout.write("Anchor (anchor-submit.py 0.0)\n") sys.exit(0) if operation is None or operation == "SUBMIT": # Submit the signing request. If we succeed, print it and return 0. pem = os.getenv("CERTMONGER_CSR") # Make it easier to debug this tool, and troubleshoot using this tool, # by attempting to read the CSR from stdin if it isn't provided in the # environment. (The daemon always invokes us with the value set in the # environment and stdin connected to /dev/null.) if pem is None: pem = sys.stdin.read() payload = {} payload["user"] = user payload["secret"] = secret payload["encoding"] = "pem" payload["csr"] = pem response = requests.post(url=(server%"sign"), data=payload) if response is not None and response.ok and \ response.text is not None and response.text != "": # Succeeded! Send the PEM-formatted certificate to stdout and exit # with status 0 to indicate success. sys.stdout.write(response.text) sys.exit(0) else: # Rejected? Print the error message and exit with status 2 to # indicate that the CA rejected our request. if response != None: sys.stdout.write(response.text.replace("\n\n", "\n").strip()+"\n") sys.exit(2) if operation == "FETCH-ROOTS": if server.startswith("https:"): # Fetch the root certificate. The expected output format is kind of funky, # but since we don't have anything elaborate, we're not too upset about it. payload = {} payload["encoding"] = "pem" response = requests.get(url=(server%"ca"), params=payload) if response != None and response.ok and response.text != None and response.text != "": # Succeeded! Send a suggested nickname and the PEM-formatted # certificate to stdout and exit with status 0 to indicate # success. (If the CA starts sending us more than one # certificate, or switches to a different format, we'll have to # do some parsing, but for now this is enough.) sys.stdout.write("Anchor CA Root Certificate\n") sys.stdout.write(response.text) sys.exit(0) else: # Rejected? Print the error message and exit with status 2 to # indicate that the CA rejected our request, though that really # shouldn't happen. if response != None: sys.stdout.write(response.text.replace("\n\n", "\n").strip()+"\n") sys.exit(2) else: # We don't support fetching roots from non-authenticated sources, # so indicate that we don't support fetching them. sys.exit(6) # We don't support this operation, whatever it is, so signal that. sys.exit(6) main() certmonger-0.79.19/doc/helpers/local-cryptography.py0000644000175000017500000003425414511314133022046 0ustar gitgit00000000000000#!/usr/bin/python """ Sample certmonger helper, conforming to https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/helpers.txt which, rather than ferrying a signing request to a CA, signs things itself using python-cryptography, and produces its own certificates when asked for a list of root certificates. """ import datetime import fcntl import os import sys import uuid from cryptography import utils from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives import hashes def create_ca_key(statedir, filename, password): """ Creates a new private key for the CA, storing it in the specified file in the specified directory, protected by the specified password. Any key that was already there is overwritten. Returns the key. """ key = rsa.generate_private_key(public_exponent=0x10001, key_size=2048, backend=default_backend()) encryption_algorithm = serialization.BestAvailableEncryption(password) keystring = key.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=encryption_algorithm) kfile = open(os.path.join(statedir, filename), mode="wb") kfile.write(keystring) kfile.close() return key def load_ca_key(statedir, filename, password): """ Attempt to load the private key for the CA from the specified file in the specified directory, decrypting it with the specified password. If we fail to read it due to an IOError, assume it hasn't been created yet and call create_ca_key() to generate it. Returns the key. """ try: kfile = open(os.path.join(statedir, filename), mode="rb") keystring = kfile.read() kfile.close() key = serialization.load_pem_private_key(keystring, password, backend=default_backend()) except IOError: key = create_ca_key(statedir, filename, password) return key def save_ca_cert(statedir, certfile, cert): """ Saves a certificate in PEM form in the specified file in the specified directory. Returns nothing. """ cfile = open(os.path.join(statedir, certfile), mode="wb") cfile.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) cfile.close() def save_ca_serial(statedir, serialfile, serial): """ Saves a serial number in big endian binary form in the specified file in the specified directory. Returns nothing. """ sfile = open(os.path.join(statedir, serialfile), mode="wb") sfile.write(utils.int_to_bytes(serial)) sfile.close() def create_ca_cert(cakey, subject, serial): """ Creates a CA certificate for the specified private key with the specified subject and serial number. If the serial number is not specified, generate a UUID and treat it as a 128-bit serial number. If the subject name is not specified, generate a UUID and use it both as a serial number and to construct a subject name. The root certificate has a validity period of one year. Returns the new certificate and the serial number as an integer. """ if subject is None: certuuid = uuid.uuid4() certuuidstring = str(certuuid).encode('ascii').decode('ascii') subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Local Signing Authority"), x509.NameAttribute(NameOID.COMMON_NAME, certuuidstring)]) serial = utils.int_from_bytes(certuuid.bytes, 'big') if serial is None: certuuid = uuid.uuid4() certuuidstring = str(certuuid).encode('ascii').decode('ascii') serial = utils.int_from_bytes(certuuid.bytes, 'big') now = datetime.datetime.utcnow() certpubkey = cakey.public_key() certski = x509.SubjectKeyIdentifier.from_public_key(certpubkey) certaki = x509.AuthorityKeyIdentifier.from_issuer_public_key(certpubkey) certku = x509.KeyUsage(True, False, False, False, False, True, True, False, False) certbasic = x509.BasicConstraints(ca=True, path_length=None) builder = x509.CertificateBuilder() builder = builder.subject_name(subject) builder = builder.issuer_name(subject) builder = builder.serial_number(serial) builder = builder.not_valid_before(now) builder = builder.not_valid_after(now.replace(year=now.year+1)) builder = builder.public_key(certpubkey) builder = builder.add_extension(certski, False) builder = builder.add_extension(certaki, False) builder = builder.add_extension(certku, False) builder = builder.add_extension(certbasic, True) cert = builder.sign(cakey, hashes.SHA256(), default_backend()) return cert, serial def create_ca_cert_and_serial(statedir, cakey, certfile, serialfile): """ Creates a new CA certificate for the specified private key, saving them both to specified files in the specified directory. Returns the new certificate and the serial number as an integer. """ (cert, serial) = create_ca_cert(cakey, None, None) save_ca_cert(statedir, certfile, cert) save_ca_serial(statedir, serialfile, serial) return cert, serial def load_ca_cert_and_key_and_serial(statedir, keyfile, password, certfile, serialfile): """ Reads the private key, CA certificate, and last-used serial number from the specified directory and files. If the private key hasn't been created yet, creates it first. If the certificate hasn't been created yet, generate a new one and a new serial number. If the certificate has less than half a year left before it goes invalid, generate a new key, use it to generate a new root certificate, and save it as the first in a file of possibly more than one certificate. Returns the signing certificate, its private key, and the last-used serial number as an integer. """ cakey = load_ca_key(statedir, keyfile, password) try: cfile = open(os.path.join(statedir, certfile), mode="rb") oldcerts = cfile.read() cert = x509.load_pem_x509_certificate(oldcerts, backend=default_backend()) cfile.close() cfile = open(os.path.join(statedir, serialfile), mode="rb") serial = utils.int_from_bytes(cfile.read(), 'big') cfile.close() except IOError: (cert, serial) = create_ca_cert_and_serial(statedir, cakey, certfile, serialfile) return cert, cakey, serial now = datetime.datetime.utcnow() if now.month > 6: threshold = now.replace(year=now.year+1, month=now.month-6) else: threshold = now.replace(month=now.month+6) if cert.not_valid_after < threshold: # Running out of time -> generate a new key and cert, and save the # old cert(s) in the bundle. newkey = create_ca_key(statedir, keyfile+".new", password) newcert, newserial = create_ca_cert(newkey, cert.subject, serial + 1) save_ca_cert(statedir, certfile+".new", newcert) cfile = open(os.path.join(statedir, certfile+".new"), mode="ab") cfile.write(oldcerts) cfile.close() os.rename(os.path.join(statedir, keyfile+".new"), os.path.join(statedir, keyfile)) os.rename(os.path.join(statedir, certfile+".new"), os.path.join(statedir, certfile)) save_ca_serial(statedir, serialfile, newserial) return newcert, newkey, newserial else: return cert, cakey, serial def submit(statedir, password): """ The main handler for SUBMIT operations. Take the signing request and build a certificate using the requested subject name and public key. Add any requested extensions that we're not going to add on our own, then add the ones that we know values for. Sign the result with a not-valid-after date that matches that of the signing certificate. Outputs the new certificate in PEM form on stdout and returns 0 to indicate success. """ csr = x509.load_pem_x509_csr(os.environ[u"CERTMONGER_CSR"].encode('utf8'), backend=default_backend()) cacert, cakey, serial = load_ca_cert_and_key_and_serial(statedir, "ca.key", password, "ca.crt", "ca.srl") extensions = [] for ext in csr.extensions: if ext.oid != x509.ExtensionOID.BASIC_CONSTRAINTS: if ext.oid != x509.ExtensionOID.SUBJECT_KEY_IDENTIFIER: if ext.oid != x509.ExtensionOID.AUTHORITY_KEY_IDENTIFIER: extensions = extensions + [ext] builder = x509.CertificateBuilder(extensions=extensions) builder = builder.subject_name(csr.subject) builder = builder.issuer_name(cacert.subject) builder = builder.serial_number(serial + 1) now = datetime.datetime.utcnow() builder = builder.not_valid_before(now) builder = builder.not_valid_after(cacert.not_valid_after) pubkey = csr.public_key() builder = builder.public_key(pubkey) ski = x509.SubjectKeyIdentifier.from_public_key(pubkey) builder = builder.add_extension(ski, False) aki = x509.AuthorityKeyIdentifier.from_issuer_public_key(cacert.public_key()) builder = builder.add_extension(aki, False) basic = x509.BasicConstraints(ca=False, path_length=None) builder = builder.add_extension(basic, True) issued = builder.sign(cakey, hashes.SHA256(), default_backend()) issuedbytes = issued.public_bytes(encoding=serialization.Encoding.PEM) save_ca_serial(statedir, "ca.srl", serial + 1) sys.stdout.write(issuedbytes.decode('utf8')) return 0 def identify(): """ The main handler for IDENTIFY operations. Outputs version information and exit with status 0 to indicate success. """ sys.stdout.write("Local Signing Authority (local-cryptography.py 0.0)\n") return 0 def fetch_roots(statedir, password): """ The main handler for FETCH-ROOTS operations. After ensuring we have at least one signing certificate, we scan the file in which we store the roots and output the PEM-formatted certificates, one by one, preceded by suggested nicknames to be used when they're saved to NSS databases. We're loading them from local disk, so we assume that their values are authenticated. If we were retrieving them over a network, we'd have to make sure to read them over an authenticated channel in order to avoid potentially allowing a malicious party to inject their own certificate into the list of trusted certificates. Exit with status 0 to indicate success. """ load_ca_cert_and_key_and_serial(statedir, "ca.key", password, "ca.crt", "ca.srl") try: cfile = open(os.path.join(statedir, "ca.crt"), mode="rb") except OSError: return 0 certlines = cfile.readlines() cfile.close() certdata = bytes() which = 1 for certline in certlines: certdata = certdata + certline if certline.decode('utf8').startswith("-----END CERTIFICATE-----"): if len(certdata) > 0: try: cert = x509.load_pem_x509_certificate(certdata, backend=default_backend()) if which > 1: sys.stdout.write("Local Signing Authority #%d\n" % which) else: sys.stdout.write("Local Signing Authority\n") certbytes = cert.public_bytes(encoding=serialization.Encoding.PEM) sys.stdout.write(certbytes.decode('utf8')) which = which + 1 except IOError: pass certdata = bytes() return 0 def main(): """ Consult $CERTMONGER_OPERATION to figure out what we're being asked to do. If the variable isn't set, assume it was meant to be "SUBMIT". If we have "SUBMIT" as a value, try to read the signing request from the environment. If we fail to read one, try to read from stdin to make using this tool in a troubleshooting environment a little bit easier. We're hard-coded to store our data in /tmp, and encrypt private keys using a fixed password. If we don't know how to do what we're being asked, exit with status 6 to indicate that. """ # We're going to need our own key and CA certificate, so decide where we're # storing our state. statedir = "/tmp" # The cryptography module refuses to let us save the key without encrypting # it with a non-empty password, so hardwire a password. password = b"password" # Create a lock under the state directory, because we may be about to # rewrite some files. lockfile = open(os.path.join(statedir, "ca.lock"), mode="wb") fcntl.lockf(lockfile, fcntl.LOCK_EX) # Default to the "SUBMIT" operation if one isn't set, and if we're in # "SUBMIT" mode and didn't get a CSR, try to read one from stdin. This # isn't required by the daemon (it always sets the environment variable, # and connects our stdin to /dev/null), but it makes manual testing and # troubleshooting much, much easier. if os.getenv(u"CERTMONGER_OPERATION", "") == "": os.environ[u"CERTMONGER_OPERATION"] = u"SUBMIT" if os.getenv(u"CERTMONGER_OPERATION", u"SUBMIT") == u"SUBMIT": if os.getenv(u"CERTMONGER_CSR", "") == "": os.environ[u"CERTMONGER_CSR"] = sys.stdin.read() sys.stdin.close() # If the requested operation is one we support, do that. if os.getenv(u"CERTMONGER_OPERATION", "") == "IDENTIFY": sys.exit(identify()) if os.getenv(u"CERTMONGER_OPERATION", "") == "SUBMIT": sys.exit(submit(statedir, password)) if os.getenv(u"CERTMONGER_OPERATION", "") == "FETCH-ROOTS": sys.exit(fetch_roots(statedir, password)) # The requested operation is not something we support. sys.exit(6) main() certmonger-0.79.19/doc/helpers/proxy-submit.py0000644000175000017500000001211614511314133020676 0ustar gitgit00000000000000#!/usr/bin/python """ Basic certmonger helper, conforming to https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/helpers.txt that calls a helper program, either locally or on another machine, while optionally logging inputs and outputs. """ import json import os import subprocess import sys import syslog def remote(env, rsh, rcmd, log, priority): """ Utility function to use 'rsh' to run 'rcmd' remotely, with the values in the 'env' dictionary set in the environment. If 'log' is True, it will log the variables and stderr that it gets back at the specified 'priority'. Return the exit status and stdout contents. """ # Encode the variables into a JSON document to make it easier to pass their # values along. envdoc = json.dumps(env, separators=(',', ':')) if log: for key in env.keys(): syslog.syslog(priority, "remote-submit: ENV: environment variable: %s=%s" % (key, env[key])) # One-liner to decode a document, set variables, and then run the specified remote command. rargs = rcmd.split() script = "import json, os, sys; " + \ "e = json.loads(sys.stdin.read()); " + \ "[os.putenv(k,e[k]) for k in e]; " + \ "os.execvp('%s',%s)" % (rargs[0], repr(rargs[:])) # Run that one liner remotely, and pipe the JSON document to its stdin. # Whether we need to quote the one-liner or not depends on whether or not # we're passing the command to rsh/ssh or just running it directly. if len(rsh.split()) == 0: quote = "" else: quote = "\"" args = rsh.split() + ["python", "-c", quote+script+quote] sub = subprocess.Popen(args, shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) stdout, stderr = sub.communicate(envdoc.encode('utf-8')) while sub.returncode is None: sub.wait() # Send back whatever the remote end gave us on stdout, and relay the exit # status. The daemon called us with stdin and stderr connected to # /dev/null, so there's no need to bother with either of them. if log: syslog.syslog(priority, "remote-submit: OUT: result exit status: %d" % sub.returncode) if len(stdout) > 0: syslog.syslog(priority, "remote-submit: STDOUT: result data (%d bytes):\n%s" % (len(stdout), stdout.decode('utf-8'))) else: syslog.syslog(priority, "remote-submit: STDOUT: (no result data)") for line in stderr.decode('utf-8').split("\n"): if len(line) > 0: syslog.syslog(priority, "remote-submit: STDERR: %s" % line) return sub.returncode, stdout def get_certmonger_vars(): """ Returns a dictionary of the environment variables that tell the helper what's going on. By convention, the variables that are relevant to helpers all start with CERTMONGER_, and this will continue to be the case as new variables are added. """ env = {} for key in os.environ.keys(): if key.startswith("CERTMONGER_"): env[key] = os.environ[key] return env def main(): """ Wraps up the relevant environment variables in a JSON structure, uses a remote shell to run a python one-liner that sets those variables in its environment and then executes a specified binary, which we assume is a certmonger helper, and relays back the binary's exit status and output. A certmonger helper expects all of its input data to be in the environment, and communicates results using stdout and its exit status, so this is enough to run a helper remotely. Configuration is hard-coded. """ # Configuration. Note that the 'rsh' command is run as root by certmonger, # unattached to the context in which 'getcert' was run, so it can't prompt # for passwords or pass phrases. Set 'rsh' to "" to run the helper # locally. rsh = "ssh centralbox" rcmd = "/usr/libexec/certmonger/local-submit" log = True priority = syslog.LOG_INFO # Default to the "SUBMIT" operation if one isn't set, and if we're in # "SUBMIT" mode and didn't get a CSR, try to read one from stdin. This # isn't required by the daemon (it always sets the environment variable, # and connects our stdin to /dev/null), but it makes manual troubleshooting # much, much easier. env = get_certmonger_vars() if env.get("CERTMONGER_OPERATION") is None or env["CERTMONGER_OPERATION"] == "": env["CERTMONGER_OPERATION"] = "SUBMIT" if env["CERTMONGER_OPERATION"] == "SUBMIT": if env.get("CERTMONGER_CSR") is None or env["CERTMONGER_CSR"] == "": env["CERTMONGER_CSR"] = sys.stdin.read() sys.stdin.close() # Run the helper remotely, passing it the variables that we care about, and # relay its stdout and exit status. (code, stdout) = remote(env, rsh, rcmd, log, priority) sys.stdout.write(stdout.decode('utf-8')) sys.exit(code) main() certmonger-0.79.19/doc/ipa-submit.txt0000644000175000017500000000322114511314133017010 0ustar gitgit00000000000000The submission protocol is a set of XMLRPCs. All requests go to https://server/ipa/xml. The server's name is given in /etc/ipa/ipa.conf. The client authenticates using negotiate auth, presumably as a client of the server's realm, which is also named in /etc/ipa/ipa.conf. IPA expects all XMLRPCs to include unnamed arguments first, and then a dictionary (XMLRPC-jargon: "struct") of named arguments, some of which are optional (i.e., because the server defines a default value for them). Initial request method = "cert_request". The unnamed required parameter is the CSR in base64-encoded form, with all whitespace (including newlines) stripped. A required named parameter is 'principal', a string-form principal name for which this certificate will be provisioned. An optional named parameter is 'add', with default False, controlling whether or not an entry in the directory should be created for the principal if no such entry already exists. An optional named parameter is 'type', with default 'pkcs10', and other values undefined. It's possible that 'crmf' would be accepted, too, but we don't generate that (or not yet, anyway). Response is a struct with these members: status: 0 or 2 Response struct may also contain some of these members: subject: issued subject, as a string certificate: issued certificate, base64-encoded, no whitespace serial_number: "0x..." request_id: ??? And John was right: if you have any problems getting those creds for negotiate, xmlrpc-c will not return. Not current versions, anyway. And that includes not having [domain_realm] mappings set up right. - Based on ipalib/plugins/cert.py from ipa 2.0 branch on 2009111917 certmonger-0.79.19/doc/local-signer.txt0000644000175000017500000000277014511314133017325 0ustar gitgit00000000000000Local Signer: Design and Implementation Notes "One step forward from self-signed certificates." "Still basically a toy signer." During the run-up to 0.75, we added several entry points during which we call per-CA code. In addition to "ask the CA to sign this", we are: * called to self-identity * currenty called at daemon startup * called to produce a list of our root certificates * currenty called at daemon startup and at a midpoint between startup and the earliest NotValidAfter date for any known roots, iteratively * called to produce a list of profiles we support * currenty called at daemon startup * called to produce the name of the default profile * currenty called at daemon startup * called to produce a list of required first-time-enrollment attributes * currenty called at daemon startup * called to produce a list of required renewal attributes * currenty called at daemon startup The second one, when we're called to produce a list of our root certificates, seems to be a good time to actually bring up a local signer and, when it becomes necessary, add a new certificate for it. The general idea is: if we-don't-have-a-certificate or not-valid-after-time-is-soon: if we-don't-have-a-private-key-of-the-right-type: generate-a-private-key generate-ca-certificate-using-private-key output all certificates Since we don't pass the current set of certificates in to helpers, we either need to start doing that (ugh, the formatting) or implement it as an internal signer, like SelfSign. certmonger-0.79.19/doc/sbexample.txt0000644000175000017500000001107014511314133016717 0ustar gitgit00000000000000An example chain used for code signing in Secure Boot. The highlights: Signer: Basic Constraints (critical): is not a CA Authority Information Access: CA Issuers (URL) CRL Distribution Point: URL Authority Key Identifier Subject Key Identifier Subject Alt Name: DNS:MOPR Extended Key Usage: Code Signing, 1.3.6.1.4.1.311.10.3.6 (szOID_NT5_CRYPTO) Intermediate CA: Basic Constraints (critical): is a CA, no defined path length Authority Information Access: CA Issuers (URL) CRL Distribution Point: URL Authority Key Identifier Subject Key Identifier Key Usage: Digital Signature, Certificate Signing, CRL Signing 1.3.6.1.4.1.311.21.1 (szOID_CERTSRV_CA_VERSION): 02 01 00 = INTEGER:0 1.3.6.1.4.1.311.20.2: (szOID_ENROLL_CERTTYPE_EXTENSION): 1e 0a 00 53 00 75 00 62 00 43 00 41 = BMP String: (UTF16-BE) "SubCA" -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIKYQu72AAAAAAABTANBgkqhkiG9w0BAQsFADCBhDELMAkG A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEuMCwGA1UEAxMlTWljcm9z b2Z0IFdpbmRvd3MgUHJvZHVjdGlvbiBQQ0EgMjAxMTAeFw0xMjA0MDkyMDU1NTBa Fw0xMzA3MDkyMDU1NTBaMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y YXRpb24xGjAYBgNVBAMTEU1pY3Jvc29mdCBXaW5kb3dzMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA3Khet89xiozfG0nBujlbYVWuF4nKLqDvCYEaCw4s zMMcTNqoj2C3g39i1C607JNgyR7x1+8aMHjKR9kOP08dJCTZv22Bswp7qPoeMr1a OGkP70U/W7RJ3f2g124hOLn3IEsXl+iMWItRH0c94ku0v+HzCumo9hCWc4KURqN7 uQiguNxKJN0CL4OkGlZOg170h3G/q5YOJd1Fbi7woMtyAENvluQVIxW2ovm7l4vn 4Uppxa6F2+H/kI79SbpcTw6TD4zd/3LtE45Xqdv1YcY6/5JG5dU1dCyhZ/wGeTiN 8pMezmV2IgBkeNhw9nxDteYNvonj1jaIFnd01Pr0Tv/rKQIDAQABo4IBPTCCATkw HwYDVR0lBBgwFgYIKwYBBQUHAwMGCisGAQQBgjcKAwYwHQYDVR0OBBYEFJcyzVfG VHOWC/4D1SmhbYtpD+MEMA8GA1UdEQQIMAaCBE1PUFIwHwYDVR0jBBgwFoAUqSkC OY4WxJd4zZD5nk+a4XxVr1MwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL3d3dy5t aWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljV2luUHJvUENBMjAxMV8yMDExLTEw LTE5LmNybDBhBggrBgEFBQcBAQRVMFMwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cu bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljV2luUHJvUENBMjAxMV8yMDEx LTEwLTE5LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQDH800w 9sBFH7arq9zlIDA1wgt8dbFnhK2wqp7Y9kfALfTOjYJ3uONW4yhuTcDURBct6oO5 r5xhM8SR5TaAAk1rrA2YXW3+d2mIzLM3s1q7MqArUEE1FKV23JMrKkrirvljMAQe BASA47HL8GzWkQz3nq0+zTMqm7cVbC2ZduXfrItbWdguozpIJkcGY9+tWZ4TdGja e9MDckPgI4uWwfmeoSmfqomN2FT4EviDRpe3xZkdLhZW204vVti8IHfnu32IbU+2 kHxVXG1UCJckQ1rDNFsbbbtgUwC6g0ElFzlNzTtsgt9QE8b1f8seA5GbY0ad12Bv P7roJCZY8ZqxdLA8 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF1zCCA7+gAwIBAgIKYQd2VgAAAAAACDANBgkqhkiG9w0BAQsFADCBiDELMAkG A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9z b2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTExMDE5MTg0 MTQyWhcNMjYxMDE5MTg1MTQyWjCBhDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD b3Jwb3JhdGlvbjEuMCwGA1UEAxMlTWljcm9zb2Z0IFdpbmRvd3MgUHJvZHVjdGlv biBQQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN0Mu6Lk Lgnj58X3lmm8ACG9aTMz760Ey1SA7gaDu8UghNn30ovzOLCrpK0tfGJ5Bf/jSj8E NSBw48Tna+CcwDZ16Yox3Y1w5dw3tXRGlihbh2AjLL/cR6Vn91EnnnLrB6bJuR47 UzV85dPsJ7mHHP65ySMJb6hGkcFuljxB08ujP10Cak3saR8lKFw2//1DFQqU4Bm0 z9/CEuLCWyfuJ3gwi1sqCWsiiVNgFizAaB1TuuxJ851hjIVoCXNEXX2iVCvdefcV zzVdbBwrXM68nCOLb261Jtk2E8NP1ieuuTI7QZIs4cfNd+iqVE73XAsEh2W0Qxio suBtGXfsWiT6SAMCAwEAAaOCAUMwggE/MBAGCSsGAQQBgjcVAQQDAgEAMB0GA1Ud DgQWBBSpKQI5jhbEl3jNkPmeT5rhfFWvUzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAFPx8cVGlecJusu85Prw8Ug9uKz8Q E3P+qGjQSKY0TYqWBSbuMUaQYXnW/zguRWv0wOUouNodj4rbCdcax0wKNmZqjOwb 1wSQqBgXpJu54kAyNnbEwVrGv+QEwOoW06zDaO9irN1UbFAwWKbrfP6Up06O9Ox8 hnNXwlIhczRa86OKVsgE2gcJ7fiL4870fo6u8PYLigj7P8kdcn9TuOu+Y+DjPTFl sIHl8qzNFqSfPaixm8JC0JCEX1Qd/4nquh1HkG+wc05Bn0CfX+WhKrIRkXOKISjw zt5zOV8+q1xg7N8DEKjTCen09paFtn9RiGZHGY2isBI9gSpoBXe7kUxie7bBB8e6 eoc0Aw5LYnqZ6cr8zko3yS2kV3wc/j3cuA9a+tbEswKFAjrqs9lu5GkhN96B0fZ1 GQVn05NXXikbOcjuLeHN5EVzW9DSznqrFhmCRljQXp2Bs2evbDXyvOU/JOI1ogp1 BvYYVpnUeCzRBRvr0IgBnaoQ8QXfun4sY7cGmyMhxPl4bOJYFwY2K5ESA8yk2fIt uvmUnUDtGEXxzopcaz6rA9NwGCoKauBfR9HVYwoy8q/XNh8qcFrlQlkIcUtXun6D gfAhPPQcwcW5kJMOiEWThumxIJm+mMvFlaRdYtagYwggvXUQd30980W5n5efy1eA bzOpBM93pGIcWX4= -----END CERTIFICATE----- certmonger-0.79.19/doc/scep.odp0000644000175000017500000004376714511314133015656 0ustar gitgit00000000000000PKbF3&//mimetypeapplication/vnd.oasis.opendocument.presentationPKbFkWThumbnails/thumbnail.pngPNG  IHDR3MT\PLTE ###+++444;;;CCCKKKSSS[[[ccckkkrrr{{{  $$++0044;; $$++44::==@@BBKKPPSS[[``ccaakkpprrzzDDKKSS[[aaffllss{{もŐǓɜ̓劊捍蒒蜜ꠠϤѫհ״ٻݤ쫫uIDATxoȷ;4 AIEqTաñݱQS)*Pش^PqE;BӾ ?a(6t:@t:`\&ijKpXJB.ui\4 U-e{had%hX9(;;/Jhd-CPJA}Gkmy ayp$â}PP?1>`?(Eڰ/h19(̦ayվP8zVklGs' r(< t:_ Q hQx'( W|~{xJQ VcG,77mw1|^szkҷ Z!u 5h1,5 F `PS*6%N"^q*!# '#ǬSDIҔMb"&ME xÀ6t-ZN$Q{( sQ0ZJAs"Qu:)pw X8Gcn bny1_y\t:h%qh+Ӛ/7 )x2]PpkeU9&\Sx$ H|\:xa'"=цZ6C ]dWnAphNu= 4"}z[ ew'(`ay,ĵǗan[@xwSHұ GiJqoDZp"(8F|klQ3># פ`0xh}BXpenăTBQG;u`5ޏ̚=yG'__E, H-#i,@7x#u rةpsP[ ," <1N!KhhxBQ,Cn>,@KL [H4}Qǽ-1,w! GHX4p8:Poy5cÍl]X0@D:oy^IB@8i8W|'A M:Cd<͡(E|PnPw=t'd|6 P~ID s6cSW0 :t[ȝs 7Դҩs$1vLQ{E4>oMb6߸Ŀ[4qCaV/EzC7Vw@1(!Q#(Wg~#W JepΧQCx谡#FW*GSEdXU"jTQm 5<^+?"SƝ&GW[mkTPLr0ɔ!Gx` 6 &&i̗L3TL&0$c+[)hZ(;穎*o v$l`)C٢b@ɪ(-WlwBa UgLê'XWVA٪ӹڝc6NF5&C [؟ ,8Q3`tet_]+li:pE=Zv @uZL M}*`j(R'N^uxX(Ou7B X<:il,7, 撹VWuRy:~qmWUb8ldiR`gPBr ]-ӺjB0Uq# FP^*U1u4mIGm. t: g˯O~f/.6"=u,6'wf _@zAdB a <q#5 :8$`Gubu6"sdLGFK Z &x#I*cP(^ S $%B;4kڙ\$J!$K8-!P@-Z-4"Ük?xQ;|E3nߴ DBQ ހ:Fͻ(Fxo&y'[(sD *x"#1C(@\A27HJi>MGuoS:6DChRW4Sk<I$j/ Mv-΢ްY/<x9hD#q<.J%-n Uep/NBh6ucaO y}^Ĉ7"ҪR -*&&m}"HG[Aڴ(MRK<Ж ZrS5 Ĥ'@ :# @NҶWJD^`-ōa#DsuJ|1niZgA֣a>yśZB7hUG5Z \D2Bk#ZXJulM ?C#>J=ӶV{D/A<\󡮨Du}SoD#~ń[9e J-M[409ZZ aZfũ+0F1-BZRK HA4w6=*iQmlbU_%v vjQhM,S-^ xZ+_ %n:^_T]@t/lWXh8/՟R)[J'Ė`T|4fKہVe%ɦL0RSild3U6yW& @۱?PWVCL%($b-[U6T0<oo,s6hhDuF-Rr+eF{7c T P ^qk]2@k*T 㟦R=,*J8[|C۰+ECl^9j0eȸNCh%++2΂sO@ t:@h(e~Z~F Yg@2P`6[iTX6TIm/gܜel|Iiː@nf .Ip{)7>*{9y߻g}? ݜ7l'rrA2Y8 ȍ8ECNEN?$nZ@! [-2 l$=Y@`'7iS2+o.7;t׿2 7t5&ѧe S}LA.)=Lhsl2 %czwŔy==#B/y ݂ܒ4'ոX&ꝢgO)L@hsm`pQɲ̞\y˰i9SO%Cؼ4HU;W)_Pbdf7Ԝ_~J |\6s`Z\|y17@[H046Xwo-(&d6倽)˔15K.]Q6}NWg3ŸKfa^|ˁ= d)}ājl\)  q4|gsH-i&-2LYe>-e6 ݧqPo8ag˷ T, O%Sd2ھEO{WsR,J.ns@UO.Ţ78y3X7xk䰆 u@:v:Ż3dwn9j60C|L'sVry[Tcw؀eͤ.=|?M]B2p \ptw:~K>g- Ͻ 6R]dF獖nYb;mdt oI 7Fo~O2zվ@t:@t:@t:@t:@t:@onp€IENDB`PKbFmeta.xmlM0lCTU=m?M"x[m쿯1nZEyޙ3#Sx/Li.ETV\ԅ})H].9eo0A Th< WKƂLcCX$xMcWh95\*1`pCj,.=s]GU4@! ;:Ȯ-ui%5k:lzM p#7`:/nyskő l;[\ޚfd߸UU5׆b=vp6/ί`x_.[6PLňB>x*5ifYVF0` F[om0I\*tDLU(% L,*6c,ꕫY~Eg=^/e6L_|=5LW]pBw\4'o;%2jwzTA<oqs0j&Aقk7PK pPKbFConfigurations2/floater/PKbFConfigurations2/menubar/PKbFConfigurations2/toolbar/PKbFConfigurations2/progressbar/PKbFConfigurations2/statusbar/PKbF'Configurations2/accelerator/current.xmlPKPKbFConfigurations2/toolpanel/PKbFConfigurations2/popupmenu/PKbFConfigurations2/images/Bitmaps/PKbF styles.xml]KWo҃u9I*U;+;> % IfC%@!R]e@7^Q14] WoSO/ȅv7 S5I|H0y&0HP&#J2?aΈ)|MV`ѾgF,bm[LKܶkK8@xQQYi0o[mki8^ qƬ4gM3*CΒcA,`ЀF5aBHT/5$)˪vj`v ng*^U,Ot]3)dyӫ8h-@(j-&csVi>c[6ocX"w]98cB[KMhk51V8e{Kz1sNdRA=c W}ApRX SfZUaDm`cJO_"^KoBF0FCy||D'PXElc5HT vj%V ?ǴL+"Y?FT>UɊ.T=ZG7eQgp eDl%3QD8q?TF)!{0 $J]bzʸgaĈm{>0i%s=irي7Jxif%[$'q玦 KoI x"6 ڋ D-* N}\gundo9G?GE#SY:N֗'\ם\yxLU 5rAV#8E#'i@E1q gr|?/%sv)G|b1 ]"`$ EĜ:h16 Dt?ˉE qME ݃MvQc5].V(#}^?9XdB@QBǸ^Uv@ު 4Su֑ vg>W"`d d\jW%MVjXBQYb6͎\\ Fݢmbd2ڪVvyi<d3+3ٻ流@Ƶ8q|8ߌgtʹ4g7B*Kcwn[`Xsk>lwa\{~4Dz]U}s5>JMSg}gO֟&\`b4 DM'wc*  Z&.`#'/*BOFi9$Q曥=zl}ӄҋO*Pqk8Fqw|% * ێHإF{Z׻$*Y55C՛vn4˙aw!kO ?;6QY#:/*=m#yXt׋S_w4מI'%*"5n:kY%f}LujL:{ ]6_z(]]3 ;ƨvQK X~Jp0=,5ejF).|yCؐ6$ BCؐ6$ `EhH'5oa=lپ=6f{l6Bf[zۢ6i,+@OPomqIm:= UK߀lA#kI]C웟4IQg*SRCre'x1MG;3 tXq:>xD+e#݅5yَ ]Uzk˸Xp&WC| ^~eLtb.ԷrM뉿#av=w;fL.Zaͻ94՜j^-a=>. յX)ww|OJJG@?}Oɣ]­Y`ӮƨJa ʤ{csNiAtmnF8ŏl۽7z?(JMT٘9bۚߟ;uL^&U=Ep4mC[֤#AvygC ;d6m sirH;S5~*L}jư4g:/ qfcim{= N|4sfT)kfLY,Q󌋋,Wi߁Ox$o #^WK>PK+PAPKbF content.xml]n:ߧ`sdM1IoO' ,X4h9DH\\<}iyHV?/W};BNՕpOje-%=+|m'"Q@WwyO3]!lN'a߲&I{khhu...,U)lgrayJʱ-QLXvJe}*IUP6RUH0aDp05Su%0#U3%\4STzNOd~ϭ;(TUW e P +SKs3U^JѱsғⓈI6 q/ :Ht&-"BTZ8Niuw{oOfl!I0CF̫< [b$`MeNPѐG2 z^F#{. KSa8KEA 9ftKVŜa*Wǂ:GdLua[] } iİxZB~%GjbtuNYex!VZ3 !H2*B1 0 B0)(*?S[Gq9 ]Keܩ) ZW9RmF8kF*?eplu~ȺnHjp]]ǔ$]uaKb$N-1Q'X:݀ /?_yń9bوH&.,u@i*k!ZÜi={[JS͌ n=폷Ԟc]ikjvZvuq~;=h{͛+yڧŻ.%$ 00džE@Ҏoz[>EcύR'd/u /BQ}ԋ֨E GٓRq(s@Jٜrۉ8|b:JRrExߔ#ÑXpNF]ӤC.ܽ`ň8e)] MJKbGH Qy77,2"=1zBҢ9W(MpΣOƜTYy%"j3Ǩdx-Hfcf5݂{{.*.y Bb`NzIɯJ&{*5 e2WeYy?\ooU.%p?Xw˵uuP4K:>G] Veg\x^Rn5xrR}HgUHu}=_4ֳv^5zOuhz3zIiBق.u/&^dc5@Ic>o by/It?hLQ(]w U8@JPQ qf ~봻o;4_};m D9d8o 7=.-FdGJ^>/L^2j8#9;ɉ%IC]fH?fȔ׷Vb|D'%.Ct-uZ2YݓvBpb 8"7RGl·*„GѨu2F?L<1p;`u(5 fmJ5:1*鶮T`qS44mRKGwWTG-> p=2WCFdf56P7xUu4f ٘ t7f?bgNﰰsҖeO`%Auj둡RS="G|„G1TH a~X^"1ar'-Q=ns^ʚy^zS_ C;+s!t\l󠖠xswKuܲm墩)G¼Ea! }|Ǩ>@hegu,GN=iU^iY{Yz`'!Ie(.vĽɘsaM8³#u#uIW׈ig**jc>~+%W9ڡ%芈Ïtj7u@A+sd6Ү8DqbQ"2r(-۠h9LRHiM5 w.rѮԖlԠQ#7?„Sg ;4`7@pTsDG0+2' 48MT FvKOJ^tT.eTRUT%Zk~ R:yo#RyӢ5OzZ} QsrR'5w0ʯjIDTFqSI 1ҭd%;1{Cu 1Ed4%mX#l/ƂR7ԛ<ςHQm \TC.ck<:loW\#2֏BoCQ VLu#+ZiIAdNs"C73cY!!>|O?z~~\QTaeac}D%n} ^WH3@RBp| !DQ C|_%q}Y{ 뼴r?~?׷o|"jaB@!>K yA7>T0rrj( x@R!}pP'S(F 1LJ=wɽ Q[<_rd7~ͥkk>oj!nә"<ƐsGA}8j;89P)TY@<ӣC#8ڣbL $~Yh(g[zc@ g V'nNTg9q k o,XB_]B_Oc "0lÂƉ8elBrc|vPW|n h&b*:.So$%Q\)ՙ{㹶ޥ/zOT6WD+]ǔT2}-1&~=enaS#9=0فe$]"ޣ%s) _b/|MXosQeo.[pO 24F}O8?SwŜ@Bĺ T& b+`-Brd0'ʆZePY#bHN-_Bhb;6z51] P8g)P-9f](^CsǍ`sQt/稃=^Y!G)$mԊ"6 n"7T+~%e%XDk=д=Mn)'um2ߎȩ5g` c3i*_MTk(AC[x#QZ9Ω&nX߂<>DPP(Uo`BmY#`AHg^ޣߵv8{Oo3ޒگ1Uh,T'nЫ7q\N/L^D.x+;Ta_q I5fn#q%<ƊmFyp%F0 :Ґ:ߤI--- HCuuui;XHr;m_k t,1aToO6` eywA oFũ3tI,6,D2x&  _W+ytL-;WQ3ˆȾ!$={&mo"5PKJ$PKbFMETA-INF/manifest.xmlSn +" %aҾF S?m)S턍{ٟNزg*@;Co 6ShzH$AU0ҖҫdD II~I lnSzc.rG:(:L,ܯtFt 25ZQv|2>y9aXpI5/ƩX_/\`%8˫H_=fqzu 5X(B,kMJG < ],_qD?w &>jt PK>5@PKbF3&//mimetypePKbFkWUThumbnails/thumbnail.pngPKbF p,meta.xmlPKbFEConfigurations2/floater/PKbF{Configurations2/menubar/PKbFConfigurations2/toolbar/PKbFConfigurations2/progressbar/PKbF!Configurations2/statusbar/PKbF'YConfigurations2/accelerator/current.xmlPKbFConfigurations2/toolpanel/PKbFConfigurations2/popupmenu/PKbF Configurations2/images/Bitmaps/PKbF+PA ]styles.xmlPKbFa +content.xmlPKbFJ$ <settings.xmlPKbF>5@SBMETA-INF/manifest.xmlPK6Ccertmonger-0.79.19/doc/scep.txt0000644000175000017500000000346214511314133015677 0ustar gitgit00000000000000The addition of SCEP support brings with it a couple of new command-line options which are useful for SCEP. Non-SCEP use cases are not affected. Unlike IPA, certmaster, the local signer, or self-signing, there's no concept of a "default" SCEP server for the system, so certmonger doesn't provide a pre-canned configuration which attempts to use a default server. In order to be able to use certmonger with an SCEP server, then, a CA configuration needs to be added. While previously this could only be done either through the D-Bus API or by manually editing certmonger's data files, the "getcert" command now also provides both an "add-ca" command for the general case, and an "add-scep-ca" command, which "knows" both the location of certmonger's bundled SCEP helper and the options it recognizes, for the specific case. The results are the same regardless of which command is used. The general option looks like this: getcert add-ca -c exampleSCEPca -e \ "/usr/libexec/certmonger/scep-submit -u http://ca.example.com/cgi-bin/pkiclient.exe" The more specific option looks like this: getcert add-scep-ca -c exampleSCEPca -u http://ca.example.com/cgi-bin/pkiclient.exe If the URL of the server is an HTTPS URL, the -R option should be used to specify the location of the CA certificate, so that the server's HTTPS certificate can be verified. Once that's done, the CA will be listed by "getcert list-cas", and can be used to request a certificate, as per usual: getcert request -c exampleSCEPca -f /etc/pki/certfile -k /etc/pki/keyfile SCEP servers often expect an enrollment challenge password to be present in the enrollment request. The "getcert request" command now recognizes the -L and -l options for specifying such a value, or the name of a file that contains such a value, to include in the client's request. certmonger-0.79.19/doc/selinux.txt0000644000175000017500000001057214511314133016434 0ustar gitgit00000000000000I'm running SELinux. What is certmonger allowed to access? If your copy of certmonger runs confined, you can read the label which the configuration states should be applied to its binary file with: # matchpathcon /usr/sbin/certmonger /usr/sbin/certmonger system_u:object_r:certmonger_exec_t:s0 Meanwhile, you can read the label which is currently applied to its binary file with: # ls --context /usr/sbin/certmonger system_u:object_r:certmonger_exec_t:s0 /usr/sbin/certmonger If the results differ, use "restorecon" to reset the label of the file to value that your configuration says it should have: # restorecon /usr/sbin/certmonger The domain in which the certmonger process runs, like most daemon processes, will often be decided by a transition rule which is specified for the combination of the domain of the process that starts it and the label of the binary file. You can query which domain certmonger be run in, when the binary is started by the init system (which usually runs as "init_t"), with: # sesearch -T -t certmonger_exec_t Found 2 semantic te rules: type_transition init_t certmonger_exec_t : process certmonger_t; type_transition initrc_t certmonger_exec_t : process certmonger_t; If there weren't rules for the combination, the daemon would simply run as the same domain as the process which started it. That's not the case here, though, because an SELinux policy has already been defined for certmonger. SELinux policy is often specified using the names of types, but permissions in the policy can also be expressed in terms of "attributes" which are applied to multiple types. A policy rule that which refers to an attribute applies to all types to which that attribute applies. You can query which types and attributes of directories a process running as "certmonger_t" will be allowed to create files in, and what sorts of files it will be able to create and write to: # sesearch --allow -s certmonger_t -c dir -p add_name allow certmonger_t cert_type : dir { ioctl read write getattr lock add_name remove_name search open } ; allow certmonger_t certmonger_var_lib_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; allow certmonger_t certmonger_var_run_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; ... # sesearch --allow -s certmonger_t -c file -p create,write allow certmonger_t cert_type : file { ioctl read write create getattr setattr lock append unlink link rename open } ; allow certmonger_t certmonger_t : file { ioctl read write getattr lock append open } ; allow certmonger_t certmonger_var_lib_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; allow certmonger_t certmonger_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; ... By convention, type names in policy end with "_t", but attribute names don't. Attribute names can be resolved to the list of types to which they're applied by running: # seinfo -x --attribute=cert_type cert_type pki_tomcat_cert_t dovecot_cert_t home_cert_t cert_t slapd_cert_t Each of those types, in turn, will be applied to one or more files or directories by default when packages are installed, when the system was installed, or when the "restorecon" command is used to relabel files and directories. To obtain a list of which path patterns are configured to receive a particular type, you can use a command like this one: # semanage fcontext -l | grep :cert_t: /etc/pki(/.*)? all files system_u:object_r:cert_t:s0 /etc/ssl(/.*)? all files system_u:object_r:cert_t:s0 /usr/share/ca-certificates(/.*)? all files system_u:object_r:cert_t:s0 /usr/share/pki/ca-certificates(/.*)? all files system_u:object_r:cert_t:s0 /usr/share/pki/ca-trust-source(/.*)? all files system_u:object_r:cert_t:s0 /usr/share/ssl/certs(/.*)? all files system_u:object_r:cert_t:s0 /usr/share/ssl/private(/.*)? all files system_u:object_r:cert_t:s0 /var/named/chroot/etc/pki(/.*)? all files system_u:object_r:cert_t:s0 In enforcing mode, locations which fit these patterns are the locations which the certmonger daemon will be allowed to read and write. certmonger-0.79.19/doc/submit.txt0000644000175000017500000002011214511314133016237 0ustar gitgit00000000000000The CA submission internal API uses child processes to do the heavy lifting. Self-signing is handled internally, but interaction with most CAs is done through external helpers. This document covers how things look from the daemon's point of view. See helpers.txt for a version that attempts to describe the same information from the point of view of a helper. An external CA helper has a few jobs: * Invoked either with "SUBMIT" or "POLL" as the value of the $CERTMONGER_OPERATION environment variable, with command-line arguments as specified in certmaster's configuration. Some of the data from the request is also provided in the environment. * $CERTMONGER_REQ_SUBJECT -> requested subject name * $CERTMONGER_REQ_EMAIL -> email address subjectAltName values * $CERTMONGER_REQ_HOSTNAME -> DNS name subjectAltName values * $CERTMONGER_REQ_PRINCIPAL -> Kerberos principal name subjectAltName values * $CERTMONGER_REQ_IP_ADDRESS-> IP address subjectAltName values (since 0.78) * $CERTMONGER_CA_PROFILE -> requested enrollment profile/template/certtype * $CERTMONGER_CA_ISSUER -> requested issuer for enrollment (since 0.79) * $CERTMONGER_CSR -> certificate signing request * $CERTMONGER_CERTIFICATE -> previously-issued certificate, if there is one * $CERTMONGER_CA_NICKNAME -> nickname of CA (since 0.73) * $CERTMONGER_SPKAC -> signing request as an SPKAC (since 0.73) * $CERTMONGER_SPKI -> request's SubjectPublicKeyInfo (since 0.73) * $CERTMONGER_KEY_TYPE -> client's public key type (since 0.73) * $CERTMONGER_SCEP_CA_IDENTIFIER -> name of an SCEP CA to use when requesting capabilities (since 0.77) * $CERTMONGER_PKCSREQ -> an SCEP PKCSReq pkiMessage (since 0.77) * $CERTMONGER_PKCSREQ_REKEY -> if set, an SCEP PKCSReq pkiMessage, when rekeying (since 0.77) * $CERTMONGER_GETCERTINITIAL-> an SCEP GetCertInitial pkiMessage (since 0.77) * $CERTMONGER_GETCERTINITIAL_REKEY -> if set, an SCEP GetCertInitial pkiMessage, when rekeying (since 0.77) * $CERTMONGER_SCEP_RA_CERTIFICATE -> the SCEP server's RA cert, used in building the SCEP requests (since 0.77) * $CERTMONGER_SCEP_CA_CERTIFICATE -> if set, the SCEP server's CA cert, if the RA cert isn't self-signed (0.77) * $CERTMONGER_SCEP_CERTIFICATES -> if set, the other certificates provided by the SCEP server (0.77) * If in "submit" mode, $CERTMONGER_CSR has as its value a PEM-formatted CSR. * Submit request to CA. * Issued -> output certificate on stdout, exit with status 0. * Wait a bit -> output CA cookie value on stdout, exit with status 1. * Rejected -> output error message on stdout, exit with status 2. * Connect error -> output error message on stdout, exit with status 3. * Underconfigured-> output error message on stdout, exit with status 4. * Wait a bit more-> output recommended delay (seconds) and CA cookie value on stdout, separated by newline, and exit with status 5. * Need SCEP data -> exit with status 16 (since 0.77). * Need to rekey -> exit with status 17 (since 0.78). * If in "poll" mode, $CERTMONGER_CA_COOKIE has as its value a CA cookie value in addition to the PEM-formatted CSR in $CERTMONGER_CSR. * Poll CA for result of previously-started enrollment operation. * Issued -> output certificate on stdout, exit with status 0. * Wait some more -> output CA cookie value on stdout, exit with status 1. * Rejected -> output error message on stdout, exit with status 2. * Connect error -> output error message on stdout, exit with status 3. * Underconfigured-> output error message on stdout, exit with status 4. * Wait some more -> output recommended delay (seconds) and CA cookie value on stdout, separated by newline, and exit with status 5. * Need SCEP data -> exit with status 16 (since 0.77). * Need to rekey -> exit with status 17 (since 0.78). * Invoked with "IDENTIFY" as the value of the $CERTMONGER_OPERATION environment variable: * Output suggested ID for CA, exit with status 0. * Connect error -> exit with status 3. * Invoked with "FETCH-ROOTS" as the value of the $CERTMONGER_OPERATION environment variable: * Output suggested nickname for root certificate when stored in an NSS database (a.k.a FriendlyName), root certificate in PEM format, blank line, set of other trusted roots with nicknames (no separators between them, nicknames first to match the presentation of the root), another blank line, set of "other" known (chain) certificates with nicknames (no separators between them, nicknames first to match the presentation of the root), exit with status 0. * Connect error: exit with status 3. * Poll for this at startup and before any of them become invalid. * Invoked with "GET-NEW-REQUEST-REQUIREMENTS" as the value of the $CERTMONGER_OPERATION environment variable: * Output list of environment variable names which are expected to have non-empty values when the helper is run in SUBMIT or POLL mode, without $s, separated by newlines, exit with status 0. * Connect error: exit with status 3. * Polled at startup. * Invoked with "GET-RENEW-REQUEST-REQUIREMENTS" as the value of the $CERTMONGER_OPERATION environment variable: * Output list of environment variable names which are expected to have non-empty values when the helper is run in SUBMIT or POLL mode, without $s, separated by newlines, exit with status 0. * Connect error: exit with status 3. * Polled at startup. * Invoked with "GET-SUPPORTED-TEMPLATES" as the value of the $CERTMONGER_OPERATION environment variable: * Output list of templates/profiles/certtypes which the server claims to be able to issue, exit with status 0. * Connect error: exit with status 3. * Polled at startup. * Invoked with "GET-DEFAULT-TEMPLATE" as the value of the $CERTMONGER_OPERATION environment variable: * Output a single template/profile/certtype which the server claims to be able to issue, which we'll assign to new requests if there's no value to be recovered from an already-issued certificate and none is specified on the command line, exit with status 0. * Connect error: exit with status 3. * Polled at startup. * Invoked with "FETCH-SCEP-CA-CAPS" as the value of the $CERTMONGER_OPERATION environment variable: * If the helper uses SCEP, connect to the server, issue a GetCACaps request, and output the results. * Connect error: exit with status 3. * Polled at startup. * Invoked with "FETCH-SCEP-CA-CERTS" as the value of the $CERTMONGER_OPERATION environment variable: * If the helper uses SCEP, connect to the server, issue GetCACert and GetCAChain requests, and output the results. * Connect error: exit with status 3. * Polled at startup. * Other operations will be defined later. * Operation not supported by this helper -> exit with status 6. Operations to be added (tentative): * Caching CRLs and delta CRLs. When a certificate is issued, it can be output as a PEM-formatted X.509 certificate, a PEM-formatted "certificates only" PKCS#7 signed-data item, a PEM-formatted PKCS#7 enveloped-data with encapsulated content identified as type "data", containing either an X.509 certificate or PKCS#7 signed-data item in binary form, or any of the previous in binary form. When PEM formatting is used, multiple PEM-formatted items can be output if needed. For testing purposes, a helper can be added by creating a file in the CAs directory (usually /var/lib/certmonger/cas) with these contents: id=Test ca_type=EXTERNAL ca_is_default=0 ca_external_helper=/usr/libexec/certmonger/test-submit-helper Equivalently, this can be accomplished by running: getcert add-ca -c Test -e /usr/libexec/certmonger/test-submit-helper Passing the "-c Test" flag to the "getcert request" command will then use the helper to attempt enrollment. This, with some built-in defaults that provide the same result when no existing CAs file defines a CA named "IPA", is how the daemon knows about IPA. The ipa-getcert client, meanwhile, just assumes that clients want to use the CA nicknamed "IPA". certmonger-0.79.19/make-srpm.sh0000755000175000017500000000212314511314133015663 0ustar gitgit00000000000000#!/bin/bash # # Set $FORCE_VERSION to force the version. # Set $FORCE_RELEASE to force the release. # tmpdir=`mktemp -d` if test -z "$tmpdir" ; then echo Need mktemp. exit 1 fi trap 'rm -fr "$tmpdir"' EXIT CHECKOUTDIR=$PWD pushd "$tmpdir" > /dev/null git clone -q "$CHECKOUTDIR" cm cd cm qs() { rpm -q --define 'debug_package 0' --specfile "$tmpdir"/cm/certmonger.spec "$@" } VERSION=${FORCE_VERSION:-`qs --qf '%{version}'`} RELEASE=${FORCE_RELEASE:-`qs --qf '%{release}'`} sed -e "s|^Version:.*|Version: $VERSION|g" \ -e "s|^Release:.*|Release: $RELEASE|g" \ "$tmpdir"/cm/certmonger.spec > "$tmpdir"/certmonger.spec autoreconf -i -f && \ configure_dist_target_only=true \ ./configure --disable-maintainer-mode --disable-systemd --disable-sysvinit \ --without-idn --without-openssl --without-gmp \ --disable-ec --disable-dsa \ "$@" && \ make dist VERSION="$VERSION" PACKAGE_VERSION="$VERSION" && \ rpmbuild --define "_topdir $tmpdir"/cm \ --define "_srcrpmdir $tmpdir"/cm \ --define "_sourcedir $tmpdir"/cm \ -bs "$tmpdir"/certmonger.spec && \ cp -v *.src.rpm $CHECKOUTDIR popd > /dev/null certmonger-0.79.19/po/0000755000175000017500000000000014511314133014050 5ustar gitgit00000000000000certmonger-0.79.19/po/Makevars0000644000175000017500000000344514511314133015552 0ustar gitgit00000000000000# Makefile variables for PO directory in any package using GNU gettext. # Usually the message domain is the same as the package name. DOMAIN = $(PACKAGE) # These two variables depend on the location of this directory. subdir = po top_builddir = .. # These options get passed to xgettext. XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ # This is the copyright holder that gets inserted into the header of the # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding # package. (Note that the msgstr strings, extracted from the package's # sources, belong to the copyright holder of the package.) Translators are # expected to transfer the copyright for their translations to this person # or entity, or to disclaim their copyright. The empty string stands for # the public domain; in this case the translators are expected to disclaim # their copyright. COPYRIGHT_HOLDER = Red Hat, Inc. # This is the email address or URL to which the translators shall report # bugs in the untranslated strings: # - Strings which are not entire sentences, see the maintainer guidelines # in the GNU gettext documentation, section 'Preparing Strings'. # - Strings which use unclear terms or require additional context to be # understood. # - Strings which make invalid assumptions about notation of date, time or # money. # - Pluralisation problems. # - Incorrect English spelling. # - Incorrect formatting. # It can be your email address, or a mailing list address where translators # can write to without being subscribed, or the URL of a web page through # which the translators can contact you. MSGID_BUGS_ADDRESS = certmonger-devel@lists.fedorahosted.org # This is the list of locale categories, beyond LC_MESSAGES, for which the # message catalogs shall be used. It is usually empty. EXTRA_LOCALE_CATEGORIES = certmonger-0.79.19/po/POTFILES.in0000644000175000017500000000030614511314133015624 0ustar gitgit00000000000000# List of source files which contain translatable strings. src/casave.c src/certmaster.c src/dogtag.c src/getcert.c src/ipa.c src/local.c src/main.c src/pkcs7.c src/scep.c src/tdbush.c src/tdbusm.c certmonger-0.79.19/po/bg.po0000644000175000017500000020146714511314133015012 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Boris Yakimov , 2012 # Valentin Laskov , 2011-2013 # Valentin Laskov , 2015. #zanata msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-04-14 04:13-0400\n" "Last-Translator: Valentin Laskov \n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/certmonger/" "language/bg/)\n" "Language: bg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Недостиг на памет.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Не може да се определи името на CA хоста.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Не може да се прочете заявката за подписване.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Не може да се прочете заявката за подписване.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Грешка при подготовка за XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Грешка при анализ отговора от сървъра.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Сървърна грешка.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, fuzzy, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Няма зададен agent URL (-A), а няма и такъв по подразбиране.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Поискано е обновяване, но не е зададен сериен номер.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Няма зададен end-entity URL (-E), а няма и такъв по подразбиране.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Няма зададен agent URL (-A), а няма и такъв по подразбиране.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Няма зададен profile/template (-T), а няма и такъв по подразбиране.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Грешка при изключването на NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Вътрешна грешка: непознато състояние.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Грешка %d при свързване към %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Грешка %d при свързване към %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Вътрешна грешка: няма отговор до \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Пътят \"%s\" не е абсолютен, вместо него, пробвам \"%s\".\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Пътят \"%s\" не е абсолютен и се получи грешка при определяне името на " "текущата директория.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Пътят \"%s\" не е директория.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Път \"%s\": %s.⏎\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Пътят \"%s\" не е обикновен файл.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Грешка при свързването към D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Моля, проверете дали услугата за съобщения (D-Bus) работи.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Грешка при създаване на DBus съобщение-заявка.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Незадължителни аргументи:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: непозната команда\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s: непозната команда\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Възникна вътрешна грешка." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Недостиг на памет.\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Грешка %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Грешка %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Грешка: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Получен е отговор за грешка от локална %s услуга.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Не е получен отговор от услугата %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "" " -T PROFILE\tиска CA да обработи заявката, използвайки профил или шаблон с " "това име\n" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Грешка при инициализиране на Kerberos библиотеката: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Липсва поддръжка за генериране на \"%s\" ключове.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Познатите типове ключове включват:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Неразпознат keyUsage \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Не може да се пресметне OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Грешка при разбора на главното име на Kerberos \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Грешка при сглобяването на главното име на Kerberos \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: невалидна стойност -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: опцията изисква аргумент -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: грешна опция -- '%c'⏎\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" "Грешка: неизползван допълнителен аргумент \"%s\".⏎\n" "\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Грешка: бяха предоставени неизползвани допълнителни аргументи.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" "Местоположение на базата данни или псевдоним е определено без другото.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Определени са и директория на базата данни, и файл със сертификата.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Никое от директория на базата данни и псевдоним, или файл със сертификат не " "е определено.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "Не може и ключът, и сертификатът, да бъдат записани в един и същ файл.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Задният слой на IPA изисква използването на -K опция (главно име), когато -N " "опцията (име на обекта) се използва.⏎\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Не е намерен CA с име \"%s\".\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Грешка при задаване аргументите на заявката.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Добавена е нова заявка за подписване \"%s\".\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Новата заявка за подписване не можа да бъде добавена.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Беше добавена нова проследявана заявка \"%s\".\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Не може да бъде добавена нова проследявана заявка.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Никое от ID, или директория на базата данни и псевдоним, или файл със " "сертификат не е определено.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Беше променена заявката \"%s\".\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Не можа да бъде променена заявката \"%s\".\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Не е намерено искане за този псевдоним.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Не беше намерена заявка, отговаряща на аргументите.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Беше премахната заявката \"%s\".\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Не можа да бъде премахната заявката \"%s\".\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Грешка при промяна \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Повторно изпращане на \"%s\" към \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Повторно изпращане на \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Грешка при опит за изпращане на \"%s\" към \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Грешка при опит за изпращане на \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Заявка ID '%s' се обновява.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Заявка ID '%s' НЕ се обновява.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Брой на проследяваните сертификати и заявки: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID на заявка '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr " състояние: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr " CA-грешка: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr " останал: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr " хранилище на ключови двойки: тип=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "НИЩО" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",местоположение='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",псевдоним='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",пинфайл='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr " сертификат: тип=%s,местоположение='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr " CA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr " издател: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr " обект: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "непознат" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr " изтича на: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\temail: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "»главно име: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP адрес: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tkey usage: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tpre-save команда: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tpost-save команда: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\ttrack: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto-renew: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-type: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\thelper-location: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "»следващ-сериен-номер: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr " познати-имена-на-издатели:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - инструмент за записване на клиентски сертификат\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Употреба: %s request [опции]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Необходими аргументи:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Ако за хранилище се използва NSS база данни:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR NSS база данни за ключ и сертификат\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME псевдоним за NSS-базирано хранилище (валидно само с -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME незадължително token name за NSS-базирано хранилище " "(валидно само с -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Ако за хранилище се използват файлове:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE PEM файл за частен ключ\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE PEM файл за сертификат (валидно само с -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Ако ключовете трябва да бъдат криптирани:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE файл, съдържащ ПИН за криптиране\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN стойност на ПИН\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Незадължителни аргументи:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Настройки на обработката на сертификата:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME псевдоним, който да бъде присвоен към заявката\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g SIZE»големина на ключ, който да бъде генериран ако няма вече създаден " "такъв⏎\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r опит за подновяване на сертификата, когато изтичането му " "наближава (по подразбиране)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R не опитвай подновяване на сертификата, когато изтичането му " "наближава\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA използвай зададения CA вместо този по подразбиране\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\tиска CA да обработи заявката, използвайки профил или шаблон с " "това име\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFILE\tиска CA да обработи заявката, използвайки профил или шаблон с " "това име\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Параметри за подписване на заявките:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME задава заявеното име на обекта (по подразбиране: CN=<име на " "хост>)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE\tзадава искан разширен OID ключ за употреба\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\tзадава исканата key usage стойност\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tзадава искано principal име\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tзадава искано DNS име\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL задава заявения имейл адрес\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Опции на шината:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" " -S свържи се с услугата certmonger през системната шина\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" " -s свържи се с услугата certmonger през сесийната шина\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Други опции:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tкоманда за изпълнение преди записа на сертификата\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tкоманда за изпълнение след записа на сертификата\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v показва всички подробности за грешките\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Употреба: %s start-tracking [опции]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Ако се променя съществуваща заявка:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME псевдоним от съществуваща проследявана заявка\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Ако ключовете са криптирани:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" " -I NAME псевдоним, който да бъде даден към проследяваната заявка\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Параметри за заявката за подписване по време на подновяването:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE\tзамества искания разширен OID ключ за употреба\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\tзамества исканото principal име\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\tзамества исканото DNS име\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "-E EMAIL»смяна на искания email адрес\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Употреба: %s stop-tracking [опции]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* По идентификатор на заявката:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME псевдоним за проследяваната заявка\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Употреба: %s resubmit [опции]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE PEM файл за сертификата\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Нови стойности на параметри за подписваната заявка:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" " -I NAME нов псевдоним, който да бъде даден към проследяваната " "заявка\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA използвай зададения CA вместо текущия\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Употреба: %s list [опции]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Основни опции:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA само показва заявките и сертификатите, асоциирани с това " "CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r само показва информация за неуредените заявки\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" " -t само показва информация за проследяваните сертификати\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Ако изберете специфична заявка:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR само показва списък на заявките и сертификатите, използващи " "тази NSS база данни\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME само показва списък на заявките и сертификатите, използващи " "този псевдоним\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE само показва списък на заявките и сертификатите, записани в " "този PEM файл\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S свържи се с услугата certmonger през системната шина\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s свържи се с услугата certmonger през сесийната шина\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Употреба: %s list-cas [опции]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA само показва информация за CA с това име\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: непозната команда\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "Опцията -t не може да бъде използвана заедно с -K опция.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "Опциятата -к не може да бъде използвана заедно с -К опция.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "Опцията -К не може да бъде използвана с -k или -t опции.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Не може да бъде установено главно име за заявката за подписване.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Не може да се прочете заявката за подписване.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s използвай сесийната шина\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S използвай системната шина\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n не ставай демон\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f стани демон\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT активиран от шината, idle timeout\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B не използвай idle timeout\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL задава ниво за дебъг (implies -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FILE запиши PID на услугата във файл FILE\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Няма зададен agent URL (-A), а няма и такъв по подразбиране.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Няма зададен agent URL (-A), а няма и такъв по подразбиране.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Няма зададен profile/template (-T), а няма и такъв по подразбиране.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Не е получен отговор от услугата %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Грешка при анализ отговора от сървъра.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Грешка при анализ отговора от сървъра.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Вътрешна грешка: непознато състояние.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Възникна вътрешна грешка." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Не бяха намерени такива записи.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Вече има CA с псевдонима \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Не е определен тип на хранилището на сертификати." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Не се поддържа хранилище на сертификати от тип \"%s\"." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Местоположението \"%s\" трябва да е абсолютен път." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Местоположението на хранилището на сертификати не е определено." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Частта преди местоположението \"%s\" трябва да е валидна директория." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Местоположението \"%s\" трябва да е файл." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Местоположението \"%s\" трябва да е директория." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Псевдонимът на сертификата не е определен." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Вече има заявка с псевдонима \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Сертификатът на зададеното място вече се използва от друг псевдоним \"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Не се поддържа хранилище на ключове от тип \"%s\"." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Местоположението на хранилището на ключове не е определено." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Псевдонимът на ключа не е определен." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "Ключът на зададеното място вече се използва от друг псевдоним \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "Няма такъв CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Сертифициращият орган \"%s\" е непознат." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Неразпознат параметър или грешен тип на стойност." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Непозволен достъп. Моля, опитайте операцията отново, като root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Моля, проверете дали услугата certmonger е стартирала.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Моля, проверете дали услугата certmonger все още работи.\n" certmonger-0.79.19/po/ca.po0000644000175000017500000021520414511314133014777 0ustar gitgit00000000000000# Robert Antoni Buj Gelonch , 2015. #zanata # Robert Antoni Buj Gelonch , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2016-10-02 07:06-0400\n" "Last-Translator: Robert Antoni Buj Gelonch \n" "Language-Team: Catalan\n" "Language: ca\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 3.9.6\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Sense memòria.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "No es pot determinar el nom d'amfitrió de l'AC.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "No es pot llegir la sol·licitud de signatura.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "No es pot llegir la sol·licitud de signatura.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "S'ha produït un error en preparar-se per a l'XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "" "S'ha produït un error en analitzar sintàcticament la resposta del servidor.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Error del servidor.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" "Els paràmetres del perfil (-O) han de tenir la forma paràmetre=valor.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" "Els paràmetres de l'enviament (-o) han de tenir la forma paràmetre=valor.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" "No s'han especificat les credencials de l'agent, i no n'hi ha cap de conegut " "per defecte.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" "Es va sol·licitar una renovació, però no es va proporcionar cap número de " "sèrie.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "No s'ha indicat cap URL de l'entitat final (-E), i no n'hi ha cap de " "coneguda per defecte.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" "No s'ha indicat cap URL de l'agent (-A), i no n'hi ha cap de conegut per " "defecte.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" "No s'ha indicat cap perfil/plantilla (-T), i no n'hi ha cap de conegut per " "defecte.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "S'ha produït un error en aturar NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "S'ha produït un error intern: estat desconegut.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" "No s'han especificat les credencials de l'agent (-n) però són necessàries.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "S'ha produït l'error %d en connectar-se a %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "S'ha produït l'error %d en connectar-se a %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "S'ha produït un error intern: sense resposta a \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "ORDRE" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "DIRECTORI" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LLISTA" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ADREÇA" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "NOMFITXER" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "NOMAMFITRIÓ" #: src/getcert.c:67 msgid "ID" msgstr "ID." #: src/getcert.c:69 msgid "BITS" msgstr "BITS" #: src/getcert.c:71 msgid "MODE" msgstr "MODE" #: src/getcert.c:72 msgid "NAME" msgstr "NOM" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "PRINCIPAL" #: src/getcert.c:74 msgid "SUBJECT" msgstr "ASSUMPTE" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "NOMUSUARI[:NOMGRUP]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "El camí \"%s\" no és absolut, s'està intentant d'utilitzar \"%s\" en lloc " "seu.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "El camí \"%s\" no és absolut i a més d’això hi va haver un error en " "determinar el nom del directori actual.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Camí \"%s\": permisos insuficients.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "El camí \"%s\" no és un directori.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Camí \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "El camí \"%s\" no és un fitxer regular.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "No hi ha cap bus de sistema executant-se.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "S'està executant com a UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "S'està llançant el dimoni de servei dedicat temporal.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "S'ha produït un error en connectar amb D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" "Si us plau, comproveu que s'estigui executant el servei del bus de missatges " "(D-Bus).\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "S'ha produït un error en crear el missatge de sol·licitud DBUS.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "S'ha produït un error en analitzar sintàcticament els arguments." #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "Nom de propietat no reconeguda." #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "Nom de propietat no reconeguda." #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "S'ha produït un error intern." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Sense memòria.\n" #: src/getcert.c:434 #, fuzzy msgid "error in popt configuration file" msgstr "elimina la configuració d'una AC\n" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Error %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Error %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Error: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "S'ha rebut una resposta d'error del servei local %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "No s'ha rebut cap resposta del servei %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Estat %s, branca: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "base de dades NSS per a la clau i el certificat" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" "sobrenom per a l'emmagatzematge basat en NSS (tan sols és vàlid amb -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "nom de mostra opcional per a l'emmagatzematge basat amb NSS (tan sols és " "vàlid amb -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "fitxer PEM per a la clau privada" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "fitxer PEM per al certificat (tan sols és vàlid amb -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "fitxer que té el PIN de xifratge de la clau privada" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "PIN de xifratge de la clau privada" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "informació del propietari per a la clau privada" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "permisos del fitxer per a la clau privada" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "informació del propietari per al certificat" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "permisos del fitxer per al certificat" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "base de dades NSS en el qual s'emmagatzemen els certificats de l'AC" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "fitxer en el qual s'emmagatzemen els certificats de l'AC" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "ordre a executar abans de desar el certificat" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "ordre a executar després de desar el certificat" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "sobrenom a assignar a la sol·licitud" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "tipus de clau que es generarà si no n'hi ha ja cap al seu lloc" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "mida de clau que es generarà si no n'hi ha ja cap al seu lloc" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "intenta de renovar el certificat quan s'apropi el venciment (per defecte)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "no intentis de renovar el certificat quan s'apropi el venciment" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" "utilitza la configuració especificada de l'AC en lloc de la predeterminada" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "pregunta a l'AC per processar la sol·licitud mitjançant el perfil o la " "plantilla amb nom" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "" "pregunta a l'AC per processar la sol·licitud mitjançant el perfil o la " "plantilla amb nom" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" "estableix el nom del subjecte sol·licitat (per defecte: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "estableix l'ús de la clau sol·licitat" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "estableix l'OID de l'ús estès de la clau sol·licitat" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "estableix el nom del principal sol·licitat" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "estableix el nom DNS sol·licitat" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "estableix l'adreça de correu electrònic sol·licitada" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "estableix l'adreça IP sol·licitada" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "fitxer que conté el valor de la contrasenya d'un repte opcional" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "valor de la contrasenya d'un repte opcional" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 #, fuzzy msgid "request a CA certificate" msgstr "HTTPS requereix un certificat de l'AC.\n" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 #, fuzzy msgid "request a non-CA certificate" msgstr "HTTPS requereix un certificat de l'AC.\n" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 #, fuzzy msgid "path length for CA certificate" msgstr "fitxer PEM per al certificat" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "prova d'esperar l'expedició del certificat" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "temps màxim d'espera per l'expedició del certificat" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "connecta al servei certmonger sobre el bus de la sessió" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "connecta al servei certmonger sobre el bus del sistema" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" "S'ha produït un error en inicialitzar la biblioteca del Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Sense suport per a la generació de les claus \"%s\".\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Els tipus de claus conegudes inclouen:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Ús de clau no reconegut \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "No es pot avaluar l'OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" "S'ha produït un error en analitzar sintàcticament el nom del principal de " "Kerberos \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" "S'ha produït un error en descompondre el nom del principal de Kerberos «%s»: " "%s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: el valor no és vàlid -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: l'opció requereix un argument -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: l'opció no és vàlida -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Error: argument extra \"%s\" sense utilitzar.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Error: Es van subministrar arguments extres que no s'utilitzen.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" "La localització de la base de dades o el sobrenom s'ha especificat un sense " "l'altre.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" "S'han especificat ambdós, el directori de la base de dades i el fitxer del " "certificat.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "No s'ha especificat cap directori de la base de dades i sobrenom o cap " "fitxer de certificat.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "La clau i el certificat no poden desar-se ambdós al mateix fitxer.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "El motor IPA requereix l'ús de l'opció -K (nom del principal) quan " "s'utilitza l'opció -N (nom del subjecte).\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "No es va trobar cap AC amb el nom \"%s\".\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "S'ha produït un error en establir els arguments de la sol·licitud.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Es va afegir la nova sol·licitud de signatura \"%s\".\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "No es va poder afegir la nova sol·licitud de signatura.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Es va afegir la nova sol·licitud de seguiment \"%s\".\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "No es va poder afegir la nova sol·licitud de seguiment.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "fitxer PEM per a la clau privada (tan sols és vàlid amb -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "fitxer PEM per al certificat" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "sobrenom d'una sol·licitud existent" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "sobrenom a donar a la sol·licitud de seguiment" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "reemplaça l'ús de la clau sol·licitat" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "reemplaça l'OID de l'ús estès de la clau sol·licitat" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "reemplaça el nom sol·licitat del principal" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "reemplaça el nom DNS sol·licitat" #: src/getcert.c:1874 msgid "override requested email address" msgstr "reemplaça l'adreça sol·licitada de correu electrònic" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "reemplaça l'adreça IP sol·licitada" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "No s'ha especificat cap Id. ni tampoc cap directori de la base de dades i el " "sobrenom o cap fitxer de certificat.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Es va modificar la sol·licitud \"%s\".\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "No es va poder modificar la sol·licitud \"%s.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "No s'ha trobat cap sol·licitud amb el sobrenom indicat.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "No s'ha trobat cap sol·licitud que coincideixi amb els arguments.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Es va eliminar la sol·licitud \"%s\".\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "No es va poder eliminar la sol·licitud \"%s\".\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "sobrenom per a la sol·licitud de seguiment" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "nou sobrenom a donar a la sol·licitud de seguiment" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "tipus de la nova clau a generar" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "mida de la nova clau a generar" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "utilitza la configuració especificada de l'AC en lloc de l'actual" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "S'ha produït un error en modificar \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "S'està tornant a presentar \"%s\" a \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "S'està tornant a presentar \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "S'ha produït un error en intentar presentar \"%s\" a \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "S'ha produït un error en intentar presentar \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "refresca la informació sobre totes les sol·licituds pendents" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "refresca la informació tan sols per a les sol·licituds mitjançant la " "configuració especificada de l'AC" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "L'Id. de la sol·licitud '%s' que s'està refrescant.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "L'Id. de la sol·licitud '%s' que NO s'està refrescant.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "tan sols llista la informació sobre les sol·licituds pendents" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "tan sols llista la informació sobre els certificats seguits" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "tan sols llista les sol·licituds i els certificats que estiguin associats " "amb aquesta configuració de l'AC" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Nombre de certificats i de sol·licituds que s'estan seguint: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Id. de la sol·licitud '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\testat: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\terror-ac: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tbranca: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\temmagatzematge parell clau: tipus=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "CAP" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",localització='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",sobrenom='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",mostra='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",pin establert" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfile='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertificat: tipus=%s,localització='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\tempremta de sol·licitud de signatura (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\tempremta de sol·licitud de signatura (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tAC: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\temissor: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tsubjecte: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "desconegut" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tvenç: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tcorreu electrònic: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnom del principal: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tadreça IP: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tús de la clau: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tplantilla de certificat/perfil: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\tels certificats arrel s'han desat als fitxers:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tels altres certificats arrel s'han desat als fitxers:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tels altres certificats s'han desat als fitxers:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\tels certificats arrel s'han desat a les bases de dades:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tels altres certificats arrel s'han desat a les bases de dades:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tels altres certificats s'han desat a les bases de dades:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tordre abans de desar: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tordre després de desar: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tpista: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tautorenova: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "No s'ha especificat cap Id. ni tampoc cap directori de la base de dades i el " "sobrenom o cap fitxer de certificat.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "llista tan sols la configuració de l'AC especificada" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "AC '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tautoidentifica com: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\ttipus-ac: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tlocalització-ajudant: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tsegüent número de sèrie: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnoms d'emissors coneguts:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tperfil/plantilla/tipus-certificat coneguts:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tperfil/plantilla/tipus-certificat per defecte: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tIdentificador de l'AC SCEP: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tEmpremta del certificat de l'AC SCEP (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tEmpremta del certificat de l'AC SCEP (SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "refresca la informació sobre la configuració de l'AC amb aquest nom" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "refresca la informació sobre les AC conegudes" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "No s'ha especificat ni el sobrenom de l'AC ni el marcador -a.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Les dades per a l'AC '%s' que s'estan refrescant.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Les dades per a l'AC sense nom que s'estan refrescant.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\ts'ha produït un error en refrescar les dades de l'AC\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "sobrenom a donar a la nova configuració de l'AC" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "ordre de l'ajudant a executar per comunicar-se amb l'AC" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "No s'ha especificat el sobrenom de l'AC.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "No s'ha especificat l'ordre de l'ajudant de l'AC.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "S'ha afegit la nova AC \"%s\".\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "No es va poder afegir la nova AC.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "localització del servidor SCEP" #: src/getcert.c:4458 msgid "CA identifier" msgstr "Identificador de l'AC" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "fitxer que conté els certificats de l'AC" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "fitxer que conté els certificats de la RA" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "fitxer que conté els certificats a la cadena de certificació de la RA" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "prefereix no utilitzar la funció de renovació del SCEP" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "no s'ha especificat l'URL del servidor.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS requereix un certificat de l'AC.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "S'ha produït un error en la construcció de la línia d'ordres.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "S'ha produït un error en establir l'identificador de l'AC.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "sobrenom de la configuració de l'AC" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "ordre actualitzada de l'ajudant a executar per comunicar-se amb l'AC" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "S'ha modificat l'AC\"%s\".\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "No es va poder modificar l'AC.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "sobrenom de la configuració de l'AC a eliminar" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "S'ha eliminat l'AC \"%s\".\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "No es va poder eliminar l'AC.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - eina d'inscripció de certificats de client\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Ús: %s request [opcions]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Arguments requerits:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Si s'utilitza una base de dades NSS per a l'emmagatzematge:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tbase de dades NSS per a la clau i el certificat\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NOM\tsobrenom per a l'emmagatzematge basat en NSS (tan sols és vàlid " "amb -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NOM\tnom de mostra opcional per a l'emmagatzematge basat amb NSS (tan " "sols és vàlid amb -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Si s'utilitzen fitxers per a l'emmagatzematge:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FITXER\tfitxer PEM per a la clau privada\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FITXER\tfitxer PEM per al certificat (tan sols és vàlid amb -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Si s'han de xifrar les claus:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FITXER\tfitxer que conté el PIN de xifratge\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tvalor del PIN\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Arguments opcionals:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Ajustos del tractament del certificat:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NOM\tsobrenom a assignar a la sol·licitud\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" " -G TIPUS\ttipus de clau que es generarà si encara no n'hi ha cap ja al seu " "lloc\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g MIDA\tmida de la clau que es generarà si encara no n'hi ha cap ja al " "seu lloc\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tintenta de renovar el certificat quan s'apropi el venciment (per " "defecte)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tno intentis de renovar el certificat quan s'apropi el venciment\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c AC\t\tutilitza l'AC especificada en lloc de la predeterminada\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PERFIL\tpregunta a l'AC per processar la sol·licitud mitjançant el " "perfil o la plantilla amb nom\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PERFIL\tpregunta a l'AC per processar la sol·licitud mitjançant el " "perfil o la plantilla amb nom\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Paràmetres per a la sol·licitud de signatura:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NOM\testableix el nom del subjecte sol·licitat (per defecte: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U ÚSEXT\testableix l'OID de l'ús estès de la clau sol·licitat\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u ÚSCLAU\testableix l'ús de la clau sol·licitat\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NOM\testableix el nom del principal sol·licitat\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D NOMDNS\testableix el nom DNS sol·licitat\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E CORREU\testableix l'adreça de correu electrònic sol·licitada\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADREÇA\testableix l'adreça IP sol·licitada\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l FITXER\tfitxer que conté la contrasenya d'un repte opcional\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L CONTRASENYA\tcontrasenya d'un repte opcional\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Opcions del bus:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tconnecta al servei certmonger sobre el bus del sistema\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tconnecta al servei certmonger sobre el bus de la sessió\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Altres opcions:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tordre a executar abans que es desi el certificat\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tordre a executar un cop es desi el certificat\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tfitxer on s'emmagatzemen els certificats de l'AC\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tbase de dades NSS on s'emmagatzemen els certificats de l'AC\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tprova d'esperar l'expedició del certificat\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tinforma de tots els detalls dels errors\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Ús: %s start-tracking [opcions]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Si es modifica una sol·licitud existent:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NOM\tsobrenom d'una sol·licitud de seguiment existent\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Si les claus estan xifrades:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NOM\tsobrenom a donar a la sol·licitud de seguiment\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" "* Paràmetres per a la sol·licitud de signatura en el moment de la " "renovació:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U ÚSEXT\treemplaça l'OID de l'ús estès de la clau sol·licitat\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NOM\treemplaça el nom del principal sol·licitat\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D NOMDNS\treemplaça el nom DNS sol·licitat\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E CORREU\treemplaça l'adreça de correu electrònic sol·licitada\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADREÇA\treemplaça l'adreça IP sol·licitada\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Ús: %s stop-tracking [opcions]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Per a l'identificador sol·licitat:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -I NOM\tsobrenom per seguir a la sol·licitud\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Ús: %s resubmit [opcions]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FITXER\tfitxer PEM per al certificat\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nous valors dels paràmetres per a la sol·licitud de signatura:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NOM\tnou sobrenom a donar a la sol·licitud de seguiment\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c AC\t\tutilitza l'AC especificada en lloc de l'actual\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Ús: %s rekey [opcions]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TIPUS\ttipus de la nova clau a generar\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g MIDA\tmida de la nova clau a generar\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Ús: %s list [opcions]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Opcions generals:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c AC\ttan sols llista les sol·licituds i els certificats que estiguin " "associats amb aquesta AC\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\ttan sols llista la informació sobre les sol·licituds pendents\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\ttan sols llista la informació sobre els certificats seguits\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Si se selecciona una sol·licitud específica:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\ttan sols llista les sol·licituds i els certificats que utilitzin " "aquesta base de dades NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NOM\ttan sols llista les sol·licituds i els certificats que utilitzin " "aquest sobrenom\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FITXER\ttan sols llista les sol·licituds i els certificats " "emmagatzemats en aquest fitxer PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tconnecta al servei certmonger sobre el bus del sistema\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tconnecta al servei certmonger sobre el bus de la sessió\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Ús: %s refresh [opcions]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\trefresca la informació sobre totes les sol·licituds pendents\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Ús: %s status [opcions]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* Selecció d'una sol·licitud específica:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* Quan s'utilitzi una base de dades NSS per a l'emmagatzematge:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" " -d DIR\tretorna l'estat per a la sol·licitud en aquesta base de dades NSS\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" " -n NOM\tretorna l'estat del certificat que utilitzi aquest sobrenom\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* Quan s'utilitzin fitxers per a l'emmagatzematge:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" " -f FITXER\tretorna l'estat per al certificat emmagatzemat en aquest fitxer " "PEM\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Ús: %s list-cas [opcions]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c AC\ttan sols llista la informació sobre l'AC amb aquest nom\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Ús: %s refresh-ca [opcions]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c AC\trefresca la informació sobre l'AC amb aquest nom\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\trefresca la informació sobre totes les AC conegudes\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Ús: %s add-ca [opcions]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c AC\t\tsobrenom a donar a la nova configuració de l'AC\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr " -e ORDRE\tordre de l'ajudant a executar per comunicar-se amb l'AC\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Ús: %s add-scep-ca [opcions]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tlocalització del servidor SCEP\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ID\t\tidentificador de l'AC\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R FITXER\tfitxer que conté el certificat de l'AC\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r FITXER\tfitxer que conté el certificat de la RA\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" " -I FITXER\tfitxer que conté els certificats a la cadena de certificació de " "la RA\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tprefereix no utilitzar la funció de renovació del SCEP\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Ús: %s modify-ca [opcions]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c AC\t\tsobrenom de la configuració de l'AC\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e ORDRE\tordre de l'ajudant actualitzat a executar per comunicar-se amb " "l'AC\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Ús: %s remove-ca [opcions]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c AC\tsobrenom de la configuració de l'AC a eliminar\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Ús: %s ordre [opcions]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "sol·licita un nou certificat des d'una AC\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "comença el monitoratge d'un certificat ja expedit\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "atura el monitoratge d'un certificat\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" "tornar a presentar una sol·licitud d'inscripció en curs, o n'inicia un de " "nova\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "genera una nova clau privada i substitueix un certificat\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "comprova l'estat d'una sol·licitud d'inscripció en curs\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "llista els certificats que s'estan monitorant i sol·licitant\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" "comprova l'estat d'un certificat que s'està monitorant o sol·licitant\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "afegeix la configuració d'una AC\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "afegeix la configuració d'una AC SCEP\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "llista les configuracions de les AC conegudes\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "modifica la configuració d'una AC\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "refresca la memòria cau de tota la informació obtinguda d'una AC\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "elimina la configuració d'una AC\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: no s'ha reconegut l'ordre\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "No es pot determinar la localització del servidor LDAP IPA.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "No es pot contactar amb el servidor LDAP IPA.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" "No es pot determinar el DN base de la informació de domini sobre el servidor " "IPA.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "S'ha produït un error en preparar-se per a l'XMLRPC sobre el client.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "L'opció -t no pot utilitzar-se amb l'opció -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "L'opció -k no pot utilitzar-se amb l'opció -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "L'opció -K no pot utilitzar-se amb l'opció -k ni amb l'opció -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" "No es pot determinar el nom del principal per a la sol·licitud de " "signatura.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "No hi ha cap domini IPA configurat i no se n'ha especificat cap.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "S'ha produït un error en preparar ccache per al servei \"host\" al client " "mitjançant la taula de claus predeterminada: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "S'ha produït un error en preparar ccache per a \"%s\" al client mitjançant " "la taula de claus predeterminada: %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "S'ha produït un error en preparar ccache per al servei \"host\" al client " "mitjançant la taula de claus \"%s\": %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "S'ha produït un error en preparar ccache per a \"%s\" al client mitjançant " "la taula de claus \"%s\": %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "No es pot llegir la sol·licitud de signatura.\n" #: src/main.c:74 msgid "use session bus" msgstr "utilitza el bus de la sessió" #: src/main.c:75 msgid "use system bus" msgstr "utilitza el bus del sistema" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "inicia un socket dedicat a escoltar" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "tan sols utilitza el socket dedicat a escoltar" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "especifica el socket dedicat a escoltar" #: src/main.c:78 msgid "PATHNAME" msgstr "NOMCAMÍ" #: src/main.c:79 msgid "don't become a daemon" msgstr "no et converteixis en un dimoni" #: src/main.c:80 msgid "do become a daemon" msgstr "converteix-te en un dimoni" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "activat per bus, temps d'expiració d'inactivitat" #: src/main.c:81 msgid "SECONDS" msgstr "SEGONS" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "no utilitzis un temps d'expiració d'inactivitat" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "estableix el nivell de depuració (implica -n)" #: src/main.c:83 msgid "NUMBER" msgstr "NÚMERO" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "inicia l'ORDRE i surt quan ho faci" #: src/main.c:87 msgid "write service PID to file" msgstr "escriu el PID del servei al fitxer" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "força NSS al mode FIPS" #: src/main.c:90 msgid "print version information" msgstr "mostra informació de la versió" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Ús: %s [-s|-S] [-n|-f] [-d NIVELL] [-p FITXER] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s utilitza el bus de la sessió\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S utilitza el bus del sistema\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l inicia un socket dedicat a escoltar\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L tan sols utilitza el socket dedicat a escoltar\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P CAMÍ especifica el socket dedicat a escoltar\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n no et converteixis en un dimoni\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f converteix-te en un dimoni\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT activat per bus, temps d'expiració d'inactivitat\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B no utilitzis un temps d'expiració d'inactivitat\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d NIVELL estableix el nivell de depuració (implica -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c ORDRE inicia l'ORDRE i surt quan també ho faci l'ordre.\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FITXER escriu el PID del servei al fitxer\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F força NSS al mode FIPS\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v mostra informació de la versió i surt\n" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" "No s'ha indicat cap URL de l'agent (-A), i no n'hi ha cap de conegut per " "defecte.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" "No s'ha indicat cap URL de l'agent (-A), i no n'hi ha cap de conegut per " "defecte.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" "No s'ha indicat cap perfil/plantilla (-T), i no n'hi ha cap de conegut per " "defecte.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "No s'ha rebut cap resposta del servei %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" "S'ha produït un error en analitzar sintàcticament la resposta del servidor.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" "S'ha produït un error en analitzar sintàcticament la resposta del servidor.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "S'ha produït un error intern: estat desconegut.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "S'ha produït un error intern." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "No s'han trobat cap entrada que coincideixi.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Ja hi ha una AC amb el sobrenom \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "No s'ha especificat el tipus d'emmagatzematge de certificat." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "El tipus d'emmagatzematge de certificat \"%s\" no està suportat." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "La localització \"%s\" ha de ser un camí absolut." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" "No s'ha especificat la localització de l'emmagatzematge del certificat." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "No es pot accedir a la localització pare \"%s\" a causa de permisos " "insuficients." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "El pare de la localització \"%s\" ha de ser un directori vàlid." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "La localització \"%s\" ha de ser un fitxer." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" "No es pot accedir a la localització \"%s\" a causa de permisos insuficients." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "La localització \"%s\" ha de ser un directori." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "No s'ha especificat el sobrenom del certificat." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Ja hi ha una sol·licitud amb el sobrenom \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "El certificat a la mateixa localització ja està utilitzat per la sol·licitud " "amb sobrenom \"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "El tipus d'emmagatzematge de clau \"%s\" no està suportat." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "No s'ha especificat la localització de l'emmagatzematge de la clau." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "No s'ha especificat el sobrenom de la clau." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "La clau a la mateixa localització ja està utilitzada per la sol·licitud amb " "sobrenom \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Sense suport per al tipus de clau \"%s\"." #: src/tdbush.c:1400 msgid "No such CA." msgstr "No existeix l'AC." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Autoritat de certificació \"%s\" no coneguda." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Paràmetre no reconegut o tipus de valor erroni." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "S'ha produït un error en analitzar sintàcticament els arguments." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Nom de propietat no reconeguda." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Accés insuficient. Si us plau, torneu a repetir-ho com a root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Si us plau, verifiqueu que s'hagi iniciat el servei certmonger.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" "Si us plau, verifiqueu que encara s'estigui executant el servei certmonger.\n" certmonger-0.79.19/po/certmonger.pot0000644000175000017500000014141514511314133016747 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the certmonger package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: certmonger 0.79\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 msgid "missing argument" msgstr "" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" #: src/getcert.c:3736 msgid "\temail: " msgstr "" #: src/getcert.c:3742 msgid "\tdns: " msgstr "" #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/cs_CZ.po0000644000175000017500000014321514511314133015417 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Milan Kerslager , 2011 # Eliska Oplistilova , 2023. msgid "" msgstr "" "Project-Id-Version: certmonger\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2023-05-10 19:20+0000\n" "Last-Translator: Eliska Oplistilova \n" "Language-Team: Czech \n" "Language: cs_CZ\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" "X-Generator: Weblate 4.15.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Nedostatek paměti.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Nelze určit hostitele CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Chyba při pasování odpovědi serveru.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Chyba serveru.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, fuzzy, c-format msgid "Error connecting to D-Bus.\n" msgstr "Chyba při připojování k D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Chyba při pasování odpovědi serveru.\n" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Chyba serveru.\n" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Chyba %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Chyba %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Chyba: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "neznámý" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "»vyprší: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "»email: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "»dns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Chyba při pasování odpovědi serveru.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Chyba při pasování odpovědi serveru.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Chyba serveru.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 #, fuzzy msgid "Error parsing arguments." msgstr "Chyba při pasování odpovědi serveru.\n" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/da.po0000644000175000017500000015760614511314133015013 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Kris Thomsen , 2011 # Rikke Sønderlind , 2023. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2023-06-17 21:20+0000\n" "Last-Translator: Rikke Sønderlind \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.18.1\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Løbet tør for hukommelse.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Kunne ikke bestemme værtsnavnet af CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Kunne ikke læse signeringsforespørgsel fra fil \"%s\".\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Kunne ikke læse signeringsforespørgsel fra miljøvariablen \"%s\".\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Fejl under opsætning af XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Fejl under fortolkning af serversvar.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Serverfejl.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Stien \"%s\" er ikke absolut, forsøger at bruge \"%s\" istedet.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Stien \"%s\" er ikke absolut, og der opstod en fejl under bestemmelse af " "navnet på den nuværende mappe.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Stien \"%s\" er ikke en mappe.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Stien \"%s\" er ikke en almindelig fil.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Kontrollér at tjenesten for beskedbussen (D-Bus) kører.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Fejl under oprettelse af forespørgselsbesked for DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Valgfri argumenter:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: ukendt kommando\n" #: src/getcert.c:406 msgid "unrecognized option" msgstr "ukendt kommando" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "intern fejl" #: src/getcert.c:430 msgid "out of memory" msgstr "løbet tør for hukommelse" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Fejl %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Fejl %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Fejl: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Modtog fejlrespons fra lokal tjeneste %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Intet svar modtaget fra tjenesten %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Fejl under initialisering af Kerberos-biblioteket: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Kunne ikke evaluere OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Kunne ikke fortolke hovednavn for Kerberos \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Kunne ikke aftolke hovednavn for Kerberos \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Fejl: ubrugte ekstra-argumenter blev angivet.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Databaseplacering eller kaldenavn angivet uden den anden.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Databasemappe og certifikatfil er begge angivet.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "Ingen databasemappe og kaldenavn eller certifikat-fil angivet.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Nøgle og certifikat kan ikke blive gemt i den samme fil.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA-motoren kræver brug af tilvalget -K (hovednavn), når tilvalget -N " "(emnenavn) er brugt.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Ingen CA med navnet \"%s\" fundet.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Fejl under indstilling af forespørgselsargumenter.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Ny signeringsforespørgsel \"%s\" tilføjet.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Ny signeringsforespørgsel kunne ikke tilføjes.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Ny sporingsforespørgsel \"%s\" tilføjet.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Ny sporingsforespørgsel kunne ikke tilføjes.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Intet ID eller databasemappe og -kaldenavn eller certifikatfil angivet.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Forspørgsel \"%s\" ændret.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Forespørgsel \"%s\" kunne ikke ændres.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Ingen forespørgsel fundet, som matchede argumenter.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Forespørgsel \"%s\" fjernet.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Forespørgsel \"%s\" kunne ikke fjernes.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Fejl under ændring af \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Gensender \"%s\" til \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Gensender \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Fejl under forsøg på sending \"%s\" til \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Fejl under forsøg på sending \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Antallet af certifikater og forespørgsler som spores: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Forespørgsels-id \"%s\":\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tstatus: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-fejl: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tsat fast: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" "»lagring for nøglepar: " "type=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "INGEN" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",placering='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",kaldenavn='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",symbol='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfil='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" "»certifikat: type=%s," "placering='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tudsteder: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\temne: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "ukendt" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tudløber: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\te-post: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\thovednavn: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tspor: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto-forny: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA \"%s\":\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-type: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\thjælperplacering: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tnæste serienummer: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tkendte udstedernavne:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - udrulningsværktøj for klientcertifikat\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Brug: %s forespørgsel [tilvalg]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Påkrævede argumenter:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Hvis der bruges en NSS-database til lagring:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d MAPPE\tNSS-database for nøgle og certifikat\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr " -n NAVN\tkaldenavn for NSS-baseret lagring (kun gyldig med -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAVN\tvalgfri symbolnavn til NSS-baseret lagring (kun gyldig med -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Hvis filer bruges til lagring:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FIL\tPEM-fil til privat nøgle\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FIL\tPEM-fil til certifikat (kun gyldig med -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Hvis nøgler skal krypteres:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FIL\tfilen som indeholder krypterings-PIN\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN-værdi\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Valgfri argumenter:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Indstillinger for certifikathåndtering:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAVN\tkaldenavn at tillægge forespørgslen\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g STØRRELSE\tstørrelsen på nøglen som skal genereres hvis der ikke " "allerede findes en\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tforsøg at forny certifikatet når udløbsdatoen er nær (standard)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr " -R\t\tforsøg ikke at forny certifikatet når udløbsdatoen er nær\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tbrug den angivne CA i stedet for standarden\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parametre til signeringsforespørgsel:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N NAVN\tangiv forespurgt emnenavn (standard: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTBRUG\tangiv forespurgt udvidet nøglebrug OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAVN\tangiv forespurgt hovednavn\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAVN\tangiv forespurgt DNS-navn\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E E-POST\tangiv forespurgt e-post-adresse\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Busindstillinger:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tforbind til certmonger-tjenesten i systembussen\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tforbind til certmonger-tjenesten i sessionsbussen\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Andre tilvalg:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" " -v»rapportér alle " "deltaljer om fejl\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Brug: %s start-sporing [tilvalg]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Hvis en eksisterende forespørgsel redigeres:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAVN\tkaldenavn for eksisterende fulgt forespørgsel\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Hvis nøgler er krypteret:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAVN\tkaldenavn at give til fulgt forespørgsel\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parametre til signeringsforespørgsel ved fornyelsestidspunkt:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTBRUG\toverskriv forespurgt udvidet nøglebrug OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAVN\toverskriv forespurgt hovednavn\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAVN\toverskriv forespurgt DNS-navn\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E E-POST\toverskriv forespurgt e-post-adresse\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Brug: %s stop-sporing [tilvalg]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Efter forespørgselsidentifikator:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAVN\tkaldenavn for fulgt forespørgsel\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Brug: %s resubmit [tilvalg]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FIL\tPEM-fil til certifikat\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nye parameterværdier til signering af forespørgsel:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAVN\tnyt kaldenavn at give til fulgt forespørgsel\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tbrug den angivne CA i stedet for den nuværende\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Brug %s list [tilvalg]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Generelle tilvalg:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tvis kun forespørgsler og certifikater forbundet med denne CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tvis kun information om specielle forespørgsler\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tvis kun information om fulgte certifikater\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Hvis en specifik forespørgsel vælges:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d MAPPE»oplister " "kun forespørgsler og certs som bruger denne NSS-database\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAVN»oplister kun " "forespørgsler og certs som bruger dette kaldenavn\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FIL»oplister kun " "forespørgsler og certs, som er gemt i denne PEM-fil\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tforbind til tjenesten certmonger i systembussen\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tforbind til tjenesten certmonger i sessionsbussen\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Brug: %s vis-cas [tilvalg]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\tvis kun information om CA'et med dette navn\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: ukendt kommando\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Kunne ikke bestemme hovednavn for signeringsforespørgsel.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Kunne ikke læse signeringsforespørgsel.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Intet svar modtaget fra tjenesten %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Fejl under fortolkning af serversvar.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Fejl under fortolkning af serversvar.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Serverfejl.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Der opstod en intern fejl." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Intet matchende element fundet.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Der er allerede en CA med kaldenavnet \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Certifikatslagringstype er ikke angivet." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Certifikatslagringstype \"%s\" er ikke understøttet." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Placeringen \"%s\" skal være en absolut sti." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Certifikatslagringsplacering er ikke angivet." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Placeringen over \"%s\" skal være en gyldig mappe." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Placeringen \"%s\" skal være en fil." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Placeringen \"%s\" skal være en mappe." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Certifikatkaldenavn ikke angivet." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Der er allerede en forespørgsel med kaldenavnet \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Nøglelagringstype \"%s\" er ikke understøttet." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Nøglelagringsplacering er ikke angivet." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nøglekaldenavn er ikke angivet." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "Ingen sådan CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Certifikatsautoritet \"%s\" er ikke kendt." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Ikke opdaget parameter eller forkert værditype." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/de.po0000644000175000017500000017165614511314133015020 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Fabian Affolter , 2014 # hpeters , 2012 # Mario Blättermann , 2011 # Nalin Dahyabhai , 2011 # Roman Spirgi , 2012-2013 # Joachim Philipp , 2022. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2022-04-21 10:17+0000\n" "Last-Translator: Joachim Philipp \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.11.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Ungenügend Speicher.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" "Rechnername der Zertifizierungsstelle (CA) konnte nicht ermittelt werden.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Signaturanfrage von Datei \"%s\" konnte nicht gelesen werden.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" "Signaturanfrage der Environment Variablen \"%s\" konnte nicht gelesen werden." "\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Fehler beim Einrichten von XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Fehler beim Abfragen der Serverantwort.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Server-Fehler.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Profilparameter (-O) müssen die Form param=value haben.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Übertragung der Parameter (-o) muss die Form param=value haben.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" "Keine Anmeldeinformationen des Agenten angegeben, kein Standardwert gesetzt." "\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Aktualisierung wurde angefordert, aber keine Seriennummer angegeben.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Keine End-Entity-URL (-T) angegeben, Standarwert nicht gesetzt.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Keine Agent-URL (-T) angegeben, Standarwert nicht gesetzt.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Kein Profil/ Vorlage (-T) angegeben, Standarwert nicht gesetzt.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Fehler beim Beenden von NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Interner Fehler: Unbekannter Status.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" "Keine Anmeldeinformationen des Agenten (-n) vorhanden, sie werden aber " "benötigt.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "%d-Fehler beim Verbinden zu %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Fehler %d connecting to %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Interner Fehler: Keine Antwort an \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "BEFEHL" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "VERZEICHNIS" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LISTE" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ADRESSE" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "DATEINAME" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "HOSTNAME" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "BITS" #: src/getcert.c:71 msgid "MODE" msgstr "MODUS" #: src/getcert.c:72 msgid "NAME" msgstr "NAME" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "HAUPT" #: src/getcert.c:74 msgid "SUBJECT" msgstr "THEMA" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "BENUTZERNAME[:GRUPPENNAME]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Pfad »%s« ist nicht absolut, versuche stattdessen »%s« zu verwenden.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Pfad »%s« ist nicht absolut. Außerdem trat beim Ermitteln des Namens des " "aktuellen Ordners ein Fehler auf.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Pfad \"%s\": nicht ausreichende Berechtigungen.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Pfad »%s« ist kein Verzeichnis.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Pfad »%s«: %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Pfad »%s« ist keine reguläre Datei.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Kein System Bus läuft.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Läuft als UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Starte temporär zugewiesenen service daemon.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Fehler beim Verbinden zum D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Bitte überprüfen Sie, ob der D-Bus-Dienst läuft.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Fehler beim Erstellen der D-Bus-Anfragemeldung.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "Fehlendes Argument für %s" #: src/getcert.c:398 msgid "missing argument" msgstr "Fehlendes Argument" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "Unbekannte Option %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "Unbekannte Option" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "Aliase zu tief verschachtelt" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "schlechte Parameterangabe" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "Ungültiger numerischer Wert" #: src/getcert.c:421 msgid "number too large or too small" msgstr "Nummer zu groß oder zu klein" #: src/getcert.c:424 msgid "bad operation" msgstr "Ungültige Operation" #: src/getcert.c:427 msgid "internal error" msgstr "Interner Fehler" #: src/getcert.c:430 msgid "out of memory" msgstr "Nicht genügend Speicher" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "Fehler in popt Konfigurationsdatei" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Fehler %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Fehler %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Fehler: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Fehlermeldung erhalten vom lokalen Dienst %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Keine Antwort vom %s-Dienst erhalten.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Status %s, hängt: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "NSS Datenbank für Schlüssel und Zertifikat" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "Kurzname für NSS-basierte Speicherung (nur gültig mit -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "Optionaler Token-Name für NSS-basierte Speicherung (nur gültig mit -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "PEM Datei für privaten Schlüssel" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "PEM-Datei für Zertifikat (nur gültig mit -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "Datei, die die PIN zum Verschlüsseln des privaten Schlüssels enthält" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "PIN zur Verschlüsselung des privaten Schlüssels" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "Eigentümerinformationen für privaten Schlüssel" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "Dateiberechtigungen für privaten Schlüssel" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "Eigentümerinformationen für Zertifikat" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "Dateiberechtigungen für Zertifikat" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "NSS Datenbank, in der die CA-Zertifikate gespeichert werden" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "Datei in der die CA-Zertifikate gespeichert werden" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "Auszuführender Befehl vor dem Speichern des Zertifikats" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "Auszuführender Befehl nach dem Speichern des Zertifikats" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "Zugewiesener Kurzname für diese Abfrage" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "Zu erstellender Schlüsseltyp, falls keiner vorhanden ist" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "Größe des zu generierenden Schlüssels, falls noch keiner vorhanden ist" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "versuchen, kurz vor Ablauf das Zertifikat zu erneuern (Standard)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "nicht versuchen, kurz vor Ablauf das Zertifikat zu erneuern (Standard)" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "" " -T PROFILE\tAnfrage an CA, um den Antrag unter Verwendung des benannten " "Profils oder der Vorlage auszuführen\n" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Fehler bei der Initialisierung der Kerberos-Bibliothek: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Unbekannte SchlüsselBenutzung »%s«.\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "OID »%s« konnte nicht ermittelt werden.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Fehler beim Parsen des Principal-Namens »%s« für Kerberos: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Fehler beim Unparsen des Principal-Namens »%s« für Kerberos: %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: Option erfordert einen Parameter -- »%c«\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: ungültige Option -- »%c«\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Fehler: unbenötigter, zusätzlicher Parameter »%s«.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Fehler: unbenötigte, zusätzliche Parameter wurden angegeben.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Ort der Datenbank oder Kurzname allein angegeben.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" "Sowohl Datenbankordner als auch Zertifikatdatei wurden nicht angegeben.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Weder Datenbankordner noch Kurzname oder Zertifikatdatei wurden angegeben.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "Schlüssel und Zertifikat können nicht in der gleichen Datei gespeichert " "werden.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Das IPA-Backend benötigt die Option -K (Name des Principals), wenn die " "Option -N (Name des Subjekts) verwendet wird.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Keine Zertifizierungsstelle mit dem Namen »%s« gefunden.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Fehler beim Setzen der Anfrageparameter.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Neue Signaturanfrage »%s« wurde hinzugefügt.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Neue Signaturanfrage konnte nicht hinzugefügt werden.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Neue Überwachungsanfrage »%s« wurde hinzugefügt.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Neue Überwachungsanfrage konnte nicht hinzugefügt werden.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Kennung, Datenbankordner, Kurzname und Zertifikatdatei nicht angegeben.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Anfrage »%s« wurde geändert.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Anfrage »%s« konnte nicht geändert werden.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Keine Anfrage mit angegebenem Kurznamen gefunden.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Keine mit den Parametern übereinstimmende Anfrage gefunden.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Anfrage »%s« wurde entfernt.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Anfrage »%s« konnte nicht entfernt werden.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Fehler beim Bearbeiten von »%s«.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "»%s« erneut an »%s« übertragen.\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "»%s« erneut übertragen.\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Fehler beim Versuch, »%s« an »%s« zu übertragen.\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Fehler beim Versuch, »%s« zu übertragen.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Anzahl der Zertifikate und überwachten Anfragen: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Anfragekennung »%s«:\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tStatus: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tCA-Fehler: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tstecken geblieben: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tSchlüsselpaar-Speicher: Typ=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NICHTS" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",Ort=»%s«" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",Kurzname=»%s«" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",Token=»%s«" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",PIN-Datei=»%s«" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tZertifikat: Typ=%s, Ort=»%s«" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tAusgabestelle: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tSubjekt: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "unbekannt" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tAblauf: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tE-Mail: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tDNS: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tPrincipal-Name: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" "Schlüsselbenutzung: %s\n" "\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\tEKU: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "»Befehl vor dem Speichern: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "»Befehl nach dem Speichern: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tTrack: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tAuto-Erneuern: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA »%s«:\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tCA-Typ: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tHelper-Speicherort: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tNächste Seriennummer: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tBekannte Ausstellernamen:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - Tool z. Client-Zertifikatanmeldung\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Aufruf: %s request [Optionen]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Benötigte Parameter:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Falls in einer NSS-Datenbank gespeichert wird:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tNSS-Datenbank für Schlüssel und Zertifikat\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr " -n NAME\tKurzname für NSS-basierte Speicherung (nur gültig mit -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME\toptionaler Token-Name für NSS-basierte Speicherung (nur gültig " "mit -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Falls Dateien zum Speichern verwendet werden:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k DATEI\tPEM-Datei für geheimen Schlüssel\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f DATEI\tPEM-Datei für Zertifikat (nur gültig mit -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Falls Schlüssel verschlüsselt werden sollen:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p DATEI\tDatei, welche die Verschlüsselungs-PIN enthält\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN-Wert\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Optionale Parameter:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Einstellungen für Umgang mit Zertifikaten:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\tder Anfrage zuzuordnender Kurzname\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g GRÖSSE\tGröße des zu generierenden Schlüssels, falls noch keiner " "vorhanden ist\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tversuchen, kurz vor Ablauf das Zertifikat zu erneuern (Standard)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -r\t\tnicht versuchen, kurz vor Ablauf das Zertifikat zu erneuern " "(Standard)\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" " -c CA\tAngegebene Zertifizierungsstelle statt der aktuellen verwenden\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\tAnfrage an CA, um den Antrag unter Verwendung des benannten " "Profils oder der Vorlage auszuführen\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFILE\tAnfrage an CA, um den Antrag unter Verwendung des benannten " "Profils oder der Vorlage auszuführen\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parameter für die Signaturanfrage:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME\tAngefragten Subjektnamen festlegen (Standard: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tAngefragte OID für erweiterte Schlüsselverwendung festlegen\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" " -u SCHLÜSSELNUTZUNG\tGewünschter Wert für SchlüsselBenutzung setzen\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tAngefragten Principal-Namen festlegen\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tAngefragten DNS-Namen festlegen\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tAngefragte E-Mail-Adresse festlegen\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Busoptionen:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tmit dem Certmonger-Dienst über den Systembus verbinden\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -S\t\tmit dem Certmonger-Dienst über den Sitzungsbus verbinden\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Weitere Optionen:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B»Auszuführender Befehl vor dem Speichern des Zertifikats\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tAuszuführender Befehl nach dem Speichern des Zertifikats\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tAlle Fehlerdetails ausgeben\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Aufruf: %s start-tracking [Optionen]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Falls eine existierende Anfrage geändert wird:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\tKurzname für existierende Überwachungsanfrage\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Falls Schlüssel verschlüsselt sind:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\tNeuer Kurzname für die Überwachungsanfrage\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parameter für die Signaturanfrage zum Zeitpunkt der Erneuerung:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tAngefragte OID für erweiterte Schlüsselverwendung " "überschreiben\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\tangefragten Principal-Name überschreiben\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\tangefragten DNS-Namen überschreiben\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\tangefragte E-Mail-Adresse überschreiben\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Aufruf: %s stop-tracking [Optionen]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Nach Anfrage-Kennung:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\tKurzname für Überwachungsanfrage\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Aufruf: %s resubmit [Optionen]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f DATEI\tPEM-Datei des Zertifikats\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Neue Parameterwerte für die Signaturanfrage:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\tNeuer Kurzname für die Überwachungsanfrage\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" " -c CA\t\tAngegebene Zertifizierungsstelle statt der aktuellen verwenden\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Aufruf: %s list [Optionen]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Allgemeine Optionen:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tNur die dieser Zertifizierungsstelle zugeordneten Anfragen und " "Zertifikate auflisten\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tNur Informationen zu offenen Anfragen auflisten\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tNur Informationen zu überwachten Zertifikaten auflisten\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Falls bestimmte Anfrage ausgewählt wird:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d VERZ\tnur Anfragen und Zertifikate auflisten, die diese NSS-Datenbank " "nutzen\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME\tnur Anfragen und Zertifikate auflisten, die diesen Kurznamen " "nutzen\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f DATEI\tnur Anfragen und Zertifikate auflisten, die in dieser PEM-Datei " "gespeichert sind\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tmit dem Certmonger-Dienst über den Systembus verbinden\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -S\tmit dem Certmonger-Dienst über den Sitzungsbus verbinden\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Aufruf: %s list-cas [Optionen]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" " -c CA\tNr Informationen zu Zertifizierungsstellen dieses Namens auflisten\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: Unbekannter Befehl.\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" "Die -t Option kann nicht zusammen mit der -K Option verwendet werden.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" "Die -k Option kann nicht zusammen mit der -K Option verwendet werden.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" "Die -K Option kann weder mit der -k noch der -t Option verwendet werden.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Principal-Name für Signaturanfrage konnte nicht ermittelt werden.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Signaturanfrage konnte nicht gelesen werden.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s Sitzungs-Bus verwenden\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S System-Bus verwenden\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n nicht als Dämon ausführen\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f als Dämon ausführen\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT bus-aktiviert, Timeout der Leerlaufzeit\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B kein Timeout der Leerlaufzeit verwenden\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL Debugging-Stufen setzen (impliziert -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FILE Dienst-PID in Datei schreiben\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F NSS in FIPS-Modus ausführen\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Keine Agent-URL (-T) angegeben, Standarwert nicht gesetzt.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Keine Agent-URL (-T) angegeben, Standarwert nicht gesetzt.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Kein Profil/ Vorlage (-T) angegeben, Standarwert nicht gesetzt.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Keine Antwort vom %s-Dienst erhalten.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Fehler beim Abfragen der Serverantwort.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Fehler beim Abfragen der Serverantwort.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Interner Fehler: Unbekannter Status.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Ein interner Fehler ist aufgetreten." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Kein passender Eintrag gefunden.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Es gibt bereits ein Zertifikat mit dem Kurznamen »%s«." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Speichertyp des Zertifikats wurde nicht angegeben." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Speichertyp »%s« des Zertifikats wird nicht unterstützt." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Der Ort »%s« muss ein absoluter Pfad sein." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Speicherort für Zertifikat ist nicht angegeben." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Übergeordnete Ebene des Ortes »%s« muss ein gültiger Ordner sein." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Der Ort »%s« muss eine Datei sein." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Der Ort »%s« muss ein Ordner sein." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Kurzname des Zertifikats nicht angegeben." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Es gibt bereits eine Anfrage mit dem Kurznamen »%s«." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Zertifikat am gleichen Speicherort wird bereits von Anfrage mit Kurznamen " "»%s« verwendet." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Speichertyp »%s« für Schlüssel nicht unterstützt." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Speicherort des Schlüssels wurde nicht angegeben." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Kurzname des Schlüssels nicht angegeben." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Schlüssel am gleichen Speicherort wird bereits von Anfrage mit Kurznamen " "»%s« verwendet." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "Keine solche Zertifizierungsstelle." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Zertifizierungsstelle »%s« ist unbekannt." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Nicht erkannter Parameter oder falscher Werttyp." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" "Unzureichende Berechtigung. Bitte führen Sie die Aktion als Root aus.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Bitte überprüfen Sie, ob der Certmonger-Dienst gestartet wurde.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" "Bitte vergewissern Sie sich, dass der Certmonger-Dienst immer noch läuft.\n" certmonger-0.79.19/po/es.po0000644000175000017500000021453314511314133015027 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Claudio Rodrigo Pereyra Diaz , 2011, 2012 # Daniel Cabrera , 2011 # beckerde , 2011 # vareli , 2013 # Gerardo Rosales , 2014 # Gladys Guerrero , 2012 # Daniel Cabrera , 2011 # Henderb Rodriguez , 2014 # Hernan Gabriel Alvarez Guerra , 2014 # Nalin Dahyabhai , 2011 # Aly Machaca , 2016. #zanata # Emilio Herrera , 2017. #zanata # Máximo Castañeda Riloba , 2017. #zanata msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2017-02-21 10:35-0500\n" "Last-Translator: Emilio Herrera \n" "Language-Team: Spanish (http://www.transifex.com/projects/p/certmonger/" "language/es/)\n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Falta memoria.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "No es posible determinar el nombre del equipo de CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "No es posible leer la petición de identificación.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "No es posible leer la petición de identificación.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Error al definir XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Error analizando la respuesta del servidor.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Error de servidor.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Parámetros del perfil (-O) deben estar en el formato param=value.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Paŕametros de enviar (-o) deben estar en el formato param=value.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "No se indican credenciales de agente, y no hay valor predeterminado.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Se solicitó renovación, pero no se indicó número de serie.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "No se indica URL de entidad final (-E), y no hay valor predeterminado.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "No se indica URL de agente (-A), y no hay valor predeterminado.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "No se indica perfil/plantilla (-T), y no hay valor predeterminado.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Error al apagar NSS\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Error interno: estado desconocido.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "No se han dado credenciales de agente (-n), pero son necesarias.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Error %d conectando a %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Error %d conectando a %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Error interno: no hay respuesta para \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "COMANDO" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "DIRECTORIO" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LISTAR" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "DIRECCION" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "NOMBRE DE FICHERO" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "NOMBRE DE HOST" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "BITS" #: src/getcert.c:71 msgid "MODE" msgstr "MODO" #: src/getcert.c:72 msgid "NAME" msgstr "NOMBRE" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "PRINCIPAL" #: src/getcert.c:74 msgid "SUBJECT" msgstr "ASUNTO" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "NOMBRE DE USUARIO[:NOMBRE DE GRUPO]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "La dirección \"%s\" no es absoluta, intentando usar \"%s\" en su lugar.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "La ruta \"%s\" no es absoluta, y hubo un error al determinar el nombre del " "directorio actual.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Ruta \"%s\": permisos insuficientes.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "La dirección \"%s\" no es un directorio.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Ruta \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "La dirección \"%s\" no es un archivo común.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Ningún bus del sistema se está ejecutando.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Ejecutando como UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Iniciando temporalmente un demonio de servicio dedicado.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Error conectándose a D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" "Por favor verifique que el servicio de bus de mensajes (D-Bus) se encuentre " "funcionando.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Error creando mensaje de petición DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Error analizando argumentos." #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "Nombre de propiedad no reconocido." #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "Nombre de propiedad no reconocido." #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Ha ocurrido un error interno." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Falta memoria.\n" #: src/getcert.c:434 #, fuzzy msgid "error in popt configuration file" msgstr "borrar una configuración CA\n" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Error %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Error %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Error: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Se ha recibido una respuesta de erro desde el servicio %s local.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "No se ha recibido una respuesta desde el servicio %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Estado %s, pendiente: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "Base de datos NSS para clave y certificado" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "nickname para almacenamientos basado en NSS (sólo válido con -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "nombre opcional de token para almacenamiento basado en NSS (sólo válido con -" "d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "fichero PEM para clave privada" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "Fichero PEM para certificado (sólo válido con -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "archivo que contiene el cifrado de clave privada PIN" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "encriptación de clave privada PIN" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "información del propietario para clave privada" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "permisos de archivo para clave privada" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "información del propietario para certtificado" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "permisos de fichero para certificado" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "base de datos NSS en la que se almacenan los certificados de CA" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "fichero en el que se almacenan los certificados de CA" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "comando a ejecutar antes de guardar un certificado" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "comando a ejecutar después de guardar un certificado" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "nickname para asighnar a la petición" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "tipo de clave que se generará si no hay una ya en su sitio" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "tamaño de la clave a ser generada si no hay una ya en su sitio" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "intentar renovar el certificado cuando esté cerca de su expiración (por " "defecto)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "no intenta renovar el certificado cuando estña cerca de su expiración" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "usa la configuración de CA especificada en lugar de la por defecto" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "pide al CA que procese la petición usando el perfil o modelo llamado" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "pide al CA que procese la petición usando el perfil o modelo llamado" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "establece nombre del sujeto solicitado (por defecto: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "ajusta el valor de utilización de la clave solicitada" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "fija la utilización de la clave extendida OID solicitada" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "fija el nombre principal solicitado" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "fija el nombre DNS pedido" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "fija la dirección de correo electrónico pedida" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "fija la dirección IP pedida" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "fija que coge un valor de reto de contraseña opcional" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "un valor de reto de contraseña opcional" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 #, fuzzy msgid "request a CA certificate" msgstr "HTTPS requiere un certificado CA.\n" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 #, fuzzy msgid "request a non-CA certificate" msgstr "HTTPS requiere un certificado CA.\n" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 #, fuzzy msgid "path length for CA certificate" msgstr "archivo PEM para certificado" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "intenta esperar a que se emita el certificado" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "máximo tiempo de espera para que el certificado sea mandado" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "conectar al servicio certmonger sobre el bus de sesión" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "conectar al servicio certmonger sobre el bus del sistema" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Erro al inicializar la biblioteca Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Sin soporte para generar las llaves \"%s\"\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Los tipos de llaves conocidos incluyen:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "keyUsage \"%s\" no reconocido.\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "No se pudo evaluar OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Error analizando el nombre \"%s\"del principal de Kerberos: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" "Error al dejar de analizar el nombre \"%s\" del principal de Kerberos: %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: valor inválido -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: opción requiere un argumento -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: opción no valida -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Error: argumento extra no utilizado \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Error: se enviaron argumentos extra no usados.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" "La ubicación de la base de datos, o el apodo, han sido indicados el uno sin " "el otro.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" "Han sido especificados el directorio de la base de datos y el archivo de " "certificado.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "No han sido especificados ni el directorio de la base de datos, ni el apodo " "del archivo de certificado.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "La llave y el certificado no pueden ambos ser guardados en un mismo " "archivo.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "El motor de IPA necesita la utilización de la opción -K (el nombre del " "principal) cuando se esté utilizando la opción -N (el nombre del asunto).\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "No se ha encontrado un CA con el nombre \"%s\".\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Error al definir los argumentos de la petición.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Ha sido agregada una nueva petición \"%s\" de identificación.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Ha se ha podido agregar la nueva petición de identificación.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Nueva solicitud de seguimiento \"%s\" agregada.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Nueva solicitud de seguimiento no puede ser agregada.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "archivo PEM para clave privada (válido sólo con -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "archivo PEM para certificado" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "apodo de una petición existente" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "apodo a dar a la petición de rastreo" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "invalidar el valor de uso de la clave solicitada" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "invalidar utilización pedida de clave extendida OID" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "invalidar nombre principal pedido" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "invalidar nombre de DNS pedido" #: src/getcert.c:1874 msgid "override requested email address" msgstr "invalidar dirección de correo electrónico pedida" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "invalidar dirección IP pedida" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "No se ha especificado ningún ID, o directorio de base de datos y apodo, o " "archivo de certificado.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Solicitud \"%s\" modificada.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Solicitud \"%s\" no puede ser modificada.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "No han sido halladas peticiones con el alias indicado.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "No se encontraron solicitudes que coincidan con los argumentos.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Solicitud \"%s\" eliminada.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "La solicitud \"%s\" no pudo ser eliminada.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "apodo para petición de rastreo" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "nuevo apodo dado a la petición de rastreo" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "teclee nueva clave para ser generada" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "tamaño de nueva clave a ser generada" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "usar la configuración de CA especificada en lugar de la actual" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Error modificando \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Reenviando \"%s\" to \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Reenviando \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Error intentando enviar \"%s\" hacia \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Error intentando enviar \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "refrescar información sobre todas las peticiones pendientes" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "refreescar información solo para las peticiones que usen la configuración CA " "especificada" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Petición de ID '%s' se está refrescando.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Petición de ID '%s' NO se está refrescando.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "listar solo información sobre las peticiones pendientes" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "listar solo información sobre los certificados rastreados" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "listar sólo las peticiones y certificados asociados con esta configuración " "de CA" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" "Cantidad de peticiones y certificados que están siendo rastrados: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID de solicitud '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\testado: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-error: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tstuck: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" "»par de clave " "almacenada: tipo=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NINGUNO" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",ubicación='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",usuario='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "ajuste de ,pin" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",archivopin='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" "»certificado: tipo=%s," "ubicación='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\tpetición de firma thumbprint (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\tpetición de firma thumbprint (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tgenerador: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tasunto: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "desconocido" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\texpira: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tcorreo electrónico: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnombre del principal: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "⇥Dirección IP:" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" "\tutilización de clave: %s\n" "\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tplantilla/perfil de certificado: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "⇥certificados raíz guardados en un archivo:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "⇥otros certificados raíz guardados en un archivo:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "⇥otros certificados guardados en un archivo:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "⇥certificados raíz guardados en la base de datos:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "⇥otros certificados raíz guardados en la base de datos:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "⇥otros certificados guardados en la base de datos:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tcomando de almacenado previo: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tcomando de almacenado posterior: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\ttrack: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto renovación: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Ninguna ID o directorio de base de datos y apodo o archivo de certificado " "especificado.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "listar sólo la configuración de CA especificada" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "auto-identificado como: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\ttipo de tca: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tubicación del asistente: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tnúmero de serie siguiente: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnombres de generadores conocidos:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "known profiles/templates/certtypes:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "default profile/template/certtype: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tidentificador SCEP CA: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tcretificado SCEP CA thumbprint (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tcertificado SCEP CA thumbprint (SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "refrescar la información sobre la configuración CA con este nombre" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "refrescar información sobre todas las CAs conocidas" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "Ningún apodo CA y ningúna bandera -a especificada.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Datos para CA '%s' se están refrescando.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Datos para CA innombrados están refrescándose.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "error refrescando los datos CA\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "apodo dado a la nueva configuración CA" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "comando auxiliar a ejecutar para comunicar con CA" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "apodo CA no especificado.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "comando auxiliar CA no especificado.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Nuevo CA \"%s\" añadido.\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Nueva CA podría no ser añadida.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "localización del servidor SCEP" #: src/getcert.c:4458 msgid "CA identifier" msgstr "identificador CA" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "archivo conteniendo certificado de CA" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "archivo conteniendo certificado de RA" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "archivos conteniendo certificados en la cadena de certificación de RA" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "prefiere no usar la funcionalidad SCEP Renewal" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "URL del servidor no especificada.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS requiere un certificado CA.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Error construyendo la línea de comando.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "Error ajustando el identificador CA.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "apodo de la configuración CA" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "actualizado el comando de auxilio a ejecutar para comunicar con CA" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "CA \"%s\" modificado.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "CA podría no ser modificado.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "apodo de configuración CA a borrar" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "CA \"%s\" borrado.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "CA podróa no ser borrado.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s . herramienta de inscripción de certificado de cliente\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Utilización: petición %s [opciones]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Argumentos requeridos:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" "* si se está utilizando para el almacenamiento una base de datos NSS:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tbase de datos NSS para la llave y el certificado\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME\tapodo para el almacenamiento basado en NSS (sólo valido con -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME\tnombre opcional de la ficha para el almacenamiento basado en NSS " "(sólo valido con -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* si se están utilizando archivos para el almacenamiento:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE\tarchivoPEM para la llave privada\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE\tarchivo PEM para el certificado (sólo válido con -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* si la llaves serán cifradas:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\tarchivo que contiene el PIN de cifrado\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tvalor del PIN\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Argumentos opcionales:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Configuración de la manipulación del certificado:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\tapodo a ser asignado a la petición\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" "-G TYPE⇥tipo de llave a ser generada si no hay alguna en su lugar\n" "\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g SIZE\ttamaño de la llave a ser generada si aún no existe ninguna\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tintento de renovación del certificado cuando el momento de " "expiración esté próximo (predeterminado)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tno intentar renovar el certificado cuando el momento de expiración " "esté próximo\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tutilizar el CA indicado en lugar del predeterminado\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\tpide a CA el proceso de la solicitud utilizando el perfil o el " "modelo invocado\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFILE\tpide a CA el proceso de la solicitud utilizando el perfil o el " "modelo invocado\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parámetros para la petición de identificación:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME\tdefine el nombre del asunto solicitado (predeterminado: " "CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tdefine la utilización OID de la extensión de la llave " "solicitada\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" " -u KEYUSAGE\tfijado el valor de utilzación de clave pedido\n" "\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tdefine el nombre del principal solicitado\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tdefine el nombre DNS solicitado\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tdefine la dirección de correo electrónico solicitada\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADDRESS⇥define la dirección IP solicitada\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l FILE\tarchivo que contiene una contraseña de desafío opcional\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L PASSWORD\tun valor opcional de contraseña de desafio\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Opciones de Bus:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tconectar al servicio certmonger en el bus del sistema\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tconectar al servicio certmonger en el bus de sesión\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Otras opciones:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tcomando a ejecutar antes de guardar el certificado\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tcomando a ejecutar luego de guardar el certificado\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "-F archivo en el cual almacenar los certificados CA\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "-a base de datos en la cual almacenar los certificados CA\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "-w intenta esperar que los certificados sean emitidos\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" " -v»informar todos " "los detalles de errores\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Utilización: %s iniciar seguimiento [opciones]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Si se está modificando una petición existente:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\tnombre de apodo de una petición de seguimiento existente\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Si las llaves se encuentran cifradas:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\tapodo a darle a la petición de seguimiento\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" "* Parámetros para la solicitud de firma en el momento de la renovación:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\treemplazar la utilización de llave extendida OID solicitada\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\treemplazar el nombre principal solicitado\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\treemplazar el nombre DNS solicitado\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\treemplazar la dirección de correo electrónico solicitada\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADDRESS⇥remplazar la dirección IP solicitada\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Utilziación: %s detener seguimiento [opciones]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Por identificador de petición:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\tapodo de la petición de seguimiento\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Utilización: %s volver a enviar [opciones]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\tarchivo PEM del certificado\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nuevos valores de los parámetros de la petición de identificación:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\tnuevo apodo a darle a la petición de seguimiento\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tutilizar el CA indicado en lugar del actual\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Utilización: %s rekey [opciones]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TYPE\tteclee de nuevo la clave a ser generada\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g SIZE\ttamaño de la nueva clave a ser generada\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Utilización: %s lista [opciones]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Opciones generales:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tlista sólo las peticiones y los certificados asociados con este CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tlista sólo la información acerca de peticiones destacadas\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tlista sólo información acerca de certificados en seguimiento\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Si selecciona un pedido específico:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR» sólo lista " "los pedidos y certificados que usa esta base de datos NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NOMBRE»sólo lista " "los pedidos y certificados que usan este apodo\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f ARCHIVO »sólo " "lista los pedidos y certificados guardados en este archivo PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tconectar con el servicio certmonger en el bus del sistema\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tconectar con el servicio certmonger en el bus de la sesión\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Uso: %s refrescar [opciones]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\tactualizar información sobre todas las solicitudes pendientes\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Uso: %s estado [opciones]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* Seleccione una petición específica\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* cuando se usa una base de datos NSS para almacenamiento\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" "-d DIR devuelve el estado para las peticiones en esta base de datos NSS\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "-n NOMBRE devuelve el estado para cert que usa este apodo\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* cuando se usan archivos para almacenamiento:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" "-f ARCHIVO devuelve el estado para cert almacenado en este archivo PEM\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Utilización: %s list-cas [opciones]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" " -c CA\tlista sólo la información de este nombre relacionada con el CA\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Uso: %s refresh-ca [opciones]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "-c CA refresca la información acerca de los CA con este nombre\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\trefrescar información sobre todas las CAs conocidas\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Utilización: %s add-ca [opciones]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\tapodo a dar a la nueva configuración CA\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr " -e CMD\tcomando de ayuda a ejecutar para comunicarse con CA\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Utilización: %s add-scep-ca [opciones]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tlocalización del servidor SCEP\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ID\t\tidentificador CA\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R FILE\tarchivo conteniendo el certificado de CA\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r FILE\tarchivo conteniendo el certificado de RA\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" " -I FILE\tarchivo conteniendo certificados en la cadena de certificación de " "RA\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tprefiere no usar la función SCEP Renewal\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Utilización: %s modify-ca [opciones]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\tapodo de la configuración CA\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e CMD\tcomando actualizado del ayudante a ejecutar para comunicar con CA\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Utilización: %s remove-ca [opciones]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\tapodo de configuración CA a borrar\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Utilización: %s comando [opciones]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "solicitar un nuevo certificado desde una CA\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "empezar a monitorizar un certificado ya mandado\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "parar de monitorizar un certificado\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "reenviar una solicitud de inscripción en curso, o iniciar una nueva\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "genera una nueva clave privada y reemplaza un certificado\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "comprobar el estado de una solicitud de inscripción en curso\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "lista los certificados que están siendo monitorizados y pedidos\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" "comprueba el estado de un certificado que está siendo monitorizado o pedido\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "añade una configuración CA\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "añade una configuración SCEP CA\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "klista las configuraciones CA conocidas\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "modificar una configuración CA\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "refrescar el cache de toda la información obtenida de una CA\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "borrar una configuración CA\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: comando no reconocido\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "No es posible determinar la ubicación del servidor IPA LDAP\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "Incapaz de contactar con un servidor IPA LDAP.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" "No es posible determinar la base DN de el dominio de en el servidor IPA\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "Error configurando para XMLRPC en el cliente\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "La opción -t no puede ser utilizada junto con la opción -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "La opción -k no puede ser utilizada junto con la opción -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" "La opción -K no puede ser utilizada junto con la opción -k, ni con la opción " "-t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" "No es posible determinar el nombre del principal para la petición de " "identificación.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "No hay dominio IPA configurado y no se ha especificado ninguno.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Error definiendo ccache para el servicio del \"equipo\" utilizando el keytab " "predeterminado: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Error definiendo ccache para \"%s\" en el cliente utilizando el keytab " "predeterminado: %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Error definiendo ccache para el servicio del \"equipo\" en el cliente " "utilizando el keytab \"%s\": %s\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Error definiendo ccache para \"%s\" en el cliente utilizando el keytab \"%s" "\": %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "No es posible leer la petición de identificación.\n" #: src/main.c:74 msgid "use session bus" msgstr "use bus de sesión" #: src/main.c:75 msgid "use system bus" msgstr "use bus de sistema" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "iniciar un socket de escucha dedicado" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "sólo usar un socket de escucha dedicado" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "especificar el socket de escucha dedicado" #: src/main.c:78 msgid "PATHNAME" msgstr "NOMBRE DE RUTA" #: src/main.c:79 msgid "don't become a daemon" msgstr "no ha llegado a ser demonio" #: src/main.c:80 msgid "do become a daemon" msgstr "ha llegado a ser demonio" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "activado por bus, tiempo de espera inactivo" #: src/main.c:81 msgid "SECONDS" msgstr "SEGUNDOS" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "no usar un tiempo de espera inactivo" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "fijar el nivel de depuración (implica -n)" #: src/main.c:83 msgid "NUMBER" msgstr "NÚMERO" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "iniciar COMMAND y salir cuando lo haya hecho" #: src/main.c:87 msgid "write service PID to file" msgstr "escribir PID del servicio al archivo" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "forzar NSS hacia modo FIPS" #: src/main.c:90 msgid "print version information" msgstr "imprimir información de la versión" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Utilización: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s usar session bus\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S usar system bus\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l iniciar un socket de escucha dedicado\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L sólo usar un socket de escucha dedicado\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P PATH especificar el socket de escucha dedicado\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n no se convierta en demonio\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f conviértase en demonio\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT bus-activated, tiempo de inactividad \n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B no usar un tiempo de inactividad \n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL establecer nivel de depuración (implica -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c COMMAND iniciar COMMAND y salir cuando lo haga\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FILE escribir servicio PID al archivo \n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" "\t-F forzar NSS en modo FIPS\n" "\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v imprimir información de versión y salir\n" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "No se indica URL de agente (-A), y no hay valor predeterminado.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "No se indica URL de agente (-A), y no hay valor predeterminado.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "No se indica perfil/plantilla (-T), y no hay valor predeterminado.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "No se ha recibido una respuesta desde el servicio %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Error analizando la respuesta del servidor.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Error analizando la respuesta del servidor.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Error interno: estado desconocido.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Ha ocurrido un error interno." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "No se ha encontrado una entrada coincidente.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Ya existe un CA con el apodo \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "No ha sido especificado el tipo de certificado de almacenamiento." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" "No existe soporte para el tipo \"%s\" de certificado de almacenamiento." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "La ubicación \"%s\" debe ser una ruta absoluta." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "No ha sido indicada una ubicación del certificado de almacenamiento." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "El padre de la ubicación \"%s\" no pudo ser accesado debido a permisos " "insuficientes." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "El paterno de la ubicación \"%s\" debe ser un directorio válido." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "La ubicación \"%s\" debe ser un archivo." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" "La ubicación \"%s\" no pudo ser accesada debido a permisos insuficientes." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "La ubicación \"%s\" debe ser un directorio." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "No ha sido especificado un apodo de certificado." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Ya existe una petición con el apodo \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Un certificado en la misma ubicación ya está siendo utilizado por la " "petición hecha con el alias \"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "No existe soporte para el tipo \"%s\" de llave de almacenamiento." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "No ha sido especificada una ubicación de la llave." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "No ha sido especificado un apodo de llave." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Una llave en la misma ubicación ya está siendo utilizada por la petición " "hecha con el alias \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Sin soporte para tipo de llave %s\"." #: src/tdbush.c:1400 msgid "No such CA." msgstr "No existe el CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "No se conoce la autoridad \"%s\" del certifiicado. " #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Parámetro irreconocible o tipo de valor erróneo." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Error analizando argumentos." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Nombre de propiedad no reconocido." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Acceso insuficiente. Por favor reintente la operanción como root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Por favor verifique que el servicio certmonger ha sido arrancado.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" "Por favor verifique que el servicio certmonger está todavía corriendo.\n" certmonger-0.79.19/po/eu.po0000644000175000017500000014224014511314133015024 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Asier Iturralde Sarasola , 2012 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:52-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Basque (http://www.transifex.com/projects/p/certmonger/" "language/eu/)\n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Zerbitzariaren errorea.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Hautazko argumentuak:\n" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Errorea %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Errorea %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Errorea: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "ezezaguna" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" #: src/getcert.c:3736 msgid "\temail: " msgstr "" #: src/getcert.c:3742 msgid "\tdns: " msgstr "" #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Beharrezko argumentuak:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Hautazko argumentuak:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Beste aukerak:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Aukera orokorrak:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Zerbitzariaren errorea.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/fr.po0000644000175000017500000017371214511314133015032 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # dominique bribanick , 2012 # Gé Baylard , 2014 # Jérôme Fenal , 2012-2014 # Joël Beaudoin , 2011 # Kévin Raymond , 2012 # Natacha Rault , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2021-08-26 07:04+0000\n" "Last-Translator: Natacha Rault \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 4.8\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Mémoire saturée.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" "Impossible de déterminer le nom d'hôte de l'autorité de certification.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Impossible de lire la signature de la demande.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Impossible de lire la signature de la demande.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Erreur lors de la configuration de XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Erreur d'analyse de la réponse du serveur.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Erreur du serveur.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Les paramètres soumis (-o) doit être de la forme paramètre=valeur\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, fuzzy, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" "Aucune URL d'agent spécifiée (-A), et aucune valeur par défaut connue.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Renouvellement demandé, mais numéro de série manquant.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "Aucune URL d'entité finale spécifiée (-E), et aucune valeur par défaut " "connue.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" "Aucune URL d'agent spécifiée (-A), et aucune valeur par défaut connue.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" "Aucune profil ou patron spécifié (-T), et aucune valeur par défaut connue.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Erreur lors de l'arrêt de NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Erreur interne : état inconnu.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Erreur %d lors de la connexion à %s : %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Erreur %d lors de la connexion à %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Erreur interne : pas de réponse à « %s?%s ».\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "Le chemin « %s » n'est pas absolu, tentative d'utilisation de « %s » à la " "place.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Le chemin d'accès « %s » n'est pas absolu, et il y a une erreur pour " "déterminer le nom du répertoire courant.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Chemin « %s » : permissions insuffisantes.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Le chemin « %s » n'est pas un répertoire.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Chemin « %s » : %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Le chemin « %s » n'est pas un fichier régulier.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" "Veuillez vérifier que le service bus de messages (D-Bus) est en cours " "d'exécution.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Erreur de création du message de demande de DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Erreur lors de l'analyse des arguments." #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "Nom de propriété inconnu." #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "Nom de propriété inconnu." #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Une erreur interne s'est produite." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Mémoire saturée.\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Erreur %s : %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Erreur %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Erreur : %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Un message d'erreur a été reçu du service local %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Pas de réponse du service %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "État %s, bloqué : %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "" " -T PROFIL\tinterroger le CA pour traiter la requête en utilisant le profil " "nommé ou le modèle\n" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Erreur lors de l'initialisation de la bibliothèque Kerberos : %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Absence de prise en charge de la création de clés « %s ».\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Les types de clés connus incluent :" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Utilisation de la clé « %s » inconnue.\\n\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Impossible d'évaluer OID « %s ».\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Erreur lors de l'analyse du nom principal Kerberos « %s » : %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" "Erreur lors de la récupération du nom principal Kerberos « %s » : %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s : valeur invalide -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s : cette option requiert un argument -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s : -- '%c' est une option invalide\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Erreur : l'argument supplémentaire « %s » est inutilisé.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Erreur : des arguments supplémentaires inutilisés ont été fournis.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" "Un élément est manquant entre le nom de la base de données ou son nom.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" "Le répertoire de la base de données et le fichier de certificat ont été " "spécifiés.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Aucun répertoire de base de données, nom ou fichier de certificat n'ont été " "spécifiés.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "Les clés et les certificats ne peuvent être tous les deux enregistrés dans " "le même répertoire.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Le backend IPA requiert l'utilisation de l'option -K (nom principal) si " "l'option -N (nom d'objet) est utilisée.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Pas d'autorité de certification avec le nom « %s » trouvé.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Erreur de paramétrage des arguments.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Nouvelle demande de signature de « %s » ajoutée.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "La nouvelle demande de signature n'a pas pu être ajoutée.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Nouvelle demande de suivi « %s » ajoutée.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "La nouvelle demande de suivi n'a pas pu être ajoutée.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Aucun ID ou répertoire de base de données ni de nom ou fichier de certificat " "spécifié.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Demande « %s » modifiée.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "La demande « %s » ne peux être modifiée.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Aucune demande trouvée avec le nom spécifié.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Aucune demande ne correspond aux arguments.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Demande « %s » suprimée.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Demande « %s » n'a pas pu être enlevée.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Erreur lors de la modification de « %s ».\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Nouvelle soumission de « %s » à « %s ».\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Nouvelle soumission de « %s ».\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Erreur en tentant de soumettre « %s » à « %s ».\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Erreur en tentant de soumettre « %s ».\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Le numéro des certificats et les demandes qui seront suivis : %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID de la demande « %s » :\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tétat : %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\terreur-ac : %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tbloqué : %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tpaire de clés de stockage : modèle = « %s »" #: src/getcert.c:3652 msgid "NONE" msgstr "Aucun" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ", emplacement = « %s »" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ", nom = « %s »" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ", jeton = « %s »" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ", fichier pin = « %s »" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertificat : modèle = « %s », emplacement = « %s »" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tAutorité de certification : %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\témetteur : %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tsujet : %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "inconnu" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\texpiration : %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\te-mail : " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns : " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnom principal : " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tAdresse IP : " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tusage de la clé : %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku : " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\tcertificats racine enregistrés sur fichiers :\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tautres certificats racine enregistrés sur fichiers :\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tautres certificats enregistrés sur fichiers :\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\tcertificats racine enregistrés sur bases de données :\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tautres certificats racine enregistrés sur bases de données :\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tautres certificats enregistrés sur bases de données :\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tcommande de pré-sauvegarde : %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tcommande de post-sauvegarde : %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tchemin : %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto-renouvellement : %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "Autorité de certification « %s » :\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tauto-identification en tant que : %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\ttype-ac : %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\templacement-de-l'-aide : %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tprochain-numéros-de-série : %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnoms-des-problèmes-identifiés :\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tprofils/modèles/types de certificats connus :\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tprofils/modèles/types de certificats par défaut : %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\terreur lors du rafraîchissement des données du CA\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - outil d'inscription du certificat client\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Utilisation : %s request [options]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Arguments requis :\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Si vous utilisez une base de données NSS pour le stockage :\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d RÉPERTOIRES\tNSS base de données pour les clés et certificats\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NOM\tsurnom pour le stockage NSS-base (valide uniquement avec -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NOM\tnom de jeton optionel pour le stockage NSS-base (valide uniquement " "avec -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Si vous utilisez des fichiers de stockage :\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FICHIER\tPEM fichier pour une clé privée\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FICHIER\tPEM fichier du certificat (valide uniquement avec -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Si les clés sont à chiffrer :\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FICHIER\tfichier qui contient le code PIN de chiffrement\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tvaleur PIN\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Arguments optionnels :\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Paramètres de gestion du certificat :\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NOM\tnom à attribuer à la demande\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TYPE\ttype de la clé à créer si aucune n'existe déjà\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g TAILLE\ttaille de la clé à générer si elle n'est pas déjà en place\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\ttente de renouveler le certificat lorsque l'expiration approche (par " "défaut)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tne pas tenter de renouveler le certificat lorsque l'expiration " "approche\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" " -c AC\t\tutiliser l'autorité de certification spécifié, plutôt que celui " "par défaut\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFIL\tinterroger le CA pour traiter la requête en utilisant le profil " "nommé ou le modèle\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFIL\tinterroger le CA pour traiter la requête en utilisant le profil " "nommé ou le modèle\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Paramètres de la requête de signature :\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NOM\tdéfinit le nom du sujet demandé (par défaut: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tdéfinit l'étendu de l'utilisation d'une clé OID demandé\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u USAGECLÉ\tconfigure la valeur requise d'usage de la clé\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NOM\tdéfinit le nom principal demandé\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D NOMDNS\tdéfinit le nom DNS demandé\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tdéfinit l'adresse e-mail demandé\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADRESSE\tdéfinit l'adresse IP demandée\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Options du Bus :\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tconnecte le service certmonger sur le bus système\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tconnecte le service certmonger sur le bus de session\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Autres options :\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tcommande à lancer avant de sauvegarder le certificat\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tcommande à lancer après avoir sauvegardé le certificat\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tfichier de stockage des certificats de CA\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tbase de données NSS d'enregistrement des certificats de CA\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\trapporte tous les détails des erreurs\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Utilisation : %s start-tracking [options]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Si vous modifiez une requête existante :\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NOM\tnom d'une demande de suivi existante\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Si les clés sont chiffrées :\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NOM\tnom à donner à la demande de suivi\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" "* Paramètres de la requête de signature au moment du renouvellement :\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\toutrepasse la requête d'utilisation d'une clé OID étendue\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NOM\toutrepasse le nom principal demandé\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D NOMDNS\toutrepasse le nom DNS demandé\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\toutrepasse l'adresse e-mail demandée\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADRESSE\toutrepasse l'adresse IP demandée\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Utilisation : %s stop-tracking [options]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* En identifiant la demande :\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NOM\tnom pour suivre la demande\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Utilisation : %s resubmit [options]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FICHIER\tfichier PEM pour le certificat\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nouvelle valeur du paramètre pour la demande de signature :\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NOM\tnouveau nom à donner à la demande de suivi\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" " -c AC\t\tutilise l'autorité de certification spécifié plutôt que l'actuel\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Utilisation : %s list [options]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Options générales :\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c AC\tliste seulement les requêtes et les certificats associés à une " "autorité de certification\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tliste seulement l'information des demandes en attente\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tliste seulement l'information des certificats suivis\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Si vous sélectionnez une requête spécifique : \n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\tn'afficher que les requêtes et certificats utilisant cette base de " "données NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME\tn'afficher que les requêtes et certificats utilisant ce pseudo\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE\tn'afficher que les requêtes et certificats stockés dans ce " "fichier PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tconnecte le service certmonger sur le bus système\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tconnecte le service certmonger sur le bus de session\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Utilisation : %s status [options]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Utilisation : %s list-cas [options]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" " -c AC\tliste seulement les informations à propos de l'autorité de " "certification avec ce nom\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Utilisation : %s refresh-ca [options]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\trafraîchir l'information du CA de ce nom\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s : commande inconnue\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "Impossible de déterminer l'emplacement du serveur LDAP IPA.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" "Impossible de déterminer le DN de base des informations de domaine sur le " "serveur IPA.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "Erreur lors de la configuration de XMLRPC sur le client.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "L'option -t ne peut pas être utilisée avec l'option -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "L'option -k ne peut pas être utilisée avec l'option -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "L'option -K ne peut pas être utilisée avec les options -k ni -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" "Impossible de déterminer le nom principal pour la signature demandée.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Erreur de mise en place du ccache pour le service « hôte » sur le client " "utilisant le jeu declés par défaut : %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Erreur de mise en place du ccache pour « %s » sur le client en utilisant le " "jeu de clés par défaut : %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Erreur de mise en place du ccache pour le service « hôte » en utilisant le " "jeu de clés « %s » : %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Erreur de mise en place du ccache pour « %s » sur le client en utilisant le " "jeu de clés « %s » : %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Impossible de lire la signature de la demande.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s utiliser le bus de la session\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S utiliser le bus du système\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n ne pas se transformer en démon\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f devenir un démon\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b délai d'attente du bus activé, durée d'inactivité\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B ne pas utiliser un délai d'inactivité\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d NIVEAU définir le niveau de débogage (nécessite -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FICHIER écrire le PID du service dans un fichier\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F impose le mode FIPS à NSS\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" "Aucune URL d'agent spécifiée (-A), et aucune valeur par défaut connue.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" "Aucune URL d'agent spécifiée (-A), et aucune valeur par défaut connue.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" "Aucune profil ou patron spécifié (-T), et aucune valeur par défaut connue.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Pas de réponse du service %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Erreur d'analyse de la réponse du serveur.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Erreur d'analyse de la réponse du serveur.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Erreur interne : état inconnu.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Une erreur interne s'est produite." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Aucune correspondance trouvées.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Il existe déjà une autorité de certification avec le nom « %s »." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Type de stockage de certificat non spécifié." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Le type de certificat « %s » n'est pas pris en charge." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "L'emplacement « %s » doit être un chemin absolu." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Emplacement de stockage de certificat non spécifié." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "L'emplacement parent de « %s » n'est pas accessible du fait de permissions " "insuffisantes." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "L'emplacement principal « %s » doit être un répertoire valide." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "L'emplacement « %s » doit être un fichier." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" "L'emplacement « %s » n'est pas accessible du fait de permissions " "insuffisantes." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "L'emplacement « %s » doit être un répertoire." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Nom du certificat non spécifié." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Il existe déjà une demande avec le nom « %s »." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "Le certificat est déjà utilisé par une requête avec le nom « %s »." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Stockage de clés de type « %s » n'est pas pris en charge." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Emplacement de stockage de clé non spécifié." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nom de la clé non spécifié." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "La clé est déjà utilisé par une requête avec le nom « %s »." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Absence de prise en charge des clés de type « %s »." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Aucune autorité de certification." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "L'autorité de certification « %s » non connue." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Paramètre inconnu ou type de valeur incorrecte." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Erreur lors de l'analyse des arguments." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Nom de propriété inconnu." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" "Accès insuffisant. Merci de recommencer l'opération en tant que root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Merci de vérifier que le service certmonger a été démarré.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" "Merci de vérifier que le service certmonger est en cours d'exécution.\n" "\n" certmonger-0.79.19/po/gu.po0000644000175000017500000014527314511314133015037 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # sweta , 2011 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:53-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Gujarati (http://www.transifex.com/projects/p/certmonger/" "language/gu/)\n" "Language: gu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "CA નાં યજમાનનામને નક્કી કરવાનું અસમર્થ.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "XMLRPC માટે સુયોજિત કરતી વખતે ભૂલ.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "સર્વર ભૂલ.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "મહેરબાની કરીને ખાતરી કરો કે સંદેશા બસ (D-Bus) સેવા ચાલી રહી છે.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "વૈકલ્પિક દલીલો:\n" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "આંતરિક ભૂલ ઉદ્ભવી." #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "ભૂલ %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "ભૂલ %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "ભૂલ: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "નામ \"%s\" સાથે CA મળ્યુ નથી.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tસ્થિતિ: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tવિષય: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "અજ્ઞાત" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tઇમેલ: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tટ્રેક: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "જરૂરી દલીલો:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN કિંમત\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "વૈકલ્પિક દલીલો:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* બસ વિકલ્પો:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Usage: %s list [options]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* સામાન્ય વિકલ્પો:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "સર્વર ભૂલ.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "આંતરિક ભૂલ ઉદ્ભવી." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "પ્રમાણપત્ર સંગ્રહ પ્રકાર સ્પષ્ટ થયેલ નથી." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "પ્રમાણપત્ર સંગ્રહ પ્રકાર \"%s\" આધારભૂત નથી." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "પ્રમાણપત્ર સંગ્રહ સ્થાન સ્પષ્ટ થયેલ નથી." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "સ્થાન \"%s\" ફાઇલ હોવી જ જોઇએ." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "સ્થાન \"%s\" ડિરેક્ટરી હોવી જ જોઇએ." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "પ્રમાણપત્ર ઉપનામ સ્પષ્ટ થયેલ નથી." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "કી સંગ્રહ પ્રકાર \"%s\" આધારભૂત નથી." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "કી સંગ્રહ સ્થાન સ્પષ્ટ થયેલ નથી." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "કી ઉપનામ સ્પષ્ટ થયેલ નથી." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/hu.po0000644000175000017500000017034614511314133015037 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Peter Borsa , 2012 # Zoltan Hoppár , 2012-2013 # Porcsin László , 2015. #zanata # Dankaházi (ifj.) István , 2021, 2023. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2023-05-12 19:21+0000\n" "Last-Translator: Dankaházi (ifj.) István \n" "Language-Team: Hungarian \n" "Language: hu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.15.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Elfogyott a rendelkezésre álló memória.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "CA hosztnevének meghatározása meghiúsult.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Nem sikerült beolvasni az aláírási kérelmet a \"%s\" fájlból.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" "Nem sikerült beolvasni az aláírási kérelmet a \"%s\" környezeti változóból.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Hiba történt a XMLRPC-re történő beállításkor\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Hiba a szerver válasz értelmezésében.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Szerver hiba.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, fuzzy, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Nincs ágens URL megadva (-A), és nincs ismert alapértelmezett sem.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "Nincs végentitású URL megadva (-E), és nincs ismert alapértelmezett sem.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Nincs ágens URL megadva (-A), és nincs ismert alapértelmezett sem.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" "Nincs profil / sablon megadva (-T), és nincs ismert alapértelmezett sem.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Belső hiba: ismeretlen állapot.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Hiba: %d csatlakozik ide - %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Hiba: %d csatlakozik ide - %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Belső hiba: nincs válasz erre - \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "\"%s\" elérési út nem abszolút, próbaként \"%s\" kerül alkalmazásra " "helyette.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "\"%s\" elérési út nem abszolút, és hiba történt a jelenlegi könyvtár " "meghatározásakor.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "\"%s\" elérési út nem egy szabályos könyvtár.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Elérési út \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "\"%s\" elérési út nem egy szabályos fájl.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Kérem ellenőrizze, hogy az üzenet busz (D-Bus) szolgáltatás működik.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Hiba történt a a DBus kérési üzenet elkészítésekor.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 msgid "missing argument" msgstr "hiányzó paraméter" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "ismeretlen opció %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "ismeretlen opció" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "belső hiba" #: src/getcert.c:430 msgid "out of memory" msgstr "elfogyott a memória" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Hiba %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Hiba %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Hiba %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Hiba érkezett egy helyi %s szolgáltatástól.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Nincs válasz a következő szolgáltatástól: %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" "kéri a hitelesítésszolgáltatót, hogy a kérelmet a megnevezett kibocsátó " "felhasználásával dolgozza fel" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Hiba történt a Kerberos modul beállításakor: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Felismerhetetlen kulcshasználat \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Nem értelmezhető OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Hiba a Kerberos megbízói név értelmezésekor \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Hiba a Kerberos megbízói név visszafordításakor \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: az opcióhoz szükséges egy paraméter is -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: érvénytelen opció --'%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "HIba: kihasználatlan extra paraméter \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Hiba: használaton kívüli extra paraméterek is alkalmazásra kerültek.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Adatbázis helye vagy elnevezése egymás nélkül vannak meghatározva.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Adatbázis könyvtára és az aláírás fájl meghatározva.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Sem az adatbázis könyvtára és az elnevezése, vagy az aláírás fájl nincs " "meghatározva.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "A kulcs és az aláírás nem menthető el egy ugyanazon fájlba.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Az IPA backend-nek szükséges a -K opció (megbízói név) ha az -N opció (tárgy " "név) alkalmazásban van.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Nincs elérhető CA \"%s\" néven.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Hiba a paraméterek kérésekor.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Új aláírási kérelem \"%s\" hozzáadva.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Új aláírási kérelem nem adható hozzá.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Új nyomkövetési kérés \"%s\" hozzáadva.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Új nyomkövetési kérés nem adható hozzá.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Sem az ID vagy adatbázis könyvtára és az elnevezése, vagy az aláírás fájl " "sincsen meghatározva.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "\"%s\" kérés módosult.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "\"%s\" kérés nem módosítható.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Nem található kérés a megadott elnevezéssel.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Olyan kérés nem található ami egyezne a paraméterekkel.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "\"%s\" kérés eltávolítva.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "\"%s\" kérés nem távolítható el.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "\"%s\" módosításakor hiba lépett fel.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "\"%s\" újraküldése ide: \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Újraküldés: \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Nem sikerült \"%s\" beküldése ide: \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "\"%s\" beküldése sikertelen.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "A nyomonkövetett kérések és aláírások száma: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID kérése: '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "»status: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "»ca-error: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "»beragadt: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tkulcspár tároló: típusa=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NINCS" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",helye='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",elnevezés='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",jegy='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfájl='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\ttanusítvány: típusa=%s,helye='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "»CA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "»issuer: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "»subject: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "ismeretlen" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" "»lejárati idő: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "»email: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "»dns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "»megbízó neve: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tkulcshasználat: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "»eku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tpre-mentés parancs: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tpost-mentés parancs: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "»track: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" "»automatikus " "megújítás: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "»ca-típus: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" "»segítő-helye: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" "»következő " "sorozatszám: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" "»ismert kibocsátó " "nevek:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - kliens tanusítvány felvevő eszköz\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Használata: %s kérés [opciók]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Szükséges paraméterek:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Ha egy NSS adatbázist használ a tárolóhoz:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" " -d DIR»NSS adatbázis " "a kulcshoz és a tanusítványhoz\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME»elnevezés az " "NSS-alapú tárolóhoz (csak -d opcióval érvényes)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME\topcionális token név az NSS-alapú tárolókhoz (csak a -d opcióval " "érvényes)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Ha a fájlokat a tárolásra használja:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE\tPEM fájl a privát kulcshoz\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE\tPEM fájl az aláíráshoz (csak a -k opcióval érvényes)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Ha a kulcsok titkosításra kerülnek:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\tfájl ami a titkosító PIN-t tartalmazza\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN értéke\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Opcionális paraméterek:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Aláírás ezeket a beállításokat kezeli:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\telnevezés amelyet hozzárendelhetünk az igényléshez\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr " -g SIZE\ta generálandó kulcs mérete, ha még nincs kulcs a helyén\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tmegkísérlés a bizonyítvány megújítására ha a lejárati idő közeledik " "(alapértelmezett)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tne kísérelje meg a bizonyítvány megújítását ha a lejárati idő " "közeledik\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\ta megadott CA-t használja az alapértelmezett helyett\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\task CA számítás a kért felhasznált profil név vagy sablon\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFILE\task CA számítás a kért felhasznált profil név vagy sablon\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Paraméterek az aláírási igényléshez:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME \tigényelt tárgy nevének beállítása (alapértelmezett: " "CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tigényelt kibővített kulcs használatának beállítása OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\tbeállítja a kért kulcshasználati értéket\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tigényelt elsődleges név beállítása\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tigényelt DNS név beállítása\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tigényelt email cím beállítása\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Adatcsatorna opciók:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tconnect certmonger szolgáltatásnál a rendszer buszon\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tconnect certmonger szolgáltatásnál a szál vezérélésnél\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Egyéb opciók:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tfuttatás előtt a tanúsítványt menti\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tcommand futtatás után a tanúsítványt menti\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tjelentse az összes hibarészletet\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Használata: %s nyomon követés [opciók]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Ha módosítanak egy létező kérést:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\tnickname of an existing tracking request\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Ha a kulcsok titkosítottak:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\telnevezés a nyomonkövetési kéréshez\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Az aláírási kérelem paraméterei a megújításkor:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE\tfelülírja a kért kibővített kulcs használat OID-jét\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\tfelülírja a kért elsődleges nevet\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\tfelülírja a kért DNS nevet\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\tfelülírja a kért email címet\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Használata: %s stop-tracking [opciók]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Kérés azonosítója alapján:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\telnevezés a nyomonkövetési kéréshez\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Használata: %s újraküldése [opciók]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\tPEM fájl az aláírásért\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Új paraméter értékek az aláírási kérelemhez:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\túj név megadása a nyomonkövetési kéréshez\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\talkalmazza a megadott CA-t jelenlegi helyett \n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Használata: %s listázása [opciók]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Általános opciók:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tcsak azokat a kéréseket és bizonytványokat listázza amelyek ezzel a " "CA-val vannak kapcsolatban\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tcsak a kiemelkedő kérésekről szóló információkat listázza\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" " -t\tcsak a nyomon követett tanúsítványokra vonatkozó információkat " "listázza\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Ha kiválaszt egy specifikus igénylést:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\tcsak olyan igényléseket és bizonyítványokat listáz amelyek ezt az " "NSS adatbázist használják\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME\tcsak olyan kérelmeket és tanúsítványokat listázza amelyek ezt az " "elnevezést használják\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE\tcsak olyan igényléseket és bizonyítványokat listáz amelyek " "tárolásra kerültek ebben a PEM fájlban\n" "\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tkapcsolja össze a certmonger szolgáltatást a rendszer bus-al\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" " -s\tkapcsolja össze a certmonger szolgáltatást a session bus-al\n" "\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Alkalmazás: %s list-cas [opciók]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" " -c CA\tcsak az ezzel a névvel rendelkező CA tanúsítvány információit " "listázza\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" "%s: ismeretlen parancs\n" "\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "A -t opció nem használható a _K opcióval együtt.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "A -k opció nem használható a -K opcióval együtt.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "A -K opció nem használható a -k vagy a -t opcióval sem.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Meghatározhatatlan az elsődleges neve az aláírási igénylésnek.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Bejelentkezési kérés olvasása meghiúsult.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s szálvezérlés használata\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" "\t-S rendszerbusz használata\n" "\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n művelet ne váljon daemonná\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f művelet váljon daemonná\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" "\t-b TIMEOUT busz-vezérelt, várakozási idővel\n" "\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" "\t-B várakozási idő elhagyása\n" "\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL hibakeresési szint beállítása (ez azt jelenti: -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" "\t-p FILE szolgáltatás PID rögzítése fájlba\n" "\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F eröltesse az NSS-t FIPS módba\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Nincs ágens URL megadva (-A), és nincs ismert alapértelmezett sem.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Nincs ágens URL megadva (-A), és nincs ismert alapértelmezett sem.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" "Nincs profil / sablon megadva (-T), és nincs ismert alapértelmezett sem.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Nincs válasz a következő szolgáltatástól: %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Hiba a szerver válasz értelmezésében.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Hiba a szerver válasz értelmezésében.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Belső hiba: ismeretlen állapot.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Belső hiba történt." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Nincs egyező bejegyzés.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Már szerepel egy CA ezzel a névvel: \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Bizonyítvány tároló típusa nem definiált." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "\"%s\" típusú bizonyítványtároló enm támogatott." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "A hely \"%s\" abszolút elérési útnak kell lennie." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Bizonyítványok tárolási helye nincs meghatározva." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "\"%s\" szülő könyvtárnak létező mappának kell lennie." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "\"%s\" egy fájlnak kell lennie." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "\"%s\" egy könyvtárnak kell lennie." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Bizonyítvány elnevezése nincs definiálva." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Már van egy igénylés ezzel a névvel: \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Tanúsítvány ugyanazt a helyet használja amit a becenévnél igényelt \"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "\"%s\" kulcstároló típus nem támogatott." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Kulcstároló helye nem definiált." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Kulcs elnevezés nem meghatározott." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "Kulcs ugyanazt a helyet használja amit a becenévnél igényelt \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "Nincs ilyen CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "\"%s\" nevű tanúsítvány hatóság nem ismert." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Ismeretlen paraméter, vagy rossz értéktípus." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" "Elégtelen hozzáférési jog. Kérem ismételje meg a műveletet " "rendszergazdaként.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Kérem ellenőrizze, hogy a certmonger szolgáltatás már elindult.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Kérem ellenőrizze, hogy a certmonger szolgáltatás még mindig fut.\n" certmonger-0.79.19/po/id.po0000644000175000017500000015706414511314133015021 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Nalin Dahyabhai , 2011 # Andika Triwidada , 2021, 2023. # Didik Supriadi , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2023-02-18 12:20+0000\n" "Last-Translator: Andika Triwidada \n" "Language-Team: Indonesian \n" "Language: id\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 4.15.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Kehabisan memori.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Tidak dapat menentukan nama host dari CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Tidak dapat membaca permintaan penandatanganan dari berkas \"%s\".\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" "Tidak dapat membaca permintaan penandatanganan dari variabel lingkungan \"%" "s\".\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Kesalahan saat menyiapkan XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Kesalahan saat mengurai respon server.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Kesalahan server.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format, fuzzy msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Path \"%s\"tidak mutlak, dan ada eror yang menentukan nama dari sebuah " "direktori.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format, fuzzy msgid "Error creating DBus request message.\n" msgstr "permintaan pesan Eror penciptaan DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Pilihan argumen-argumen:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: tidak mengenali perintah\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s: tidak mengenali perintah\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Eror pada bagian dalam telah terjadi" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Error %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Error %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Error: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Menerima respon eror dari lokal %s layanan.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Tidak menerima respon dari %s layanan.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format, fuzzy msgid "Error initializing Kerberos library: %s.\n" msgstr "Menginisialisasi Kesalahan Kerberos : %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Tidak dapat mengevaluasi OID\"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format, fuzzy msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Kesalahan menguraikan nama utama Kerberos \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format, fuzzy msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Kesalahan tanpa menguraikan nama utama Kerberos \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format, fuzzy msgid "Database location or nickname specified without the other.\n" msgstr "Lokasi database atau nama panggilan khusus tanpa yang lain.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format, fuzzy msgid "Database directory and certificate file both specified.\n" msgstr "Direktori database dan sertifikat file kedua secara khusus.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format, fuzzy msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Tidak ada dari direktori database dan nama panggilan atau sertifikat berkas " "khusus.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format, fuzzy msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "Kunci dan sertifikat tidak dapat di simpan seluruhnya pada file yang sama.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA kembali memerlukan kegunaan dari pilihan -K (nama utama) di mana ketika " "pilihan -N (nama subjek) telah digunakan.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format, fuzzy msgid "No CA with name \"%s\" found.\n" msgstr "Tidak ada CA dengan nama \"%s\"menemukan.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format, fuzzy msgid "Error setting request arguments.\n" msgstr "Pengaturan kesalahan permintaan beberapa argumen.\n" #: src/getcert.c:1415 #, c-format, fuzzy msgid "New signing request \"%s\" added.\n" msgstr "Menandai permintaan baru \"%s\" yang di tambah.\n" #: src/getcert.c:1421 #, c-format, fuzzy msgid "New signing request could not be added.\n" msgstr "Menandai permintaan baru yang tidak dapat ditambahkan.\n" #: src/getcert.c:1802 #, c-format, fuzzy msgid "New tracking request \"%s\" added.\n" msgstr "Permintaan pelacakan di tambahkan \"%s\"added.\n" #: src/getcert.c:1809 #, c-format, fuzzy msgid "New tracking request could not be added.\n" msgstr "Permintaan pelacakan tidak dapat di tambahkan.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format, fuzzy msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "ID kosong atau direktori database dan nama panggilan atau sertifikat berkas " "khusus.\n" #: src/getcert.c:2362 #, c-format, fuzzy msgid "Request \"%s\" modified.\n" msgstr "Permintaan \"%s\" memodifikasi.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Permintaan \"%s\" tidak dapat dimodifikasi.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format, fuzzy msgid "No request found that matched arguments.\n" msgstr "Tidak menemukan permintaan mengenai argumen yang cocok.\n" #: src/getcert.c:2445 #, c-format, fuzzy msgid "Request \"%s\" removed.\n" msgstr "Permintaan \"%s\" menghapus.\n" #: src/getcert.c:2449 #, c-format, fuzzy msgid "Request \"%s\" could not be removed.\n" msgstr "Permintaan \"%s\" tidak dapat menghapus.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format, fuzzy msgid "Error modifying \"%s\".\n" msgstr "Modifikasi eror \"%s\".\n" #: src/getcert.c:3045 #, c-format, fuzzy msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Pengajuan kembali \"%s\" to \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Pengajuan kembali \"%s\".\n" #: src/getcert.c:3057 #, c-format, fuzzy msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Usaha eror untuk di ajukan \"%s\"untuk \"%s\".\n" #: src/getcert.c:3060 #, c-format, fuzzy msgid "Error attempting to submit \"%s\".\n" msgstr "Usaha eror untuk di ajukan \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format, fuzzy msgid "Request ID '%s':\n" msgstr "ID de solicitud '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tstatus: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-error: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tstuck: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format, fuzzy msgid "\tissuer: %s\n" msgstr "\tissuer: %s\n" #: src/getcert.c:3718 #, c-format, fuzzy msgid "\tsubject: %s\n" msgstr "\tsubject: %s\n" #: src/getcert.c:3719 #, fuzzy msgid "unknown" msgstr "Tidak diketauhui" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format, fuzzy msgid "\texpires: %s\n" msgstr "\texpires: %s\n" #: src/getcert.c:3736 #, fuzzy msgid "\temail: " msgstr "\temail: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 #, fuzzy msgid "\tprincipal name: " msgstr "\tprincipal name: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format, fuzzy msgid "\ttrack: %s\n" msgstr "\ttrack: %s\n" #: src/getcert.c:3853 #, c-format, fuzzy msgid "\tauto-renew: %s\n" msgstr "\tauto-renew: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format, fuzzy msgid "CA '%s':\n" msgstr "AC '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format, fuzzy msgid "\tca-type: %s\n" msgstr "\tca-type: %s\n" #: src/getcert.c:4121 #, c-format, fuzzy msgid "\thelper-location: %s\n" msgstr "\thelper-location: %s\n" #: src/getcert.c:4126 #, c-format, fuzzy msgid "\tnext-serial-number: %s\n" msgstr "\tnext-serial-number: %s\n" #: src/getcert.c:4136 #, c-format, fuzzy msgid "\tknown-issuer-names:\n" msgstr "\tknown-issuer-names:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format, fuzzy msgid "%s - client certificate enrollment tool\n" msgstr "%s - sertifikat pendaftaran pelanggan\n" #: src/getcert.c:4791 #, c-format, fuzzy msgid "Usage: %s request [options]\n" msgstr "Pemakaian: %s request[options]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 #, fuzzy msgid "Required arguments:\n" msgstr "Argumentasi yang di butuhkan:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "*Jika menggunakan database NSS untuk menyimpan:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 #, fuzzy msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tNSS database untuk kunci dan pemastian\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 #, fuzzy msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME\tnickname untuk dasar penyimpanan NSS (hanya valid dengan -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 #, fuzzy msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME\toptional tanda nama untuk dasar penyimpanan NSS (hanya valid " "dengan -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "*Jika menggunakan berkas untuk penyimpanan:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE\tBerkas PEM untuk kunci privat\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE\t Berkas PEM untuk sertifikat (hanya valid dengan -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\tfile yang memegang enkripsi suatu PIN\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 #, fuzzy msgid "Optional arguments:\n" msgstr "Pilihan argumen-argumen:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 #, fuzzy msgid "* Certificate handling settings:\n" msgstr "* Keadaan menangani sertifikat:\n" #: src/getcert.c:4807 #, fuzzy msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\tnickname untuk menandai sebuah permintaan\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 #, fuzzy msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g SIZE\tsize sebuah kunci untuk menghasilkan jika salah satu telah tidak " "berada di dalam tempat\n" #: src/getcert.c:4810 src/getcert.c:4859 #, fuzzy msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tattempt untuk memperbarui sertifikat ketika mendekati akhir waktu " "(kegagalan)\n" #: src/getcert.c:4811 src/getcert.c:4860 #, fuzzy msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tdon't usaha untuk memperbarui sertifikat ketika mendekati akhir " "waktu\n" #: src/getcert.c:4813 src/getcert.c:4862 #, fuzzy msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tuse CA khusus lebih baik daripada kegagalan\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 #, fuzzy msgid "* Parameters for the signing request:\n" msgstr "* Beberapa parameter untuk menandai permintaan:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 #, fuzzy msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N NAME\tset permintaan nama subjek (kegagalan: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 #, fuzzy msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE\tset memperluas permintaan pemakaian kunci OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 #, fuzzy msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tset permintaan nama utama\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 #, fuzzy msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tset permintaan nama DNS\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 #, fuzzy msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tset permintaan alamat email\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 #, fuzzy msgid "* Bus options:\n" msgstr "* Pilihan Bus:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 #, fuzzy msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tconnect untuk layanan pemastian dalam sistem bus\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 #, fuzzy msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tconnect untuk layanan pemastian pada pembahasan bus\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format, fuzzy msgid "Usage: %s start-tracking [options]\n" msgstr "Pemakaian: %s start-tracking [options]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Jika memodifikasi permintaan yang ada:\n" #: src/getcert.c:4844 #, fuzzy msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\tnickname permintaan mengikuti jalan yang ada\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 #, fuzzy msgid "* If keys are encrypted:\n" msgstr "* Jika kunci adalah enkripsi:\n" #: src/getcert.c:4858 #, fuzzy msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\tnickname untuk memberi mengikuti permintaan\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format, fuzzy msgid "Usage: %s stop-tracking [options]\n" msgstr "Pemakaian: %s stop-tracking [options]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 #, fuzzy msgid "* By request identifier:\n" msgstr "* Dengan memperkenalkan permintaan:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 #, fuzzy msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\tnickname untuk mengikuti permintaan\n" #: src/getcert.c:4910 #, c-format, fuzzy msgid "Usage: %s resubmit [options]\n" msgstr "Pemakaian: %s resubmit [options]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 #, fuzzy msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\tPEM berkas untuk sertifikat\n" #: src/getcert.c:4926 src/getcert.c:4974 #, fuzzy msgid "* New parameter values for the signing request:\n" msgstr "* Parameter baru bernilai untuk menandai permintaan:\n" #: src/getcert.c:4939 src/getcert.c:4987 #, fuzzy msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\tnew nama panggilan untuk memberikan mengikuti permintaan\n" #: src/getcert.c:4941 src/getcert.c:4989 #, fuzzy msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tuse CA khusus lebih baik daripada saat ini\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format, fuzzy msgid "Usage: %s list [options]\n" msgstr "Pemakaian: %s list [options]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 #, fuzzy msgid "* General options:\n" msgstr "* Pilihan umum:\n" #: src/getcert.c:5013 #, fuzzy msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA\tlist hanya permintaan dan pemastian kolega dengan CA ini\n" #: src/getcert.c:5015 #, fuzzy msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tlist hanya informasi tentang permintaan terkemuka\n" #: src/getcert.c:5016 #, fuzzy msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tlist hanya informasi tentang jalannya sertifikat\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 #, fuzzy msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tconnect untuk layanan pemastian pada sistem bus\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 #, fuzzy msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tconnect untuk layanan pemastian pada pembahasan bus\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format, fuzzy msgid "Usage: %s list-cas [options]\n" msgstr "Pemakaian: %s list-cas [options]\n" #: src/getcert.c:5079 #, fuzzy msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\tlist hanya informasi tentang CA dengan nama ini\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format, fuzzy msgid "%s: unrecognized command\n" msgstr "%s: tidak mengenali perintah\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format, fuzzy msgid "Unable to determine principal name for signing request.\n" msgstr "Tidak dapat untuk menentukan nama utama untuk menandai permintaan.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format, fuzzy msgid "Unable to read signing request.\n" msgstr "Tidak dapat membaca tanda permintaan.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Tidak menerima respon dari %s layanan.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "merespon pelayanan penguraian kesalahan.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "merespon pelayanan penguraian kesalahan.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Kesalahan server.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 #, fuzzy msgid "An internal error has occurred." msgstr "Eror pada bagian dalam telah terjadi" #: src/tdbush.c:183 #, fuzzy msgid "No matching entry found.\n" msgstr "Tidak menemukan catatan masuk yang cocok.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 #, fuzzy msgid "Certificate storage type not specified." msgstr "Tipe penyimpanan sertifikat tidak khusus." #: src/tdbush.c:452 #, c-format, fuzzy msgid "Certificate storage type \"%s\" not supported." msgstr "Tipe penyimpanan sertifikat \"%s\" tidak mendukung." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format, fuzzy msgid "The location \"%s\" must be an absolute path." msgstr "Lokasi \"%s\" harus analisa yang tepat." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 #, fuzzy msgid "Certificate storage location not specified." msgstr "Lokasi penyimpanan sertifikat tidak khusus." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format, fuzzy msgid "The parent of location \"%s\" must be a valid directory." msgstr "induk dari lokasi \"%s\" harus sebuah direktori yang valid." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Lokasi \"%s\" harus berupa berkas." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Lokasi \"%s\" harus berupa direktori." #: src/tdbush.c:622 #, fuzzy msgid "Certificate nickname not specified." msgstr "nama panggilan sertifikat tidak khusus." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format, fuzzy msgid "There is already a request with the nickname \"%s\"." msgstr "Permintaan telah dilakukan dengan nama panggilan \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format, fuzzy msgid "Key storage type \"%s\" not supported." msgstr "Tipe kunci penyimpanan \"%s\" tidak mendukung." #: src/tdbush.c:760 src/tdbush.c:819 #, fuzzy msgid "Key storage location not specified." msgstr "lokasi kunci penyimpanan tidak khusus." #: src/tdbush.c:853 #, fuzzy msgid "Key nickname not specified." msgstr "kunci nama panggilan tidak khusus." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 #, fuzzy msgid "No such CA." msgstr "CA tidak serupa." #: src/tdbush.c:3073 #, c-format, fuzzy msgid "Certificate authority \"%s\" not known." msgstr "Wewenang sertifikat \"%s\" tidak diketahui." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Tidak mengenal parameter atau salah tipe nilai." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/it.po0000644000175000017500000016227614511314133015042 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Mario Santagiuliana , 2012 # Silvio Pierro , 2012 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:53-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Italian (http://www.transifex.com/projects/p/certmonger/" "language/it/)\n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Memoria esaurita.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Impossibile determinare l'hostname di CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Impossibile leggere la richiesta di firma.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Impossibile leggere la richiesta di firma.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Errore nell'impostazione di XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Errore di analisi della risposta del server.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Errore server.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "Il percorso \"%s\" non è assoluto, tentativo di usare \"%s\" al suo posto.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Il percorso \"%s\" non è assoluto, e si è verificato un errore nella " "determinazione del nome della cartella attuale.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Il percorso \"%s\" non è una cartella.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Percorso \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Il percorso \"%s\" non è un file regolare.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Verificare che il servizio bus messaggi (D-bus) è in esecuzione.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Errore nella creazione di messaggi di richiesta DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Argomenti aggiuntivi:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: comando non riconosciuto\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s: comando non riconosciuto\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Si è verificato un errore interno." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Memoria esaurita.\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Errore \"%s\": %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Errore %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Errore: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Ricevuta una risposta di errore dal servizio locale %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Nessuna risposta ricevuta dal servizio %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Errore nell'inizializzazione della libreria Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Impossibile valutare OID: \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Errore nell'analisi del nome principale Kerberos \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Errore non analizzato nome principale Kerberos \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: l'opzione richiede un argomento -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: opzione non valida -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Errore: argomento extra \"%s\" non usato.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Errore: argomenti extra non usati dove forniti.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Posizione database o nickname specificato senza ordine.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Cartella database e file certificato specificati contemporaneamente.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Non è stata specificata nessuna cartella di database e nickname o file " "certificato.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "La chiave ed il certificato non possono essere salvati entrambi nello stesso " "file.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Il backend IPA richiede l'uso dell'opzione -K (nome principale) quando si " "usa l'opzione -N (nome soggetto).\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Non è stato trovato nessun CA con nome \"%s\".\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Errore nell'impostazione degli argomenti richiesti.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Aggiunta una nuova richiesta segnata \"%s\".\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "La nuova richiesta segnata non può essere aggiunta.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Aggiunta una nuova richiesta di tracking \"%s\".\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "La nuova richiesta di tracking non può essere aggiunta.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Non è stato specificato nessuno tra l'ID oppure la cartella di database ed " "il nickname oppure il certificato.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Richiesta \"%s\" modificata.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "La richiesta \"%s\" non può essere modificata.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Non è stata trovata nessuna richiesta con il nickname specificato.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Non è stata trovata nessuna richiesta con argomenti corrispondenti.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Richiesta \"%s\" rimossa.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "La richiesta \"%s\" non può essere rimossa.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Errore nella modifica di \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Re-invio di \"%s\" a \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Re-invio di \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Errore nel tentativo di sottomettere \"%s\" a \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Errore nel tentativo di sottomettere \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Il numero di certificati e di richieste sotto tracciamento: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID richiesto '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tstato: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\terrore-ca: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tstuck: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tcoppia chiavi di storage: tipo=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NESSUNO" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",posizione='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",nickname='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfile='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertificato: tipo=%s,posizione='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\temittente: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tsoggetto: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "sconosciuto" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tscadenza: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\temail:" #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnome principale:" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\ttraccia: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto-renew: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\ttipo-ca: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tposizione-aiutante: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tprossimo-numero-serie: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnomi-emittente-noti:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - strumento di registrazione certificato client\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Utilizzo: %s request [opzioni]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Argomenti richiesti:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Se si utilizza un database NSS per lo storage:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tDatabase NSS per chiave e certificato\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NOME\tnickname per gli storage basati su NSS (valido solo con -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NOME\tnome token opzionale per storage basato su NSS (valido solo con -" "d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Se si utilizzano file per lo storage:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE\tfile PEM per la chiave privata\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE\tfile PEM per il certificato (valido solo con -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Se le chiavi devono essere cifrate:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\til file che contiene il PIN di cifratura\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tvalore PIN\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Argomenti aggiuntivi:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Impostazioni di gestione certificato:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NOME\tnickname da assegnare alla richiesta\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g DIM\tdimensione della chiave da generare se non ne è già presente una\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\ttenta di rinnovare il certificato quando si avvicina la scadenza " "(predefinito)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -r\t\tnon tentare di rinnovare il certificato quando si avvicina la " "scadenza\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tusa il CA specificato piuttosto che il predefinito\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parametri per la richiesta segnata:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N NOME\timposta il nome del soggetto (predefinito: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U USOEXT\timposta l'utilizzo OID della chiave estesa richiesta\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NOME\timposta il nome principale richiesto\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D NOMEDNS\timposta il nome DNS richiesto\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\timposta l'indirizzo email richiesto\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Opzioni bus:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tconnessione al servizio certmonger sul bus di sistema\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -S\t\tconnessione al servizio certmonger sul bus di sessione\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Altre opzioni:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\triporta tutti i dettagli degli errori\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Utilizzo: %s start-tracking [opzioni]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Se si modifica una richiesta preesistente:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NOME\tnickname di una richiesta di tracking preesistente\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Se le chiavi sono cifrate:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NOME\tnickname da dare alla richiesta di tracking\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parametri per la richiesta segnante al momento del rinnovo:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U USOEXT\tSovrascrive l'utilizzo OID della chiave estesa richiesta\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NOME\tsovrascrive il nome principale richiesto\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D NOMEDNS\tsovrascrive il nome DNS richiesto\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\tsovrascrive l'indirizzo email richiesto\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Utilizzo: %s stop-tracking [opzioni]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Per richieste di identificazione:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NOME\tnickname di una richiesta di tracking\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Utilizzo: %s resubmit [opzioni]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\tfile PEM per il certificato\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nuovi valori di parametro per le richieste segnanti:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\tnuovo nickname da dare alla richiesta di tracking\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tusa il CA specificato piuttosto che l'attuale\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Utilizzo: %s list [opzioni]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Opzioni generali:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\telenca solo le richieste ed i certificati associati a questo CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\telenca solo le informazioni sulle richieste eccezionali\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\telenca solo le informazioni sui certificati tracciati\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Se si seleziona una richiesta specifica:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\telenca solo le richieste ed i certificati che usano questo " "database NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NOME\telenca solo le richieste ed i certificati che usano questo " "nickname\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE\telenca solo le richieste ed i certificati immagazzinati in questo " "file PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tconnettersi al servizio certmonger sul bus di sistema\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tconnettersi al servizio certmonger sul bus di sessione\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Utilizzo: %s list-cas [opzioni]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\telenca solo informazioni sulla CA con questo nome\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: comando non riconosciuto\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "L'opzione -t non può essere usata con l'opzione -K .\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "L'opzione -k non può essere usata con l'opzione -K .\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" "L'opzione -K non può essere usata ne con l'opzione -k che con l'opzione -" "t .\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" "Impossibile determinare il nome principale per la richiesta di firma.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Impossibile leggere la richiesta di firma.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s usa bus di sessione\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-s usa bus di sistema\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n non rende un demone\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-n rende un demone\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT attivato da bus, timeout inattivo\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B non usa un timeout inattivo\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL imposta il livello di debugging (implica -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FILE scrive il PID di servizio su file\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Nessuna risposta ricevuta dal servizio %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Errore di analisi della risposta del server.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Errore di analisi della risposta del server.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Errore server.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Si è verificato un errore interno." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Non è stata trovata nessuna voce corrispondente.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "E' già presente una CA con il nickname \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Tipo di storage di certificato non specificato." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Tipo di storage di certificato \"%s\" non supportato." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "La posizione \"%s\" deve essere un percorso assoluto." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "La posizione di storage di certificato non è specificata." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" "La directory superiore della posizione \"%s\" deve essere una cartella " "valida." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "La posizione \"%s\" deve essere un file." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "La posizione \"%s\" deve essere una cartella." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Nickname del certificato non specificato." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "E' già presente una richiesta con il nickname \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Il certificato con questa posizione è già usato dalla richiesta con il " "nickname \"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Tipo chiave di storage \"%s\" non supportata." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "La posizione di storage di chiave non è specificata." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nickname di chiave non specificata." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "La chiave con questa posizione è già usata dalla richiesta con il nickname " "\"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "Nessuna CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Autorità di certificato \"%s\" sconosciuta." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Parametro non riconosciuto o tipo di valore errato." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/ja.po0000644000175000017500000017573314511314133015022 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # carrotsoft , 2011 # Hajime Taira , 2011-2012 # noriko , 2012 # noriko , 2012 # Tomoyuki KATO , 2011-2014 # carrotsoft , 2011 # carrotsoft , 2011 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:53-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Japanese (http://www.transifex.com/projects/p/certmonger/" "language/ja/)\n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "メモリーが不足\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "CA のホスト名を解釈できません。\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "署名リクエストを読むことができません。\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "署名リクエストを読むことができません。\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "XMLRPC の設定中にエラーが発生しました。\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "サーバーの応答を解析中にエラーが発生しました。\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "サーバーエラーです。\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, fuzzy, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" "エージェント URL (-A) が指定されていません。また、デフォルトが不明です。\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "エンド・エンティティ URL (-E) が指定されていません。また、デフォルトが不明で" "す。\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" "エージェント URL (-A) が指定されていません。また、デフォルトが不明です。\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" "プロファイル/テンプレート (-T) が指定されていません。また、デフォルトが不明で" "す。\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "内部エラー: 未知の状態。\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "内部エラー: \"%s?%s\" への応答がありません。\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "パス \"%s\" が絶対パスではありません。代わりに \"%s\" で試行しています。\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "パス \"%s\" が絶対パスではありません。また、カレントディレクトリーの名前を判" "断する際にエラーが発生しました。\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "パス \"%s\": 権限がありません。\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "パス \"%s\" はディレクトリーではありません。\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "パス \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "パス \"%s\" は一般ファイルではありません。\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "message bus (D-Bus) サービスが稼働中であることを確認してください。\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" "D-Bus 要求メッセージを作成中にエラーが発生しました。\n" "\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "任意の引数:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: 認識できないコマンド\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s: 認識できないコマンド\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "内部エラーが発生しました。" #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "メモリーが不足\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "エラー %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "エラー %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "エラー: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "ローカルの %s サービスからエラー応答を受け取りました。\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "%s サービスから応答が受け取れません。\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "" " -T PROFILE\t名前つきプロファイルまたはテンプレートを使用して、CA がリクエス" "トを処理するか確認します\n" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Kerberos ライブラリーを初期化中にエラーが発生しました: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "\"%s\" キーの生成はサポートされません。\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "利用できるキー形式は以下のとおりです:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "認識できないキー使用法 \"%s\"。\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "OID \"%s\" を評価することができません。\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Kerberos のプリンシパル名 \"%s\" をパース中にエラー: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Kerberos のプリンシパル名 \"%s\" をアンパース中にエラー: %s\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: オプションには引数が必要です。-- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: 無効なオプション -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "エラー: 使用されない余計な引数 \"%s\"。\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "エラー:余分なパラメーターが指定されました。\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" "データベースの場所もしくはニックネームのどちらかが指定されていません。\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "データベースディレクトリーと証明書ファイルの両方が指定されています。\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "データベースディレクトリーとニックネーム、もしくは証明書ファイルの指定されて" "いません。\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "キーと証明書の両方を同じファイルに保存することができません。\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA バックエンドは -N オプション(サブジェクト名) を使用した場合、-K オプショ" "ン(プリンシパル名)を必要とします。\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "\"%s\" という名前の CA が見つかりません。\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" "リクエストの引数を設定中にエラーが発生しました。\n" "\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "新しい署名リクエスト \"%s\" が追加されました。\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "新しい署名リクエストの追加ができません。\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "新しい追跡リクエスト \"%s\" が追加されました。\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "新しい追跡リクエストの追加ができません。\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "IDまたはデータベースディレクトリー、もしくはニックネーム、証明書ファイルの指" "定されていません。\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "リクエスト \"%s\" は変更されました。\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "リクエスト \"%s\" は変更できません。\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "指定されたニックネームを持つリクエストが見つかりませんでした。\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "引数に該当したリクエストが見つかりません。\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "リクエスト \"%s\" は削除されました。\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "リクエスト \"%s\" は削除できません。\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" "\"%s\" を変更中にエラーが発生しました。\n" "\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "\"%s\" を \"%s\" へ再送中です。\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "\"%s\" を再送中です。\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" "\"%s\" を \"%s\" へ送信中にエラーが発生しました。\n" "\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" "\"%s\" を送信中にエラーが発生しました。\n" "\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "追跡されている証明書とリクエストの数:%d\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "リクエスト ID '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\t状態: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tCAエラー: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tスタック: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tキーペアストレージ: type=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "なし" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",location='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",nickname='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfile='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\t証明書: type=%s,location='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\t発行者: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tサブジェクト: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "不明" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\t有効期限: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tEメール: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tDNS: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tプリンシパル名: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tキー使用法: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\t拡張キー使用法: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\t保存前コマンド: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\t保存後コマンド: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\t追跡: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\t自動更新: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tCAの種類: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tヘルパーの場所: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\t次のシリアル番号: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\t発行者名:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - クライアント証明書登録ツール\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "使い方: %s request [オプション]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "必須の引数:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* もしストレージに NSS データベースを使う場合:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tキーと証明書のための NSS データベース\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME\tNSS ベースストレージのためのニックネーム(-d オプションを指定した時" "のみ有効)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t 名前\tNSS ベースの記憶領域のためのオプションのトークン名(-d オプションを" "指定した時のみ有効)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* もしストレージのためにファイルを使う時:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE\tプライベートキーのための PEM ファイル\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE\t証明書のための PEM ファイル (-k を指定した場合のみ有効)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* もしキーが暗号化されていた場合:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\t暗号化されたPIN コードが含まれるファイル\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN コードの値\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "任意の引数:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* 証明書の処理方法の設定:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\tリクエストに割り当てるニックネーム\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TYPE\tキーが存在しない場合に生成されるキーの形式\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr " -g SIZE\tキーが存在しない場合に生成されるキーのビット長\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr " -r\t\t有効期限が近づいている時に証明書を更新する(デフォルト)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr " -R\t\t有効期限が近づいても証明書を更新しない\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\t指定されたCAではなく、デフォルトを使用\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\t名前つきプロファイルまたはテンプレートを使用して、CA がリクエス" "トを処理するか確認します\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFILE\t名前つきプロファイルまたはテンプレートを使用して、CA がリクエス" "トを処理するか確認します\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* 署名中リクエストのパラメーター:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME\t要求されたサブジェクト名を設定 (デフォルト: CN=<ホスト名>)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE\t 拡張キー使用法(EKU)のOIDを設定\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\t要求されたキー使用法の値を設定する\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\t要求されたプリンシパル名を設定\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\t設定するDNS名\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\t要求したEメールアドレスを設定\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* バスのオプション:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tシステムバス上の certmonger サービスに接続\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tセッションバス上の certmonger サービスに接続\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* その他のオプション:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\t証明書を保存する前に実行するコマンド\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\t証明書を保存した後に実行するコマンド\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\t詳細なすべてのエラーを報告\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "使い方: %s start-tracking [オプション]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* もし既存のリクエストを変更する時:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\t既存の追跡リクエストのニックネーム\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* もしキーが暗号化されていた時:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\t追跡リクエストに与えるニックネーム\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* 更新時に署名リクエストのためのパラメーター:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE\t指定されたキーのOIDで拡張キー使用法(EKU)を上書き\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\t要求されたプリンシパル名を上書き\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\t要求された DNS 名を上書き\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\t要求されたEメールアドレスを上書き\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "使い方: %s stop-tracking [オプション]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* リクエストの識別子:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\t追跡リクエストのためのニックネーム\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "使い方: %s resubmit [オプション]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\t証明書のための PEM ファイル\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* 署名リクエストのための新しいパラメーター値:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\t追跡リクエストに新しいニックネームを付与\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\t指定されたCAではなく、現在のいずれかを使用\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "使い方: %s list [オプション]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* 一般的なオプション:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA\tこの CA に関連付けられているリクエストと証明書の一覧のみ\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\t未処理の要求についての情報の一覧のみ\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\t追跡済み証明書についての情報の一覧のみ\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* もしも特定のリクエストが選択された場合:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR»この NSS デー" "タベースを使用するリクエストと証明書のみを表示\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME»このニック" "ネームを使用するリクエストと証明書のみを表示\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE»この PEM ファ" "イルに保存されているリクエストと証明書のみを表示\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tシステムバス上の certmonger サービスに接続\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tセッションバス上の certmonger サービスに接続\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "使い方: %s list-cas [オプション]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\t指定された名前の CA についての情報一覧のみ表示\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: 認識できないコマンド\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "クライアントで XMLRPC の設定中にエラーが発生しました。\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "-t オプションは -K オプションと同時に使用できません。\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "-k オプションは -K オプションと同時に使用できません。\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "-K オプションは -k または -t オプションと同時に使用できません。\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "署名リクエストのためのプリンシパル名を解釈できません。\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "デフォルトのキーテーブルを使用するクライアントで \"host\" サービスの ccache " "セットアップ中にエラーが発生しました: %s。\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "デフォルトのキーテーブルを使用するクライアントで \"%s\" の ccache セットアッ" "プ中にエラーが発生しました: %s。\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "デフォルトのキーテーブル \"%s\" を使用するクライアントで \"host\" サービスの " "ccache セットアップ中にエラーが発生しました: %s。\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" " \"%s\" の ccache をデフォルトのキーテーブル \"%s\" を使用するクライアントで" "セットアップ中にエラーが発生しました: %s。\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "署名リクエストを読むことができません。\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s セッションバスを使用\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S システムバスを使用\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n デーモンにならない\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f デーモンになる\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT バス有効化、未使用でタイムアウト\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B アイドルタイムアウトを使用しない\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL デバッグレベルを設定 (-n を含む)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FILE サービスの PID をファイルに書き込む\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F 強制的に NSS を FIPS モードにする\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" "エージェント URL (-A) が指定されていません。また、デフォルトが不明です。\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" "エージェント URL (-A) が指定されていません。また、デフォルトが不明です。\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" "プロファイル/テンプレート (-T) が指定されていません。また、デフォルトが不明で" "す。\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "%s サービスから応答が受け取れません。\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "サーバーの応答を解析中にエラーが発生しました。\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "サーバーの応答を解析中にエラーが発生しました。\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "内部エラー: 未知の状態。\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "内部エラーが発生しました。" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "該当するエントリーが見つかりません。\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "ニックネーム \"%s\" は、すでに CA で使われています。" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "証明書ストレージの種類が指定されていません。" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "証明書ストレージの種類 \"%s\" はサポートされていません。" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "場所 \"%s\" は絶対パスでなければなりません。" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "証明書ストレージの場所が指定されていません。" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "権限が無いため \"%s\" の親ディレクトリにアクセスできませんでした。" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" "場所 \"%s\" の親ディレクトリーは有効なディレクトリーでなければなりません。" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "場所 \"%s\" はファイルでなければなりません。" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "権限が無いため \"%s\" にアクセスできませんでした。" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "場所 \"%s\" はディレクトリーでなければなりません。" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "証明書のニックネームが指定されていません。" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "ニックネーム \"%s\" のリクエストは、すでにあります。" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "同じ場所にある証明書は、すでにニックネーム \"%s\" を持つリクエストで使用され" "ています。" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "キー・ストレージの種類 \"%s\" はサポートしていません。" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "キー・ストレージの場所が指定されていません。" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "キーのニックネームが指定されていません。" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "同じ場所にあるキーは、すでにニックネーム \"%s\" を持つリクエストで使用されて" "います。" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "キー形式 \"%s\" はサポートされません。" #: src/tdbush.c:1400 msgid "No such CA." msgstr "そのような証明局はありません。" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "認証局 \"%s\" は認知されていない証明局です。" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "認識されていないパラメーターか、もしくは不適切なデータ型です。" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "十分なアクセス権がありません。操作を root として再実行してください。\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "certmonger サービスが開始していることを確認してください。\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "certmonger サービスがまだ実行中であることを確認してください。\n" certmonger-0.79.19/po/ka.po0000644000175000017500000015657314511314133015024 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the certmonger package. # Temuri Doghonadze , 2022, 2023. msgid "" msgstr "" "Project-Id-Version: certmonger 0.79\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2023-07-07 22:20+0000\n" "Last-Translator: Temuri Doghonadze \n" "Language-Team: Georgian \n" "Language: ka\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.18.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "არასაკმარისი მეხსიერება.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "სერვერის პასუხის დამუშავების შეცდომა.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "სერვერის შეცდომა.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "NSS-ის გამორთვის შეცდომა.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "შიდა შეცდომა: უცნობი მდგომარეობა.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "ბრძანება" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "საქაღალდე" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "სია" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "მისამართი" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "ფაილის სახელი" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "ჰოსტის სახელი" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "ბიტები" #: src/getcert.c:71 msgid "MODE" msgstr "რეჟიმი" #: src/getcert.c:72 msgid "NAME" msgstr "სახელი" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "უფროსი" #: src/getcert.c:74 msgid "SUBJECT" msgstr "თემა" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "მომხმარებლის სახელი[:ჯგუფის სახელი]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "ბილიკი \"%s\": წვდომა აკრძალულია.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "ბილიკი \"%s\":%s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "ბილიკი \"%s\" ჩვეულებრივი ფაილი არაა.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "სისტემური მატარებელი გაშვებული არაა.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "გაშვებულია, როგორც UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "D-Bus-თან მიერთების შეცდომა.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "%s-ს არგუმენტი აკლია" #: src/getcert.c:398 msgid "missing argument" msgstr "ნაკლული არგუმენტი" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "უცნობი პარამეტრი %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "უცნობი პარამეტრი" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "მეტსახელები მეტისმეტად ღრმადაა ჩახლართული" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "პარამეტრის არასწორი ბრჭყალები" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "არასწორი რიცხვითი მნიშვნელობა" #: src/getcert.c:421 msgid "number too large or too small" msgstr "რიცხვი მეტისმეტად დიდი ან მეტისმეტად პატარაა" #: src/getcert.c:424 msgid "bad operation" msgstr "ცუდი ოპერაცია" #: src/getcert.c:427 msgid "internal error" msgstr "შიდა შეცდომა" #: src/getcert.c:430 msgid "out of memory" msgstr "არასაკმარისი მეხსიერება" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "შეცდომა %s:%s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "შეცდომა %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "შეცდომა: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "მდგომარეობა: %s, გაჭედილია: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "პირადი გასაღბის დაშიფვრის PIN კოდი" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "ინფორმაცია სერტიფიკატის მფლობელის შესახებ" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "სერტიფიკატის ფაილის წვდომები" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "უფროსის მოთხოვნილი სახელის დაყენება" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "DNS-ის მოთხოვნილი სახელის დაყენება" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "ელ-ფოსტის მოთხოვნილი მისამართის დაყენება" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "მოთხოვნილი IP მისამართის დაყენება" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "CA სერტიფიკატის მოთხოვნა" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "არა-CA სერტიფიკატის მოთხოვნა" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Kerberos-ის ბიბლიოთეკის ინიციალიზაციის შეცდომა: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "გასაღების ცნობილი ტიპები შეიცავს:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "გასაღების უცნობი გამოყენება \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "მოთხოვნის არგუმენტების დაყენების შეცდომა.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "სერტიფიკატის PEM ფაილი" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "მოთხოვნა \"%s\" ჩასწორებულია.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "მოთხოვნა \"%s\" წაშლილია.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "\"%s\"-ის ჩასწორების შეცდომა.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "\"%s\"-ის თავიდან გადაგზავნა,\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "მოთხოვნის ID \"%s\":\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tსტატუსი: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-ის-შეცდომა: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tგაჭედილი: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "არცერთი" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",მდებარეობა='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",მეტსახელი='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",კოდი='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ", პინი დაყენებულია" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfile='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tსერტიფკატი: ტიპი=%s,მდებარეობა='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tგამომცემელი: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tთემა: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "უცნობი" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tვადა: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tელ-ფოსტა: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tუფროსის სახელი: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP მისამართი: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tგასაღების გამოყენება: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tსერტიფიკატის შაბლონი/პროფილი: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tბრძანების წინასწარი შენახვა: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tბრძანების შესრულების შემდეგ შენახვა: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tტრეკი: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tავტომატური-განახლება: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tთავისი თავი ჰგონია: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-ის-ტიპი: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tდამხმარის-მდებარეობა: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tშემდეგი-სერიული-ნომერი: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tმომწოდებლის-სახელები:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tნაგულისხმები პროფილი/შაბლონი/სერტ-ტიპი: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "CA-ის იდენტიფიკატორი" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "CA \"%s\" ჩასწორებულია.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "CA \"%s\" წაშლილია.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "აუცილებელი არგუმენტები:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "არასავალდებული არგუმენტები:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* მატარებლის მორგება:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* სხვა პარამეტრები:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* ზოგადი პარამეტრები:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: უცნობი ბრძანება\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "სესიების მატარებლის გამოყენება" #: src/main.c:75 msgid "use system bus" msgstr "სისტემური მატარებლის გამოყენება" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "ბილიკის სახელი" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "მატარებლით-აქტივირებული, გაჩერებული დრო" #: src/main.c:81 msgid "SECONDS" msgstr "წამი" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "რიცხვი" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "ვერსიის ინფორმაციის გამოტანა" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "მხარდაუჭერელი გაფართოება.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "უნდა დააარქივოთ გასაღებები.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "ცუდი პირადობა.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "გასაღები მხოლოდ ერთხელ გამოიყენება.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "შიდა CA-ის შეცდომა.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "მოგვიანებით სცადეთ.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "ასეთი CA არ არსებობს." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "არგუმენტების დამუშავების შეცდომა." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "თვისების უცნობი სახელი." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/ko.po0000644000175000017500000021707314511314133015033 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the certmonger package. # simmon , 2021. # 김인수 , 2023. msgid "" msgstr "" "Project-Id-Version: certmonger 0.79\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2023-08-09 02:21+0000\n" "Last-Translator: 김인수 \n" "Language-Team: Korean \n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 4.18.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "메모리 부족.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "CA의 호스트 이름을 결정 할 수 없습니다.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "\"%s\" 파일에서 서명 요청을 읽을 수 없습니다.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "환경 변수 \"%s\"에서 서명 요청을 읽을 수 없습니다.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "XMLRPC 설정 중 오류.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "서버 응답 구문 분석 오류.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "서버 오류.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "프로파일 매개변수 (-O)는 param=value 형식이어야 합니다.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "제출 매개 변수 (-O)는 param=value 형식이어야 합니다.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "지정된 대리 자격증명이 명시되지 않으면, 알려진 기본값이 없습니다.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "갱신을 요청하였지만, 일련 번호는 제공되지 않았습니다.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "최종-실체 URL (-E)가 지정되지 않아, 알려진 기본값이 없습니다.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "대리 URL (-A)가 주어지지 않아, 알려진 기본값이 없습니다.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "프로파일/템프레이트가 없어서, 알려진 기본값이 없습니다.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "NSS 종료 오류.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "내부 오류: 알 수 없는 상태.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "대리 자격증명 (-n)이 주어지지 않았지만, 필요하게 됩니다.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "오류 %d 가 발생했습니다(%s:%s에 연결하는 동안).\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "오류 %d가 발생했습니다(%s에 연결하는 동안 ).\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "내부 오류: \"%s?%s\" 대한 응답 없음.\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "명령" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "디렉토리" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "목록" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "주소" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "파일이름" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "호스트이름" #: src/getcert.c:67 msgid "ID" msgstr "계정" #: src/getcert.c:69 msgid "BITS" msgstr "비트" #: src/getcert.c:71 msgid "MODE" msgstr "방법" #: src/getcert.c:72 msgid "NAME" msgstr "이름" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "본인" #: src/getcert.c:74 msgid "SUBJECT" msgstr "주제" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "사용자이름[:그룹이름]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "경로 \"%s\"는 절대 경로가 아니며, 대신에 \"%s\"를 사용하는 경향이 있습니다.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "경로 \"%s\"는 절대 경로는 아니며, 현재 디렉토리의 이름을 결정하는 중에 발생하는 오류입니다.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "경로 \"%s\": 불충분한 권한.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "경로 \"%s\"디렉토리가 아닙니다.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "경로 \"%s\":%s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "경로 \"%s\"는 정규 파일이 아닙니다.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "실행중인 시스템 버스가 없음.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "UID 0으로써 실행.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "임시로 전용 서비스 데몬을 실행하기.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "D-Bus 연결 오류.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "메시지 버스(D-BUS) 서비스가 동작하는 중인지 확인해 주세요.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "DBus 요청 메시지를 생성하는 오류.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "%s에 대한 인수가 사라짐" #: src/getcert.c:398 msgid "missing argument" msgstr "인수 놓침" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "이해 할 수 없는 선택 %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "이해 할 수 없는 선택" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "너무 깊게 중첩된 별명" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "잘못된 매개 변수 인용" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "유효하지 않는 숫자 값" #: src/getcert.c:421 msgid "number too large or too small" msgstr "너무 크거나 너무 작은 수" #: src/getcert.c:424 msgid "bad operation" msgstr "잘못된 동작" #: src/getcert.c:427 msgid "internal error" msgstr "내부 오류" #: src/getcert.c:430 msgid "out of memory" msgstr "메모리 부족" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "popt 환경설정 파일에오류" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "오류 %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "오류 %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "오류: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "로컬 %s 서비스에서 오류 응답을 받았습니다.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "%s 서비스에서 수신된 응답이 없습니다.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "상태 %s, 멈춤: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "키와 인증을 위한 NSS 데이타베이스" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "NSS-기반 저장소를 위한 별칭 이름(-d 에서만 유효함)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "NSS-기반 저장소를 위한 선택적인 토큰 이름 ( -d 에서만 유효함)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "개인 키를 위한 PEM 파일" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "인증을 위한 PEM 파일 (-k 에서만 유효함)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "개인 키 암호화 PIN을 갖는 파일" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "개인 키 암호화된 PIN" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "개인 키를 위한 사용자 정보" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "개인 키를 위한 파일 권한" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "인증을 위한 사용자 정보" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "인증을 위한 파일 권한" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "CA 인증서를 저장 하는 NSS 데이타베이스" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "CA 인증서 저장하는 파일" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "인증서를 저장하기 전에 동작하는 명령" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "인증서를 저장한 후에 동작하는 명령" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "요청에 할당 할 별칭" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "아직 위치하지 않은 경우에 발생되어지는 키의 유형" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "아직 위치하지 않은 경우에 발생되어지는 키의 크기" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "et requested principal name" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "만료가 가까워 질 때에 인증을 새롭게 갱신하지 않도록 합니다" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "설정보다 지정된 CA 구성을 사용하세요" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "CA에게 명명된 프로파일 또는 이름을 사용하여 요청을 처리하도록 요구합니다" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "CA에게 명명된 발급자를 사용하여 요청을 처리하기 하도록 요구합니다" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "요청된 주제 이름 설정 (기본: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "요청된 키 사용 값 설정" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "요청된 확장 키 사용 OID 설정" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "요청된 주요 이름 설정" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "요청된 DNS 이름 설정" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "요청된 전자우편 주소 설정" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "요청된 IP 주소 설정" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "선택적으로 시도하는 비밀번호 값을 갖는 파일" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "추가적인 시도 비밀번호 값" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "CA 인증서 요청" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "비-CA 인증서 요청" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "CA 인증서를 위한 경로 길이" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "사건화된 인증을 위하여 기다리기를 시도합니다" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "사건화된 인증을 위해 기다리는 최대 시간" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "세션 버스에서 cermonger로 연결합니다" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "시스템 버스에서 certmonger 서비스로 연결합니다" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Kerberos 라이브러리 초기화 오류: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "생성 \"%s\" 키를 지원하지 않습니다.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "알려진 키 유형이 포함합니다:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "인식 할 수 없는 키 사용법\"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "OID \"%s\"를 평가 할 수 없습니다.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Kerberos 주요 이름 구문 분석에 오류 \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Kerberos 주요 이름 구문 분석 부분이 아닌 오류 \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: 유효하지 않은 값 -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: 선택은 인수를 요구합니다 -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: 잘못된 선택 -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "오류: 사용하지 않는 추가 인수 \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "오류: 사용하지 않은 추가 인수가 공급되었습니다.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "다른 것 없이 데이타베이스 위치 또는 지정된 별명.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "데이타베이스 디렉토리와 함께 지정된 인증파일\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "데이타베이스 디렉토리와 함께 지정된 인증파일\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "키와 인증서는 동일 파일로 저장될 수 없습니다.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA 지원(backend)는 -N (제목 이름), -E (전자우편 주소), -A (IP 주소), -D (DNS 이름), 또는 -U (" "확장된 키 사용법)중 어떤 선택이 사용 될 때에 -K 선택 사용이 필요합니다.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "이름 \"%s\"인 CA를 찾지 못했습니다.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "요청한 인수 설정 오류.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "새로운 서명 요청 \"%s\"가 추가되었습니다.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "새로운 서명 요청을 추가 할 수 없습니다.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "새로운 추적 요청 \"%s\" 추가되었습니다.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "새로운 추적 요청이 추가 될 수 없습니다.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "개인 키를 위한 PEM 파일 (-f 와 함께 유효한 것만)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "인증서를 위한 PEM 파일" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "기존 요청의 호칭" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "추적 요청에 주어진 별명" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "요청된 키 사용 값을 재정의합니다" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "요청된 확장 키 사용법 OID를 재정의합니다" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "요청된 주요 이름을 재정의합니다" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "요청된 DMS 이름을 재정의합니다" #: src/getcert.c:1874 msgid "override requested email address" msgstr "요청된 전자우편 주소를 재정의합니다" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "요청된 IP 주소를 재정의합니다" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "ID가 없거나 데이타베이스 디렉토리와 별명 또는 지정된 인증서 파일.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "요청 \"%s\"가 수정되었습니다.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "요청\"%s\"는 수정 할 수 없습니다.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "요청은 지정된 별명으로 찾을 수 없습니다.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "요청은 일치하는 인수로서 찾을 수 없습니다\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "요청\"%s\"이 제거되었습니다.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "요청\"%s\"은 제거 될 수 없습니다.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "추적 요청을 위한 별칭" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "추적 요청을 제공하는 새로운 별칭" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "발생되어진 새로운 키 유형" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "발생되어진 새로운 키 크기" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "현재 것보다 지정된 CA 구성을 사용하세요" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "수정 오류 %s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "\"%s\"을 \"%s\"에게 다시 제출하기.\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "다시 제출하기 \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "\"%s\"을 \"%s\"에게 제출 할 때에 오류 발생.\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "\"%s\" 제출 할 때에 오류 발생.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "모든 미결 요청에 대하여 정보를 갱신합니다" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "지정된 CA 구성을 사용하는 요청만을 위하여 정보를 갱신합니다" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "요청 ID '%s'가 갱신하기.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "요청 ID '%s'가 갱신되지 않음.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "미결 요청에 대한 정보만 목록화합니다" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "추적된 인정서에 대한 정보만 목록화합니다" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "이 CA구성과 연관된 요청과 인증만 목록화합니다" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "로컬시간 대신에 UTC 로 시간을 표시합니다" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "추적 중인 인증서와 요청 수: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "요청 ID '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\t상태: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-오류: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\t갇힌: '%s'\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\t키 쌍 저장소: 유형=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "없음" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",위치='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",별칭='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",토큰='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",pin 설정" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",핀파일='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\t인증: 유형=%s,위치='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\t서명 요청 지문 (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\t서명 요청 지문 (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\t사건: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\t제목: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "알 수 없음" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\t유효: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\t전자우편: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\t주요 이름: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP 주소: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\t키 사용법: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\t인증서 template/profile: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\t파일에 저장된 root 인증서:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\t다른 root 인증서가 파일에 저장되었습니다:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\t다른 인증서가 파일에 저장되었습니다:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\troot 인증서가 데이타베이스에 저장되었습니다:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\t다른 root 인증서가 데이타베이스에 저장되었습니다:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\t다른 인증서가 데이타베이스에 저장되었습니다:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\t미리 저장된 명령: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\t추후 저장 명령: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\t추적: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\t자동 갱신: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "ID또는 데이타베이스 디렉토리와 별명 또는 지정된 인증서 파일이 없습니다.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "지정된 CA 구성만 목록화합니다" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\t자체 식별: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tCA '%s':\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\t도움 위치: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\t다음-일련-번호: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\t알려진-사건-이름:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\t알려진 프로파일/템플리트/인증유형:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\t기본 프로파일/템플리트/인증유형: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tSCEP CA 식별자: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tSCEP CA 지문 인증서 (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tSCEP CA 지문 인증서(SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "이 이름과 함께 CA 구성에 대하여 정보를 갱신합니다" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "모든 알려진 CA에 대한 정보를 갱신합니다" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "CA 별명 또는 -a 플래그가 지정되지 않았습니다.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "CA '%s'를 위한 자료가 갱신중입니다.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "이름없는 CA를 위한 자료가 갱신중입니다.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tCA 자료 갱신 중 오류\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "새로운 CA 구성에 주어진 별명" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "CA와 함께 통신하기 위해 실행하는 도움 명령" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "CA 별명은 지정되지 않았습니다.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "CA 도움 명령은 지정되지 않았습니다.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "새로운 CA\"%s\"가 추가되었습니다.\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "새로운 CA가 추가되지 않았습니다.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "SCEP 서버 위치" #: src/getcert.c:4458 msgid "CA identifier" msgstr "CA 식별자" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "CA 인증서가 포함된 파일" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "RA 인증서가 포함된 파일" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "RA 인증서 사슬로 인증서가 포함된 파일" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "SCEP 갱신 기능을 사용하지 않는 경우입니다" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "서버 URL은 지정되지 않았습니다.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS는 CA 인증서를 요구합니다.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "명령 행을 구성하는 중 오류가 발생하였습니다.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "CA 식별자 설정하는 중에 오류가 발생하였습니다.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "CA 구성의 별명" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "CA와 통신하기 위해 동작하는 도움 명령을 최신화 했습니다" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "CA \"%s\" 수정되었습니다.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "CA는 수정 될 수 없습니다.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "제거 할 CA 구성의 별명" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "CA \"%s\" 제거되었습니다.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "CA는 제거 될 수 없습니다\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "'%s - 클라이언트 인증서 등록 도구\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "사용법: %s 요청 [options]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "인수가 요구됩니다:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* 저장소를 위한 NSS 데이타베이스 사용하려면:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\t키와 인증서를 위한 NSS 데이타베이스\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr " -n NAME\tNSS 기반 저장소를 위한 별명(-d만 유효함)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr " -t NAME\tNSS 기반 저장소를 위한 선택적인 토큰 이름 (-d만 유효함)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* 저장소를 위해 파일을 사용하려면:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE 개인키를 위한 PEM 파일\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -k FILE\t인증서를 위한 PEM 파일 (-k만 유효함)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* 키가 암호화 된다면:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\t암호화된 PIN을 유지하는 것과 같은 파일\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN 값\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "선택적 인수:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* 인증서 관리 설정:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\t요청에 할당된 별명\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TYPE\t아직 존재하지 않는 경우에 발생된 키 유형\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr " -g SIZE\t장소에 위치하지 않는 발생된 키 크기\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr " -r\t\t유효기간이 가까워 질 때에 인증서를 갱신하는 경우 (기본)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr " -R\t\t만료기간이 가까워질 때 인증서를 새롭게 하지 않습니다\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\t기본 보다 지정된 CA를 사용합니다\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr " -T PROFILE\t명명된 프로파일 또는 템플리트를 사용하여 요청 처리에 CA를 문의합니다\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr " -X ISSUER\t명명된 사건을 사용하여 요청을 처리하는데 CA를 문의합니다\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "서명 요청을 위한 매개변수:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N NAME\t요청된 제목 이름을 설정합니다(기본: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE\t요청된 확장 키 사용법 OID를 설정합니다\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\t요청된 키 사용법 값을 설정합니다\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\t요청된 주요 이름을 설정합니다\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\t요청된 DNS 이름을 설정합니다\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\t요청된 전자우편 주소를 설정합니다\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADDRESS\t요청된 IP 주소를 설정합니다\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l FILE\t추가적인 시도 비밀번호를 갖고 있는 파일\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L 비밀번호 선택적인 시도 비밀번호 값\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* 버스 선택:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\t시스템 버드에 cermonger 서비스에 연결합니다\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\t세션 버스에서 certmonger 서비스에 연결합니다\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* 다른 선택:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\t인증서가 저장되기 전에 동작 되는 명령\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\t인정서 저장 후에 실행하는 명령\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tCA 인증서 저장하는 파일\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tCA 인증서 저장하는NSS 데이타베이스\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\t사건화된 인증서를 위해 대기 시도\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\t모든 오류를 상세히 보고합니다\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "사용법: %s 시작-추적하기 [options]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* 만약 기존 요청을 수정하면:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\t기존 추적 요청의 별명\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* 만약 키가 암호화 된다면:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\t추적하는 요청에 주어진 별명\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* 새로운 시간에 서명된 요청을 위한 매개변수:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE\t요청된 확장된 키 사용법 OID를 무시합니다\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\t요청된 주요 이름을 재정의합니다\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\t요청된 DNS 이름을 재정의합니다\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\t요청된 전자우편 주소를 재정의합니다\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADDRESS\t요청된 IP 주소를 재정의합니다\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "사용법: %s 멈춤-추적하기 [options]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* 요청된 식별자 별:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\t추적 요청을 위한 별명\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "사용법: %s 다시 제출 [options]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\t인증서를 위한 PEM 파일\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* 서명된 요청을 위한 새로운 매개변수 값:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\t추적하는 요청에 주어진 새로운 별명\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\t현재 것 보다 더 지정된 CA를 사용합니다\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "사용법: %s rekey [options]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TYPE\t생성된 새로운 키의 유형\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g SIZE\t생성된 새로운 키의 크기\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "사용법: %s list [options]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* 일반 선택:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA\t이 CA와 함께 협력한 요청과 인증서만을 목록화합니다\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\t미처리된 요청에 대해 정보만 목록화합니다\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\t추적된 인증서에 대한 정보만 목록화합니다\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\t지역시간 대신에 UTC로 시간을 표시합니다\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* 만약 특정 요청을 선택하는 경우:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr " -d DIR\t이 NSS 데이타베이스를 사용하는 요청과 인증서만 목록화합니다\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr " -n NAME\t이 별명과 사용되는 요청과 인증서만 목록화합니다\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr " -f FILE\t이 PEM 파일에서 저장된 요청과 인증서만 목록화합니다\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\t시스템 버스에 certmonger 서비스로 연결합니다\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\t세션 버스에 certmonger 서비스로 연결합니다\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "사용법: %s refresh [options]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\t모든 미결된 요청에 대하여 정보를 갱신합니다\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "사용법: %s status [option]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* 지정된 요청 선택하기:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* 저장소를 위한 NSS 데이타베이스 사용 할 때에:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr " -d DIR\t이 NSS 데이타베이스에 있는 요청을 위하여 상태를 반환합니다\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr " -n NAME\t이 별명을 사용하는 인증서를 위해 상태를 반환합니다\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* 저장소를 위해 파일을 사용 할 때에:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr " -f FILE\t이 PEM에서 저장된 인증서를 위해 상태를 반환합니다\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "사용법: %s list-cas [option]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\t이 이름과 함께 CA에 대하여 정보만 목록화합니다\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "사용법: %s refresh-ca [option]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\t이 이름과 함께 CA에 대하여 정보만 갱신합니다\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\t알려진 모든 CA에 대하여 정보만 갱신합니다\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "사용법: %s add-ca [options]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\t새로운 CA 구성에 주어진 별명\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr " -e CMD\tCA와 함께 통신하는데 동작하는 도움 명령\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "사용법: %s add-scep-ca [options]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tSCEP 서버의 위치\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ID\t\tCA 식별자\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R FILE\t파일이 포함된 CA 인증서\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r FILE\t파일이 포함된 RA 인증서\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr " -I FILE\tRA 인증하는 연결에 인증서가 포함된 파일\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tSCEP 새로운 기능을 사용하지 않습니다\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "사용법: %s modify-ca [options]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\t그 CA 구성의 별명\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr " -e CMD\tCA와 함께 통신하는데 동작하는 최신화된 도움 명령\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "사용법: %s remove-ca [options]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\t제거에 CA 구성 별명\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "사용법: %s command [options]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "CA에서 새로운 인증서를 요청합니다\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "이미 발급된 인증서 관리 시작\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "인증서 관리 멈추기\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "등록된 요청 처리에 다시 제출합니다, 또는 새로운 것으로 시작합니다\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "새로운 개인 키를 생성하고 인증서를 교체합니다\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "등록 요청 진행에서 상태를 점검합니다\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "관리되고 요청된 인증서를 목록화합니다\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "관리되거나 요청된 인증서 상태를 점검합니다\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "CA 구성을 추가합니다\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "SCEP CA 구성을 추가합니다\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "알려진 CA 구성을 목록화합니다\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "CA 구성을 수정합니다\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "CA에서 회득된 모든 정보를 캐쉬로 갱신합니다\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "CA 구성을 제거합니다\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: 인식 할 수 없는 명령\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "IPA LDAP 서버의 위치를 결정 할 수 없습니다.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "IPA LDAP 서버와 연락 할 수 없습니다.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "IPA 서버에서 도메인 정보의 기본 DN을 결정 할 수 없습니다.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "클라이언트에서 XMLRPC를 위한 설정하기 오류\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "-t 선택은 -K 선택과 함께 사용 될 수 없습니다.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "-k 선택은 -K 선택과 함께 사용 될 수 없습니다.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "-K 선택은 -k 또는 -t 선택 중 하나와 함께 사용 할 수 없습니다.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "서명 요청을 위한 주요 이름을 결정 할 수 없습니다.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "IPA 도메인이 구성되지 않았으며, 그리고 어떤 것도 지정되지 않았습니다.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "기본 키탭 \"%s\"을 사용하는 클라이언트에서 \"host\" 서비스를 위한 c 캐쉬 구성 중 오류가 발생하였습니다.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "기본 키탭 \"%s\"을 사용하는 클라이언트에서 \"%s\"를 위한 c 캐쉬 구성 중 오류가 발생하였습니다.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "키탭 \"%s\": %sd을 사용하는 클라이언트에서 \"host\"서비스를 위하여 c 캐쉬 구성하는 중 오류가 발생하였습니다.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "키탭 \"%s\": %sd을 사용하는 클라이언트에서 \"%s\"를 위하여 c 캐쉬 구성하는 중 오류가 발생하였습니다.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "서명된 요청을 읽을 수 없습니다\n" #: src/main.c:74 msgid "use session bus" msgstr "세션 버스를 사용합니다" #: src/main.c:75 msgid "use system bus" msgstr "시스템 버스를 사용합니다" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "전용 수신 소켓을 시작합니다" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "전용 수신 소켓만 사용합니다" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "전용 수신 소켓을 지정합니다" #: src/main.c:78 msgid "PATHNAME" msgstr "경로이름" #: src/main.c:79 msgid "don't become a daemon" msgstr "데몬이 되지 않습니다" #: src/main.c:80 msgid "do become a daemon" msgstr "데몬이 되다" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "활성화-버스, 유휴 시간 초과" #: src/main.c:81 msgid "SECONDS" msgstr "초" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "유휴시간 초과를 사용하지 않습니다" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "디버깅 수준을 설정합니다.(-n을 적용합니다)" #: src/main.c:83 msgid "NUMBER" msgstr "번호" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "명령을 시작하고 동작 할 때에 종료합니다" #: src/main.c:87 msgid "write service PID to file" msgstr "서비스 PID를 파일로 작성합니다" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "FIPS 방법으로 NSS를 강제합니다" #: src/main.c:90 msgid "print version information" msgstr "버전 정보를 출력합니다" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "사용법: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s 세션 버스를 사용합니다\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S 시스템 버스를 사용합니다\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l 전용의 청취 소켓을 시작합니다\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L 전용의 청취 소켓만 사용합니다\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P PATH 전용의 청취 소켓을 지정합니다\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n 데몬이 되지않습니다\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f 데몬이 되도록 합니다\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT 버스-활성화됨, 유휴 시간 초과\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B 유휴 시간 종료를 사용하지 않습니다\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL 디버깅 수준을 설정합니다 (-n을 적용합니다)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c COMMAND 명령(COMMAND)을 시작하고 동작 할 때에 종료합니다\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FILE 파일에 서비스 PID를 작성합니다\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F FIPS 방법에서 NSS를 강제합니다\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v 버전 정보를 출력하고 종료합니다\n" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "SCEP URL(-u)이 주어지지 않았으며, 그리고 알려진 기본값이 없습니다.\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "SCEP 동작 (-c/-C/-g/-p)가 제공되지 않으며, 알려진 기본 값이 없습니다.\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "RA 인증서(-r) 주어지지 않았고, 기본으로 알려지지 않았습니다.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "읽기 요청 오류. 예상된 PKCS7 자료는 초기인증서얻기 pki 메시지를 포함하고, 아무것도 얻지 않습니다.\n" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "읽기 요청 오류: 예상된 PKCS7 자료는 PKC 요청 pki 메시지를 포함하고, 아무것도 얻지 않습니다.\n" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "경고: 요청은 PCK 요청 또는 초기인증서얻기 요청이 아닙니다.\n" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "경고: 요청 유형 \"%s\"는 PKCS요청 또는 초기인증얻기(GetInitialCert) 요청도 아닙니다.\n" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "경고: 요청은 연결동작ID( transactionId)가 누락되었습니다.\n" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "경고: 요청은 현재전송(senderNonce)이 누락되었습니다.\n" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "200이 아닌, 응답코드 %d 얻었습니다(%s에서).\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "서버 응답은 예상치 못한 MIME 유형 \"%s\"입니다.\n" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "오류: 서버 응답에 서명을 확인하는데 실패하였습니다.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "오류: 응답은 인증 담당자 (%s)가 아닙니다.\n" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "오류: 응답은 다른 거래 응답 동작 ID를 누락합니다.\n" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "오류: 응답은 다른 거래 동작 ID를 포함합니다.\n" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "오류: 응답이 pki 상태를 누락하였습니다.\n" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "오류: 응답은 지금 수신이 누락되었습니다.\n" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "오류: 지금 응답은 요청과 일치하지 않습니다.\n" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "오류: 응답이 sendorNonce가 누락되었습니다.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "서버에서 지정되지 않은 실패.\n" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "클라이언트 요청에서 인식하지 못하거나 지원하지 않는 알고리즘 식별자.\n" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "클라이언트 요청의 무결성 점검이 서버에서 실패하였습니다.\n" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "연결이 허용되지 않거나 서버에 의해 지원되지 않습니다.\n" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "시계 왜곡이 너무 급니다.\n" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "지원되지 않는 확장.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "키를 보관해야 합니다.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "나쁜 식별.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "소유 증명이 요구됩니다.\n" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "소유 증명이 실패하였습니다.\n" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "키를 재 사용하지 않습니다.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "내부 CA 오류.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "다시 시도해주세요.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "서버가 잘못된 코드가 반환되었습니다 \"%s\".\n" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "오류: 서명된 자료를 구문 분석 할 수 없습니다.\n" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "오류: 서명된-자료 유효적재량은 감싼-자료가 아닙니다.\n" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "오류: 감싼-자료 유효적재량은 자료가 아닙니다.\n" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "오류: pkiStatus \"%s\"는 인식되지 않습니다.\n" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "내부 오류가 발생되었습니다." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "일치하는 기입을 찾을 수 없습니다.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "별명 \"%s\"인 CA가 있습니다." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "인증서 저장소 유형이 지정되지 않았습니다." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "인증서 저장소 유형 \"%s\"가 지원되지 않습니다." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "위치\"%s\"는 절대 경로여야 합니다." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "인증서 저장소 위치는 지정되지 않았습니다." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "위치 \"%s\"의 원인이 불충분한 권한으로 인하여 접근 할 수 없습니다." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "위치 \"%s\"의 원인는 유효한 디렉토리이어야 합니다." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "위치 \"%s\"는 파일이어야 합니다." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "위치 \"%s\"는 불충분한 권한으로 인해 접근 될 수 없습니다." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "위치 \"%s\"는 디렉토리여야 합니다." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "인증서 별명이 지정되지 않았습니다." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "이미 별명 \"%s\"인 요청이 있습니다." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "동일한 위치에서 인증서가 이미 별명 \" %s\"와 함께 요청에 의해 사용되었습니다." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "키 저장소 유형 \" %s\"가 지원하지 않습니다." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "키 저장소 위치가 지정되지 않습니다." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "키 별명이 지정되지 않았습니다." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "동일 장소에 키가 별명 \"%s\"와 함께 이미 사용되었습니다." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "키 유형 \"%s\"이 지원하지 않습니다." #: src/tdbush.c:1400 msgid "No such CA." msgstr "그런 CA가 없습니다." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "인증서 권한 \"%s\"가 알려지지 않았습니다." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "알지 못하는 매개변수 또는 잘못된 값 유형." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "인수를 구문 분석중 오류가 발생하였습니다." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "알지 못하는 속성 이름." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "충분하지 못한 접근. root 계정으로 동작을 시도해주세요.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "certmonger 서비스가 시작되었는지 확인해주세요.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "certmonger 서비스가 아직 동작 중인지 확인해주세요.\n" certmonger-0.79.19/po/lt.po0000644000175000017500000016414214511314133015037 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # FULL NAME , 2014 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:53-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Lithuanian (http://www.transifex.com/projects/p/certmonger/" "language/lt/)\n" "Language: lt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" "%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Baigėsi atmintis.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Nepavyko nustatyti LĮ serverio.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Nepavyko perskaityti pasirašymo užklausos.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Nepavyko perskaityti pasirašymo užklausos.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Klaida nustatant XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Klaida skaitant serverio atsakymą.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Serverio klaida.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, fuzzy, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Nepateiktas agento URL (-A) ir nežinomas numatytasis.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Nepateikta pabaigos esybė (-E) ir nežinoma numatytoji.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Nepateiktas agento URL (-A) ir nežinomas numatytasis.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Nepateiktas profilis/šablonas (-T) ir nežinomas numatytasis.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Vidinė klaida: nežinoma būsena.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Klaida %d jungiantis prie %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Klaida %d jungiantis prie %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Vidinė klaida: nėra atsakymo į „%s?%s“.\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Kelias „%s“ nėra absoliutus, vietoj to bandoma naudoti „%s“.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Kelias „%s“ nėra absoliutus ir kilo klaida nustatant dabartinio katalogo " "pavadinimą.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Kelias „%s“ nėra katalogas.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Kelias „%s“: %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Kelias „%s“ nėra įprastinis failas.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Patikrinkite, ar pranešimų magistralės (D-Bus) tarnyba veikia.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Klaida kuriant DBus užklausos pranešimą.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Nebūtini argumentai:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: neatpažinta komanda\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s: neatpažinta komanda\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Kilo vidinė klaida." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Baigėsi atmintis.\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Klaida %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Klaida %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Klaida: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Gautas klaidos pranešimas iš vietinės %s tarnybos.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Negautas atsakymas iš %s tarnybos.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "" " -T PROFILIS\tprašyti LĮ apdoroti užklausą naudojant pavadintą profilį ar " "šabloną\n" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Klaida inicializuojant Kerberos biblioteką: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Neatpažintas keyUsage „%s“.\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Nepavyko įvertinti OID „%s“.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Klaida skaitant Kerberos direktoriaus pavadinimą „%s“: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Klaida atstatant Kerberos direktoriaus pavadinimą „%s“: %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: parametras reikalauja argumento -- „%c“\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: netinkamas parametras -- „%c“\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Klaida: nenaudojamas papildomas argumentas „%s“.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Klaida: pateikti nenaudojami papildomi argumentai.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Duomenų bazės vieta arba slapyvardis nurodyti be vienas kito.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Nurodyti abu: duomenų bazės katalogas ir liudijimo failas.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Nenurodytas nei duomenų bazės katalogas bei slapyvardis, nei liudijimo " "failas.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Raktas ir liudijimas negali būti abu įrašyti į tą patį failą.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA realizacija reikalauja naudoti parametrą -K (direktoriaus pavadinimas), " "kai naudojamas parametras -N (subjekto pavadinimas).\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Nerasta LĮ pavadinimu „%s“.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Klaida nustatant užklausos argumentus.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Nauja pasirašymo užklausa „%s“ pridėta.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Negalima pridėti naujos pasirašymo užklausos.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Pridėtas nauja sekimo užklausa „%s“.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Negalima pridėti naujos sekimo užklausos.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Nenurodytas nei duomenų bazės katalogas bei slapyvardis, nei liudijimo " "failas.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Užklausa „%s“ pakeista.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Užklausa „%s“ negali būti pakeista.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Nerasta užklausa su nurodytu slapyvardžiu.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Nerasta užklausa, kuri atitinka argumentus.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Užklausa „%s“ pašalinta.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Užklausos „%s“ nepavyko pašalinti.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Klaida keičiant „%s“.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Iš naujo pateikiama „%s“ į „%s“.\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Iš naujo pateikiama „%s“.\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Klaida bandant pateikti „%s“ į „%s“.\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Klaida bandant pateikti „%s“.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Sekamų liudijimų ir užklausų skaičius: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Užklausos ID „%s“:\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tbūsena: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tlį-klaida: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tužstrigo: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\traktų poros saugykla: tipas=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NĖRA" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",vieta='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",slapyvardis='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",leksema='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfailas=„%s“" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tliudijimas: tipas=%s,vieta=„%s“" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tLĮ: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tišdavė: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tsubjektas: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "nežinoma" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tgalioja iki: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tel. paštas: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tdirektoriaus pavadinimas: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\trakto naudojimas: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tkomanda prieš įrašant: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tkomanda po įrašymo: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tsekimas: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tautomatinis atnaujinimas: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "LĮ „%s“:\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tlį tipas: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tpagalbininko vieta: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tkitas serijinis numeris: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tžinomų išdavėjų pavadinimai:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - kliento liudijimo įtraukimo įrankis\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Naudojimas: %s užklausa [parametrai]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Būtini argumentai:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Jei naudojama NSS duomenų bazė saugojimui:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tNSS duomenų bazė raktui ir liudijimui\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n PAVADINIMAS\tslapyvardis NSS pagrindo saugyklai (tinka tik su -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t PAVADINIMAS\tnebūtinas leksemos pavadinimas NSS pagrindo saugyklai " "(tinka tik su -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Jei saugyklai naudojami failai:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FAILAS\tprivataus rakto PEM failas\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FAILAS\tliudijimo PEM failas (tinka tik su -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Jei raktai turi būti šifruoti:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FAILAS\tfailas, kuris saugo šifravimo PIN\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN vertė\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Nebūtini argumentai:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Liudijimo apdorojimo nustatymai:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I PAVADINIMAS\tužklausai priskiriamas slapyvardis\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr " -g DYDIS\tgeneruojamo rakto dydis, jei rakto dar nėra\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tbandymas atnaujinti liudijimą, kai baigiasi galiojimas (numatyta)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr " -R\t\tnebandyti atnaujinti liudijimo, kai baigiasi galiojimas\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c LĮ\t\tnaudoti nurodytą LĮ vietoj numatytosios\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILIS\tprašyti LĮ apdoroti užklausą naudojant pavadintą profilį ar " "šabloną\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PROFILIS\tprašyti LĮ apdoroti užklausą naudojant pavadintą profilį ar " "šabloną\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parametrai pasirašymo užklausai:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N PAVADINIMAS\tnustatyti subjekto pavadinimą (numatyta: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "-U IŠPLNAUD\tnustatyti prašomą išplėstinį rakto naudojimo OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u RAKTONAUD\tnustatyti prašomą rakto naudojimo vertę\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K PAVADINIMAS\tnustatyti prašomą direktoriaus pavadinimą\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "-D DNSPAV\tnustatyti prašomą DNS pavadinimą\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E ELPAŠTAS\tnustatyti prašomą el. pašto adresą\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Magistralės parametrai:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tprisijungti prie certmonger tarnybos sistemos magistralėje\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tprisijungti prie certmonger tarnybos seanso magistralėje\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Kiti parametrai:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tkomanda, vykdoma prieš įrašant liudijimą\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tkomanda, vykdoma po liudijimo įrašymo\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tpranešti visą informaciją apie klaidas\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Naudojimas: %s start-tracking [parametrai]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Jei keičiama esama užklausa:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i PAVADINIMAS\tesamos sekamos užklausos slapyvardis\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Jei raktai yra šifruoti:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I PAVADINIMAS\tslapyvardis sekamai užklausai\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parametrai pasirašymo užklausai atnaujinimo metu:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U IŠPLNAUD\tperrašyti išplėstinio rakto naudojimo OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K PAVADINIMAS\tperrašyti prašomą direktoriaus pavadinimą\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSPAV\tperrašyti prašomą DNS pavadinimą\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E ELPAŠAS\tperrašyti prašomą el. pašto adresą\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Naudojimas: %s stop-tracking [parametrai]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Pagal užklausos identifikatorių:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i PAV\tslapyvardis sekamai užklausai\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Naudojimas: %s resubmit [parametrai]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FAILAS\tliudijimo PEM failas\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Naujos parametrų vertės pasirašymo užklausai:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I PAV\tnaujas slapyvardis sekimo užklausai\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c LĮ\t\tnaudoti nurodytą LĮ vietoj dabartinės\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Naudojimas: %s list [parametrai]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Bendri parametrai:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c LĮ\tišvardinti tik užklausas ir liudijimus, susijusius su šia LĮ\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tpateikti tik informaciją apie neįvykdytas užklausas\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tpateikti tik informaciją apie sekamus liudijimus\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Jei pasirenkama specifinė užklausa:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\tišvardinti tik užklausas ir liudijimus, kurie naudoja šią NSS " "duomenų bazę\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n PAV\tišvardinti tik užklausas ir liudijimus, kurie naudoja šį " "slapyvardį\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FAILAS\tišvardinti tik užklausas ir liudijimu, įrašytus į šį PEM failą\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tprisijungti prie certmonger tarnybos sistemos magistralėje\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tprisijungti prie certmonger tarnybos seanso magistralėje\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Naudojimas: %s list-cas [parametrai]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c LĮ\tpateikti tik informaciją apie LĮ su šiuo pavadinimu\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: neatpažinta komanda\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "-t patametro negalima naudoti su -K parametru.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "-k parametro negalima naudoti su parametru -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "-K parametro negalima naudoti su -k arba -t parametru.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Nepavyko nustatyti pasirašymo užklausos direktoriaus pavadinimo.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Nepavyko perskaityti pasirašymo užklausos.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s naudoti seanso magistralę\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S naudoti sistemos magistralę\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n netapti demonu\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f netapti demonu\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b LAIKAS aktyvuojant per magistralę, neveiksnumo laikas\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B nenaudoti neveiksnumo laiko\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LYGIS nustatyti derinimo lygį (įtraukia -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FAILAS įrašyti tarnybos PID failą\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F priverstinė NSS į FIPS veikseną\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Nepateiktas agento URL (-A) ir nežinomas numatytasis.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Nepateiktas agento URL (-A) ir nežinomas numatytasis.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Nepateiktas profilis/šablonas (-T) ir nežinomas numatytasis.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Negautas atsakymas iš %s tarnybos.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Klaida skaitant serverio atsakymą.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Klaida skaitant serverio atsakymą.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Vidinė klaida: nežinoma būsena.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Kilo vidinė klaida." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Nerastas atitinkamas įrašas.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Jau yra LĮ slapyvardžiu „%s“." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Nenurodytas liudijimo saugyklos tipas." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Liudijimo saugyklos tipas „%s“ nepalaikomas." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Vieta „%s“ turi būti absoliučiu kelius." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Nenurodyta liudijimo saugojimo vieta." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Vietos „%s“ tėvas turi būti katalogas." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Vieta „%s“ turi būti failas." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Vieta „%s“ turi būti katalogas." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Nenurodytas liudijimo slapyvardis." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Jau yra užklausa slapyvardžiu „%s“." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Liudijimas toje pačioje vietoje jau naudojamas užklausos slapyvardžiu „%s“." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Rakto saugyklos tipas „%s“ nepalaikomas." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Nenurodyta rakto saugyklos vieta." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nenurodyta rakto slapyvardis." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Raktas toje pačioje vietoje jau naudojamas užklausos slapyvardžiu „%s“." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "Nėra tokios LĮ." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Liudijimų įstaiga „%s“ nežinoma." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Neatpažintas parametras arba blogas vertės tipas." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Nepakanka prieigos. Bandykite atlikti veiksmą root naudotoju.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Patikrinkite, ar certmonger tarnyba veikia.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Patikrinkite, ar certmonger tarnyba vis dar veikia.\n" certmonger-0.79.19/po/nb.po0000644000175000017500000014250614511314133015017 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Kjartan Maraas , 2011 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:53-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/" "certmonger/language/nb/)\n" "Language: nb\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Kan ikke bestemme vertsnavn for CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Kan ikke lese forespørsel om signering.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Kan ikke lese forespørsel om signering.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Feil ved oppsett av XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Feil ved tolking av svar fra tjener.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Feil med tjener.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 msgid "missing argument" msgstr "" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Feil %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Feil %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" #: src/getcert.c:3736 msgid "\temail: " msgstr "" #: src/getcert.c:3742 msgid "\tdns: " msgstr "" #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Kan ikke lese forespørsel om signering.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Feil ved tolking av svar fra tjener.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Feil ved tolking av svar fra tjener.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Feil med tjener.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/nl.po0000644000175000017500000021260114511314133015023 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Geert Warrink , 2011-2014, 2020. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2020-12-14 13:35+0000\n" "Last-Translator: Geert Warrink \n" "Language-Team: Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.3.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Geen geheugen beschikbaar.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Kan de hostnaam van CA niet bepalen.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Kan ondertekeningsverzoek van bestand \"%s\" niet lezen.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Kan ondertekeningsverzoek van omgevingsvariabele \"%s\"niet lezen.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Fout bij het opzetten van XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Fout bij het ontleden van antwoord van de server.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Serverfout.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Profielparameters (-O) moeten de vorm hebben van parameter=waarde.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Indienparameters (-o) moeten de vorm hebben van parameter=waarde.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Geen agentreferenties opgegeven en geen standaard bekend.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Vernieuwing werd aangevraagd, maar er is geen serienummer aangeboden\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Geen eind-entity URL (-E) opgegeven en er is geen standaard bekend.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Geen agent URL (-A) gegeven en er is geen standaard bekend.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Geen profiel/template (-T) gegeven en er is geen standaard bekend.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Fout bij het afsluiten van NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Interne fout: onbekende toestand.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "Er is geen agent legitimatie (-n) opgeven, maar dit is wel nodig.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Fout %d bij het verbinden met %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Fout %d bij het verbinden met %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Interne fout: geen antwoord op \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "COMMANDO" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "MAP" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LIJST" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ADRES" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "BESTANDSNAAM" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "HOSTNAAM" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "BITS" #: src/getcert.c:71 msgid "MODE" msgstr "MODUS" #: src/getcert.c:72 msgid "NAME" msgstr "NAAM" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "OPDRACHTGEVER" #: src/getcert.c:74 msgid "SUBJECT" msgstr "ONDERWERP" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "GEBRUIKERSNAAM[:GROEPSNAAM]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "Pad \"%s\" is niet absoluut, in plaats daarvan wordt geprobeerd om \"%s\" te " "gebruiken.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Pad \"%s\" is niet absoluut en er was een fout bij het bepalen van de naam " "van de huidige map.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Pad \"%s\": onvoldoende rechten.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Pad \"%s\" is geen map.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Pad \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Pad \"%s\" is geen gewoon bestand.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Er draait geen systeembus.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Uitvoeren met UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Er wordt een tijdelijk specifieke service daemon opgestart.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Fout bij het verbinden met D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Verifieer of de berichtenbus (D-Bus) service draait.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Fout bij het aanmaken van DBus verzoekbericht.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "ontbrekend argument voor %s" #: src/getcert.c:398 msgid "missing argument" msgstr "ontbrekend argument" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "onbekende optie %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "onbekende optie" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "aliassen te diep genest" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "slechte parameter aanhaling" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "ongeldige numerieke waarde" #: src/getcert.c:421 msgid "number too large or too small" msgstr "getal te groot of te klein" #: src/getcert.c:424 msgid "bad operation" msgstr "slechte bewerking" #: src/getcert.c:427 msgid "internal error" msgstr "interne fout" #: src/getcert.c:430 msgid "out of memory" msgstr "geen geheugen beschikbaar" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "fout in popt-configuratiebestand" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Fout %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Fout %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Fout: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Fout ontvangen van de lokale %s service.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Geen reactie ontvangen van %s service.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Toestand %s, vast: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "NSS database voor sleutel en cert" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "bijnaam voor op NSS gebaseerde opslag (alleen geldig met -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "optionele tokennaam voor op NSS gebaseerde opslag (alleen geldig met -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "PEM-bestand voor privésleutel" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "PEM-bestand voor certificaat (alleen geldig met -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "bestand met de coderingspincode van de privésleutel" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "privésleutel coderingspincode" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "eigenaarsinformatie voor privésleutel" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "bestandsrechten voor privésleutel" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "eigenaarsinformatie voor certificaat" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "bestandsrechten voor certificaat" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "NSS-database waarin de certificaten van de CA worden opgeslagen" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "bestand waarin de certificaten van de CA worden opgeslagen" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "commando om uit te voeren voordat het certificaat wordt opgeslagen" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "commando om uit te voeren nadat het certificaat is opgeslagen" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "bijnaam om aan het verzoek toe te wijzen" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "type sleutel dat moet worden gegenereerd als er nog geen is" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "grootte van de sleutel die moet worden gegenereerd als er nog geen is" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "probeer het certificaat te vernieuwen wanneer de vervaldatum nadert " "(standaard)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" "probeer niet om het certificaat te vernieuwen wanneer de vervaldatum nadert" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "gebruik de opgegeven CA-configuratie in plaats van de standaard" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "vraag de CA om het verzoek te verwerken met het genoemde profiel of sjabloon" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "vraag de CA om het verzoek te verwerken met de genoemde uitgever" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "stel opgevraagde onderwerpnaam in (standaard: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "stel aangevraagde sleutelgebruikswaarde in" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "stel aangevraagde uitgebreide sleutelgebruik OID in" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "stel aangevraagde hoofdnaam in" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "stel aangevraagde DNS-naam in" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "stel aangevraagde e-mailadres in" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "stel aangevraagd IP-adres in" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "bestand met een optionele wachtwoordwaarde" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "een optionele wachtwoordwaarde" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "vraag een CA-certificaat aan" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "vraag een niet-CA-certificaat aan" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "pad lengte voor CA-certificaat" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "probeer te wachten tot het certificaat is afgegeven" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "maximale tijd om te wachten op de afgifte van het certificaat" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "maak verbinding met de certmonger-service op de sessiebus" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "maak verbinding met de certmonger-service op de systeembus" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Fout bij het initialiseren van Kerberos bibliotheek: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Er is geen ondersteuning voor het aanmaken van \"%s\" sleutels.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Bekende sleuteltypen zijn:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Niet herkende keyUsage \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Kon OID \"%s\" niet evalueren.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Fout bij het ontleden van Kerberos principal naam \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Fout bij unparsing van Kerberos principal naam \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: ongeldige waarde -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: optie vereist een argument -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: ongeldige optie -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Fout: niet gebruikt extra argument \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Fout: er zijn niet gebruikte extra argumenten opgegeven.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Database locatie of bijnaam opgegeven zonder de andere.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Database map en certificaatbestand beide gespecificeerd.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "Zowel database map als bijnaam of certificaat niet opgegeven.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" "Sleutel en certificaat kunnen niet beide in hetzelfde bestand opgeslagen " "worden.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "De IPA-backend vereist het gebruik van de -K optie (hoofdnaam) als een van " "de -N (onderwerpnaam), -E (e-mailadres), -A (IP-adres), -D (DNS-naam) of -U " "(extendedKeyUsage) -opties worden gebruikt.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Geen CA met de naam \"%s\" gevonden.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Fout bij instellen verzoek argumenten.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Nieuw ondertekeningverzoek \"%s\" toegevoegd.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Nieuw ondertekeningverzoek kon niet worden toegevoegd.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Nieuwe track verzoek \"%s\" toegevoegd.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Nieuw track verzoek kon niet toegevoegd worden.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "PEM-bestand voor privésleutel (alleen geldig met -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "PEM-bestand voor certificaat" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "bijnaam van een bestaand verzoek" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "bijnaam om aan trackingverzoek te geven" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "de aangevraagde sleutel gebruikswaarde overschrijven" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "aangevraagde uitgebreid sleutelgebruik OID overschrijven" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "aangevraagde hoofdnaam overschrijven" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "aangevraagde DNS-naam overschrijven" #: src/getcert.c:1874 msgid "override requested email address" msgstr "aangevraagde e-mailadres overschrijven" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "aangevraagde IP-adres overschrijven" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "Zowel ID als database map en bijnaam of certificaat niet opgegeven.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Verzoek \"%s\" gewijzigd.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Verzoek \"%s\" kan niet gewijzigd worden.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Geen aanvraag gevonden met de gespecificeerde bijnaam.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Geen verzoek gevonden dat overeenkomt met argumenten.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Verzoek \"%s\" verwijderd.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Verzoek \"%s\" kon niet verwijderd worden.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "bijnaam voor volgverzoek" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "nieuwe bijnaam om aan volgverzoek te geven" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "type nieuwe sleutel die moet worden gegenereerd" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "grootte van nieuw te genereren sleutel" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "gebruik de opgegeven CA-configuratie in plaats van de huidige" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Fout bij het wijzigen van \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "\"%s\" opnieuw indienen bij \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "\"%s\" opnieuw indienen.\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Fout bij het indienen van \"%s\" bij \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Fout bij het indienen van \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "vernieuw informatie over alle openstaande verzoeken" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "vernieuw informatie alleen voor verzoeken die de opgegeven CA-configuratie " "gebruiken" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Verzoek ID '%s' wordt ververst.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Verzoek ID '%s' wordt NIET ververst.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "toon alleen informatie over openstaande verzoeken" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "toon alleen informatie over bijgehouden certificaten" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "toon alleen aanvragen en certificaten die aan deze CA-configuratie zijn " "gekoppeld" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "toon tijden in UTC in plaats van lokale tijd" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Aantal certificaten en verzoeken dat bijgehouden wordt:%d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Verzoek ID '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "»status: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "»ca-fout: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "»vast: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "»sleutelpaar opslag: type=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "GEEN" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",locatie='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",bijnaam='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",pininstelling" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinbestand='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "»certificaat: type=%s,locatie='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\thandtekeningsverzoek vingerafdruk (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\thandtekeningsverzoek vingerafdruk (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tuitgever: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tonderwerp: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "onbekend" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "»verloopt: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "»email: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "»dns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "»principal naam: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP adres: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tsleutel gebruik: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "»eku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tcertificaat sjabloon/profiel: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\troot certificaten opgeslagen in bestanden:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tandere root certificaten opgeslagen in bestanden:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tandere certificaten opgeslagen in bestanden:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\troot certificaten opgeslagen in databases:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tandere root certificaten opgeslagen in databases:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tandere certificaten opgeslagen in databases:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tpre-save commando: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tpost-save commando: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "»track: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "»auto-renew: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Zowel ID als database map en bijnaam of certificaat zijn niet opgegeven.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "toon alleen de gespecificeerde CA-configuratie" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tzelf-identificatie: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "»ca-type: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "»helper-locatie %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "»next-serial-nummer: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "»bekende-uitgever-namen:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tbekende profielen/templates/certtypes:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tstandaard profiel/template/certtype: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tSCEP CA-identifier: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tSCEP CA certificaatvingerafdruk (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tSCEP CA certificaatvingerafdruk (SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "vernieuw de informatie over de CA-configuratie met deze naam" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "vernieuw informatie over alle bekende CA's" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "Noch CA bijnaam noch -a vlag gespecificeerd.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Data voor CA '%s' wordt ververst.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Data voor naamloze CA wordt ververst.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tfout bij verversen van CA data\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "bijnaam voor de nieuwe CA-configuratie" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "helpcommando uit te voeren voor het communiceren met de CA" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "CA-bijnaam niet gespecificeerd.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "CA helpcommando niet gespecificeerd.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Nieuwe CA \"%s\" toegevoegd.\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Nieuwe CA kon niet worden toegevoegd.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "locatie van SCEP-server" #: src/getcert.c:4458 msgid "CA identifier" msgstr "CA-ID" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "bestand met certificaat van CA" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "bestand met certificaat van RA" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "bestand met certificaten in de certificeringsketen van RA" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "geeft er de voorkeur aan de functie SCEP Renewal niet te gebruiken" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "server URL niet gespecificeerd.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS vereist een CA-certificaat.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Fout bij het bouwen van de commandoregel.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "Fout bij het instellen van CA-ID.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "bijnaam van de CA-configuratie" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" "vernieuwd help commando dat moet worden uitgevoerd om te communiceren met CA" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "CA \"%s\" gewijzigd.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "CA kon niet worden gewijzigd.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "bijnaam van de te verwijderen CA-configuratie" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "CA \"%s\" is verwijderd.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "CA kon niet worden verwijderd.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - cliënt certificaat uitgeef gereedschap\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Gebruik: %s request [opties]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Vereiste argumenten:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Als een NSS database voor opslag gebruikt wordt:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d MAP»NSS database voor sleutel en cert\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAAM»bijnaam voor op NSS gebaseerde opslag (alleen geldig met -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAAM»optionele token naam voor op NSS gebaseerde opslag (alleen geldig " "met -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Als bestanden voor opslag gebruikt worden:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k BESTAND»PEM bestand voor prive sleutel\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f BESTAND»PEM bestand voor certificaat (alleen geldig met -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Als sleutels gecodeerd moeten worden:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p BESTAND»bestand welke de codering PIN bevat\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN»PIN waarde\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Optionele argumenten:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Certificaat afhandel instellingen:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAAM»bijnaam toegekend aan het verzoek\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" " -G TYPE\tsleuteltype dat aangemaakt wordt als er nog geen aanwezig is\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g GROOTTE»grootte van de te genereren sleutel als er nog geen aanwezig " "is\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r»»probeer het certificaat te vernieuwen als de verloopdatum nadert " "(standaard)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R»»probeer het certificaat niet te vernieuwen als de verloopdatum nadert\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA»»gebruik de gespecificeerde CA in plaats van de standaard\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\tvraag de CA om het verzoek de verwerken met het opgegeven " "profiel of template\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -X UITGEVER\tvraag de CA om het verzoek te verwerken met de genoemde " "uitgever\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parameters voor het ondertekening verzoek:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAAM»stel de gevraagde subject naam in (standaard: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE»stel het gevraagde uitgebreide sleutel gebruik OID in\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\tstel aangevraagde sleutel gebruik waarde in\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAAM»stel de gevraagde principal naam in\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAAM»stel de gevraagde DNS naam in\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL»stel het gevraagde email adres in\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADRES\tstel vereiste IP adres in\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l BESTAND\tbestand dat een optioneel uitdagingswachtwoord bevat\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L WACHTWOORD\teen optionele uitdagingswachtwoordwaarde\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Bus opties:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S»»verbind met de certmonger service op de systeem bus\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s»»verbind met de certmonger service op de sessie bus\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Andere opties:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tcommando uit te voeren voor het opslaan van het certificaat\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tcommando uit te voeren na het opslaan van het certificaat\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tbestand waarin de certificaten van de CA opgeslagen worden\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" " -a\tNSS database waarin de certificaten van de CA opgeslagen worden\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tprobeer te wachten totdat het certificaat afgegeven is\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v»rapporteer alle foutdetails\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Gebruik: %s start-tracking [opties]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Als een bestaande aanvraag veranderd wordt:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAAM»bijnaam van een bestaand track verzoek\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Als sleutels gecodeerd zijn:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAAM»bijnaam te geven aan track verzoek\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parameters voor het ondertekeningverzoek bij het vernieuwen:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE»overschrijf gevraagde uitgebreide sleutel gebruik OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAAM»overschrijf gevraagde principal naame\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAAM»overschrijf gevraagde DNS naam\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL»overschrijf gevraagde email adres\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADRES\toverschrijf gevraagde IP adres\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Gebruik: %s stop-tracking [opties]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Op verzoek id:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAAM»bijnaam voor track verzoek\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Gebruik: %s resubmit [opties]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f BESTAND»PEM bestand voor certificaat\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nieuwe parameterwaarden voor de ondertekening verzoek:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAAM»nieuwe bijnaam om aan track verzoek te geven\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA»»gebruik de gespecificeerde CA in plaats van de huidige\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Gebruik: %s rekey [opties]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TYPE\ttype nieuwe sleutel die moet worden gegenereerd\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g GROOTTE\tgrootte van nieuwe te genereren sleutel\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Gebruik: %s list [opties]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Algemene opties:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA»laat allen verzoeken certificaten zien die bij deze CA horen\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r»laat alleen informatie zien over uitstaande verzoeken\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t»laat alleen informatie zien over gevolgde certificaten\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\ttoon tijden in UTC in plaats van lokale tijd\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Als een specifiek verzoek geselecteerd wordt:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d MAP»toon alleen verzoeken en certificaten die deze NSS database " "gebruiken\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAAM» toon alleen verzoeken en certificaten die deze bijnaam gebruiken\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f BESTAND»toon alleen verzoeken en certificaten die in dit PEM bestand " "opgeslagen zijn\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S»verbind met de certmonger service op de systeem bus\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s»verbind met de certmonger service op de sessie bus\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Gebruik: %s refresh [opties]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\tvernieuw informatie over alle openstaande verzoeken\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Gebruik: %s status [opties]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* Selecteer een specifieke aanvraag:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* Als een NSS database gebruikt wordt voor opslag:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr " -d MAP\tgeef status voor het verzoek terug in deze NSS database\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr " -n NAAM\tgeef status voor cert die deze bijnaam gebruikt\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* Als bestanden gebruikt worden voor opslag:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" " -f BESTAND\tgeef status terug voor cert opgeslagen in dit PEM bestand\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Gebruik: %s list-cas [opties]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA»laat alleen informatie zien over de CA met deze naam\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Gebruik: %s refresh-ca [opties]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\tververs informatie over de CA met deze naam\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\tvernieuw informatie over alle bekende CA's\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Gebruik: %s add-ca [opties]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\tbijnaam voor de nieuwe CA-configuratie\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr " -e CMD\thelp commando om uit te voeren voor het communiceren met CA\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Gebruik: %s add-scep-ca [opties]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tlocatie van SCEP-server\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ID\t\tCA-ID\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R BESTAND\tbestand met de certificaten van CA\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r BESTAND\tbestand met certificaat van RA\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" " -I BESTAND\tbestand met certificaten in de certificeringsketen van RA\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tgebruik liever geen SCEP Renewal functie\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Gebruik: %s modify-ca [opties]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\tbijnaam van de CA-configuratie\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e CMD\tvernieuwde help opdracht die moet worden uitgevoerd om te " "communiceren met CA\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Gebruik: %s remove-ca [opties]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\tbijnaam van de te verwijderen CA-configuratie\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Gebruik: %s commando [opties]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "vraag een nieuw certificaat aan van een CA\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "begin met het monitoren van een reeds uitgegeven certificaat\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "stop met het monitoren van een certificaat\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" "dien een inschrijvingsverzoek in uitvoering opnieuw in, of begin met een " "nieuw\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "genereer een nieuwe privésleutel en vervang een certificaat\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "controleer de status van een inschrijvingsverzoek in uitvoering\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "toon gemonitorde en aangevraagde certificaten\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" "controleer de status van een certificaat dat gemonitord wordt of aangevraagd " "is\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "voeg een CA-configuratie toe\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "voeg een SCEP CA-configuratie toe\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "toon bekende CA-configuraties\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "wijzig een CA-configuratie\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "ververs de cache met alle informatie verkregen van een CA\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "verwijder een CA-configuratie\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: onbekend commando\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "Kan locatie van IPA LDAP server niet vaststellen.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "Kan geen contact krijgen met een IPA LDAP server.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "Kan basis DN niet vaststellen uit domeininformatie van IPA server.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "Fout bij het instellen van XMLRPC op de cliënt.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "De -t optie kan niet met de -K optie gebruikt worden.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "De -k optie kan niet met de -K optie gebruikt worden.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "De -K optie niet met de -k of the -t optie gebruikt worden.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Kan principal naam voor de aanvraag ondertekening niet bepalen.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "Geen IPA-domein geconfigureerd en geen gespecificeerd.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Fout bij het instellen van ccache voor \"host\" service op cliënt die " "standaard keytab: %s gebruikt.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Fout bij het instellen van ccache voor \"%s\" op cliënt die standaard keytab:" " %s gebruikt.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Fout bij het instellen van ccache voor \"host\" service die keytab \"%s\" " "gebruikt: %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Fout bij het instellen van ccache voor \"%s\" op cliënt die keytab \"%s\" " "gebruikt: %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Kan ondetekeningverzoek niet lezen.\n" #: src/main.c:74 msgid "use session bus" msgstr "gebruik sessiebus" #: src/main.c:75 msgid "use system bus" msgstr "gebruik systeembus" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "start een speciale luister socket" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "gebruik alleen een speciale luister socket" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "specificeer de speciale luister socket" #: src/main.c:78 msgid "PATHNAME" msgstr "PADNAAM" #: src/main.c:79 msgid "don't become a daemon" msgstr "word geen daemon" #: src/main.c:80 msgid "do become a daemon" msgstr "word een daemon" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "bus-geactiveerde, inactieve time-out" #: src/main.c:81 msgid "SECONDS" msgstr "SECONDEN" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "gebruik geen time-out voor inactiviteit" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "debugniveau instellen (impliceert -n)" #: src/main.c:83 msgid "NUMBER" msgstr "AANTAL" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "start COMMANDO en sluit af wanneer dit het geval is" #: src/main.c:87 msgid "write service PID to file" msgstr "schrijf service-PID naar bestand" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "forceer NSS in de FIPS modus" #: src/main.c:90 msgid "print version information" msgstr "print versie informatie" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Gebruik: %s [-s|-S] [-n|-f] [-d NIVEAU] [-p BESTAND] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s gebruik sessie bus\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S gebruik systeem bus\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l start een specifieke socket om naar te luisteren\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" "\t-L gebruik alleen een specifiek socket om naar te luisteren\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" "\t-P PAD specificeert de specifieke socket waarnaar geluisterd wordt\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n niet omzetten in een daemon\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f omzetten in een daemon\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT bus-geactiveerde, idle timeout\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B gebruik geen idle timeout\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL stel debug niveau in (impliceert -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c COMMANDO start COMMANDO sluit af als deze dat doet\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p BESTAND schrijf een service PID naar bestand\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F forceer NSS naar de FIPS modus\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v print versie informatie en sluit af\n" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Geen SCEP URL (-u) opgegeven en er is geen standaard bekend.\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" "Geen SCEP bewerking (-c/-C/-g/-p) opgegeven en er is geen standaard bekend.\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Geen RA certificaat (-r) opgegeven en er is geen standaard bekend.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" "Fout bij lezen van verzoek. Verwachte PKCS7-data met een GetInitialCert " "pkiMessage, kreeg niets.\n" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" "Fout bij lezen van verzoek. Verwachte PKCS7-data met een PKCSReq pkiMessage, " "kreeg niets.\n" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" "Waarschuwing: verzoek is noch een PKCSReq noch een GetInitialCert verzoek.\n" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" "Waarschuwing: verzoektype \"%s\" is noch een PKCSReq noch een GetInitialCert " "verzoek.\n" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "Waarschuwing: verzoek mist een transactie-ID.\n" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "Waarschuwing: verzoek mist senderNonce.\n" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Ik kreeg antwoordcode %d van %s, niet 200.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "Serverantwoord was een onverwacht MIME type \"%s\".\n" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Fout: kan handtekening op serverreactie niet verifiëren.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "Fout: antwoord was geen CertRep (%s).\n" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "Fout: antwoord mist transactie-ID.\n" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "Fout: antwoord bevat een andere transactie-ID.\n" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "Fout: antwoord mist pkiStatus.\n" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "Fout: antwoord mist recipientNonce.\n" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "Fout: antwoord nonce komt niet overeen met verzoek.\n" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Fout: antwoord mist senderNonce.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "Niet-gespecificeerde fout op de server.\n" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "Onbekende of niet-ondersteunde algorithme-ID in cliënt verzoek.\n" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "Integriteitscontrole van cliënt verzoek mislukt op server.\n" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" "Transactie is niet toegestaan of wordt niet ondersteund door de server.\n" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "Klok skew te groot.\n" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "Niet-ondersteunde extensie.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "Moet sleutels archiveren.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "Slechte identiteit.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "Bewijs van bezit vereist.\n" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "Bewijs van bezit mislukte.\n" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "Geen hergebruik van sleutels.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "Interne CA-fout.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "Probeer later.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "Server heeft foutcode \"%s\" geretourneerd.\n" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "Fout: kan ondertekende data niet ontleden.\n" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "Fout: payload met ondertekende data is geen omhulde data.\n" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "Fout: omhulde data payload is geen data.\n" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "Fout: pkiStatus \"%s\" wordt niet herkend.\n" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Er is een interne fout opgetreden." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Geen bijpassende ingang gevonden.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Er is al een CA met de bijnaam \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Certificaat opslag type niet gespecificeerd." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Certificaat opslag type \"%s\" niet ondersteund." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "De locatie \"%s\" moet een absoluut pad zijn." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Certificaat opslaglocatie niet gespecificeerd." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "Er is geen toegang tot de ouder van locatie \"%s\" wegens onvoldoende " "rechten." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "De ouder van locatie \"%s\" moet een geldige map zijn." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "De locatie \"%s\" moet een bestand zijn." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "Er is geen toegang tot de locatie \"%s\" wegens onvoldoende rechten." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "De locatie \"%s\" moet een map zijn." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Certificaat bijnaam niet opgegeven." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Er is al een verzoek met de bijnaam \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Een certificaat op dezelfde locatie wordt al gebruik door een aanvraag met " "bijnaam \"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Sleutel opslag type \"%s\" niet ondersteund." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "sleutel opslaglocatie niet gespecificeerd." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Sleutel bijnaam niet opgegeven." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Een sleutel op dezelfde locatie wordt al gebruik door een aanvraag met " "bijnaam \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Er is geen ondersteuning voor sleuteltype \"%s\"." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Onbekende CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Certificaat autoriteit \"%s\" is niet bekend." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Onbekende parameter of verkeerde type waarde." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Fout bij het ontleden van argumenten." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Onbekende eigenschap naam." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Onvoldoende toegang. Probeer de bewerking opnieuw als root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Verifieer of de certmonger service opgestart werd.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Verifieer of de certmonger service nog steeds draait.\n" certmonger-0.79.19/po/pl.po0000644000175000017500000021516314511314133015033 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Nalin Dahyabhai , 2011 # Piotr Drąg , 2011-2014, 2020. # Piotr Drąg , 2016. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2020-12-12 11:42+0000\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 4.3.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Brak pamięci.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Nie można określić nazwy komputera CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Nie można odczytać żądania podpisania z pliku „%s”.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Nie można odczytać żądania podpisania ze zmiennej środowiskowej „%s”.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Błąd podczas ustawiania dla XML-RPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Błąd podczas przetwarzania odpowiedzi serwera.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Błąd serwera.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Parametry profilu (-O) muszą być w formie parametr=wartość.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Parametry wysyłania (-o) muszą być w formie parametr=wartość.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" "Nie podano danych uwierzytelniających agenta, a nie ma wartości domyślnej.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Zażądano odnowienia, ale nie podano numeru seryjnego.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "Nie podano adresu URL końcowej jednostki (-E), a nie ma wartości domyślnej.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Nie podano adresu URL agenta (-A), a nie ma wartości domyślnej.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Nie podano profilu/szablonu (-T), a nie ma wartości domyślnej.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Błąd podczas wyłączania NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Wewnętrzny błąd: nieznany stan.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" "Nie podano żadnych danych uwierzytelniających agenta (-n), które są " "wymagane.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Błąd %d podczas łączenia z %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Błąd %d podczas łączenia z %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Wewnętrzny błąd: brak odpowiedzi na „%s?%s”.\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "POLECENIE" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "KATALOG" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LISTA" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ADRES" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "NAZWA-PLIKU" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "NAZWA-KOMPUTERA" #: src/getcert.c:67 msgid "ID" msgstr "IDENTYFIKATOR" #: src/getcert.c:69 msgid "BITS" msgstr "BITY" #: src/getcert.c:71 msgid "MODE" msgstr "TRYB" #: src/getcert.c:72 msgid "NAME" msgstr "NAZWA" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "NACZELNIK" #: src/getcert.c:74 msgid "SUBJECT" msgstr "TEMAT" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "NAZWA-UŻYTKOWNIKA[:NAZWA-GRUPY]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "Ścieżka „%s” nie jest bezwzględna, próbowanie użycia „%s” zamiast niej.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Ścieżka „%s” nie jest bezwzględna i wystąpił błąd podczas określania nazwy " "bieżącego katalogu.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Ścieżka „%s”: niewystarczające uprawnienia.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Ścieżka „%s” nie jest katalogiem.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Ścieżka „%s”: %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Ścieżka „%s” nie jest zwykłym plikiem.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Magistrala systemowa nie jest uruchomiona.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Uruchamianie jako UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Uruchamianie tymczasowej dedykowanej usługi.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Błąd podczas łączenia z usługą D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" "Proszę sprawdzić, czy usługa magistrali komunikatów (D-Bus) jest " "uruchomiona.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Błąd podczas tworzenia komunikatu żądania D-Bus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "brak parametru dla %s" #: src/getcert.c:398 msgid "missing argument" msgstr "brak parametru" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "nierozpoznana opcja %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "nierozpoznana opcja" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "aliasy są zagnieżdżone za głęboko" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "błędne cytowanie parametru" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "nieprawidłowa wartość numeryczna" #: src/getcert.c:421 msgid "number too large or too small" msgstr "liczby są za duże lub za małe" #: src/getcert.c:424 msgid "bad operation" msgstr "błędne działanie" #: src/getcert.c:427 msgid "internal error" msgstr "wewnętrzny błąd" #: src/getcert.c:430 msgid "out of memory" msgstr "brak pamięci" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "błąd w pliku konfiguracji popt" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Błąd %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Błąd %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Błąd: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Otrzymano błędną odpowiedź z lokalnej usługi %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Nie otrzymano odpowiedzi z usługi %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Stan %s, zatkanie: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "baza danych NSS dla klucza i certyfikatu" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" "pseudonim dla przechowywania opartego na NSS (prawidłowe tylko z opcją -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "opcjonalna nazwa tokenu dla przechowywania opartego na NSS (prawidłowe tylko " "z opcją -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "plik PEM dla klucza prywatnego" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "plik PEM dla certyfikatu (prawidłowe tylko z opcją -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "plik przechowujący kod PIN szyfrowania klucza prywatnego" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "kod PIN szyfrowania klucza prywatnego" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "informacje o właścicielu klucza prywatnego" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "uprawnienia pliku klucza prywatnego" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "informacje o właścicielu certyfikatu" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "uprawnienia pliku certyfikatu" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "baza danych NSS, w której przechowywać certyfikaty CA" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "plik, w którym przechowywać certyfikaty CA" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "polecenie do wykonania przed zapisaniem certyfikatu" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "polecenie do wykonania po zapisaniu certyfikatu" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "pseudonim do przydzielenia żądaniu" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "typ klucza do utworzenia, jeśli jeszcze nie ma żadnego" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "rozmiar klucza do utworzenia, jeśli jeszcze nie ma żadnego" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "próbuje odnowić certyfikat, kiedy zbliża się jego wygaszenie (domyślnie)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "nie próbuje odnowić certyfikatu, kiedy zbliża się jego wygaszenie" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "używa podanej konfiguracji CA zamiast domyślnej" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "prosi CA o przetworzenie żądania za pomocą nazwanego profilu lub szablonu" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "prosi CA o przetworzenie żądania za pomocą nazwanego wystawcy" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "ustawia żądaną nazwę tematu (domyślnie: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "ustawia żądaną wartość użycia klucza" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "ustawia żądany OID użycia rozszerzonego klucza" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "ustawia żądaną nazwę naczelnika" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "ustawia żądaną nazwę DNS" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "ustawia żądany adres e-mail" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "ustawia żądany adres IP" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "plik przechowujący opcjonalną wartość hasła wyzwania" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "opcjonalna wartość hasła wyzwania" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "żąda certyfikat CA" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "żąda certyfikatu nie-CA" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "długość ścieżki do certyfikatu CA" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "próbuje czekać na wydanie certyfikatu" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "maksymalny czas oczekiwania na wydanie certyfikatu" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "łączy z usługą certmonger przez magistralę sesji" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "łączy z usługą certmonger przez magistralę systemową" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Błąd podczas inicjowania biblioteki Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Brak obsługi tworzenia kluczy „%s”.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Znane typy kluczy:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Nierozpoznane użycie klucza „%s”.\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Nie można obliczyć OID „%s”.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Błąd podczas przetwarzania nazwy naczelnika Kerberosa „%s”: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" "Błąd podczas odwracania przetworzenia nazwy naczelnika Kerberosa „%s”: %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: nieprawidłowa wartość — „%s”\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: opcja wymaga parametru — „%c”\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: nieprawidłowa opcja — „%c”\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Błąd: nieużywany dodatkowy parametr „%s”.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Błąd: podano nieużywane dodatkowe parametry.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Podano położenie bazy danych lub pseudonim bez drugiego parametru.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Podano zarówno katalog bazy danych, jak i plik certyfikatu.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "Nie podano katalogu bazy danych i pseudonimu lub pliku certyfikatu.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Nie można zapisać klucza i certyfikatu do tego samego pliku.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Zaplecze IPA wymaga użycia opcji -K (nazwy naczelnika), kiedy używane są " "opcje -N (nazwa tematu), -E (adres e-mail), -A (adres IP), -D (nazwa DNS) " "lub -U („extendedKeyUsage”).\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Nie odnaleziono CA o nazwie „%s”.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Błąd podczas ustawiania parametrów żądania.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Dodano nowe żądanie podpisania „%s”.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Nie można dodać nowego żądania podpisania.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Dodano nowe żądanie śledzenia „%s”.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Nie można dodać nowego żądania śledzenia.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "plik PEM dla klucza prywatnego (prawidłowe tylko z opcją -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "plik PEM dla certyfikatu" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "pseudonim istniejącego żądania" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "pseudonim do nadania śledzonemu żądaniu" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "zastępuje żądaną wartość użycia klucza" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "zastępuje żądany OID użycia rozszerzonego klucza" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "zastępuje żądaną nazwę naczelnika" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "zastępuje żądaną nazwę DNS" #: src/getcert.c:1874 msgid "override requested email address" msgstr "zastępuje żądany adres e-mail" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "zastępuje żądany adres IP" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Nie podano identyfikatora, albo katalogu bazy danych i pseudonimu, albo " "pliku certyfikatu.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Zmodyfikowano żądanie „%s”.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Nie można zmodyfikować żądania „%s”.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Nie odnaleziono żądania dla podanego pseudonimu.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Nie odnaleziono żądania pasującego do parametrów.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Usunięto żądanie „%s”.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Nie można usunąć żądania „%s”.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "pseudonim śledzonego żądania" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "nowy pseudonim do nadania śledzonemu żądaniu" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "typ nowego klucza do utworzenia" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "rozmiar nowego klucza do utworzenia" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "używa podanej konfiguracji CA zamiast bieżącej" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Błąd podczas modyfikowania „%s”.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Ponowne wysyłanie „%s” do „%s”.\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Ponowne wysyłanie „%s”.\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Błąd podczas próby wysłania „%s” do „%s”.\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Błąd podczas próby wysłania „%s”.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "odświeża informacje o wszystkich oczekujących żądaniach" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "odświeża informacje tylko o żądaniach używających podanej konfiguracji CA" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Identyfikator żądania „%s” jest odświeżany.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Identyfikator żądania „%s” NIE jest odświeżany.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "wyświetla informacje tylko o oczekujących żądaniach" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "wyświetla informacje tylko o śledzonych certyfikatach" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "wyświetla tylko żądania i certyfikaty powiązane z tą konfiguracją CA" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "wyświetla czas w UTC zamiast w lokalnym czasie" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Liczba śledzonych certyfikatów i żądań: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Identyfikator żądania „%s”:\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tstan: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tbłąd-ca: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tzatkanie: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tprzechowywanie pary kluczy: typ=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "BRAK" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",położenie=\"%s\"" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",pseudonim=\"%s\"" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token=\"%s\"" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",przypnij zestaw" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",plik-pinu=\"%s\"" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertyfikat: typ=%s,położenie=\"%s\"" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\tpodpisywanie odcisku żądania (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\tpodpisywanie odcisku żądania (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\twystawca: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\ttemat: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "nieznane" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\twygasa: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\te-mail: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnazwa naczelnika: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tAdres IP: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tużycie klucza: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tszablon/profil certyfikatu: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\tcertyfikaty roota zapisane do plików:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tinne certyfikaty roota zapisane do plików:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tinne certyfikaty zapisane do plików:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\tcertyfikaty roota zapisane w bazach danych:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tinne certyfikaty roota zapisane w bazach danych:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tinne certyfikaty zapisane w bazach danych:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tpolecenie pre-save: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tpolecenie post-save: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tścieżka: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tautomatyczne-odnawianie: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Nie podano identyfikatora, albo katalogu bazy danych i pseudonimu, albo " "pliku certyfikatu.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "wyświetla tylko podaną konfigurację CA" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA „%s”:\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tidentyfikuje się jako: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\ttyp-ca: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tpołożenie-pomocnika: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tnastępny-numer-seryjny: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnazwy-znanych-wystawców: \n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tznane profile/szablony/typy certyfikatów:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tdomyślny profil/szablon/typ certyfikatu: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tIdentyfikator CA SCEP: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\todcisk certyfikatu CA SCEP (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\todcisk certyfikatu CA SCEP (SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "odświeża informacje o konfiguracji CA o tej nazwie" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "odświeża informacje o wszystkich znanych CA" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "Nie podano pseudonimu CA ani flagi -a.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Dane dla CA „%s” są odświeżane.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Dane dla nienazwanego CA są odświeżane.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tbłąd podczas odświeżania danych CA\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "pseudonim do nadania nowej konfiguracji CA" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "polecenie pomocnicze wykonywane do komunikowania się z CA" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "Nie podano pseudonimu CA.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "nie podano polecenia pomocniczego CA.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Dodano nowe CA „%s”.\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Nie można dodać nowego CA.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "położenie serwera SCEP" #: src/getcert.c:4458 msgid "CA identifier" msgstr "Identyfikator CA" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "plik zawierający certyfikat CA" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "plik zawierający certyfikat RA" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "plik zawierający certyfikaty w łańcuchu certyfikującym RA" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "preferuje nie używać funkcji odnawiania SCEP" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "nie podano adresu URL serwera.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS wymaga certyfikatu CA.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Błąd podczas budowania wiersza poleceń.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "Błąd podczas ustawiania identyfikatora CA.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "pseudonim konfiguracji CA" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" "zaktualizowane polecenie pomocnicze wykonywane do komunikowania się z CA" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "Zmodyfikowano CA „%s”.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "Nie można zmodyfikować CA.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "pseudonim usuwanej konfiguracji CA" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "Usunięto CA „%s”.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "Nie można usunąć CA.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s — narzędzie kwalifikowania certyfikatów klientów\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Użycie: %s request [opcje]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Wymagane parametry:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "• Podczas używania bazy NSS do przechowywania danych:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d KAT\tbaza danych NSS dla klucza i certyfikatu\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAZWA\tpseudonim dla przechowywania opartego na NSS (prawidłowe tylko z " "opcją -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAZWA\topcjonalna nazwa tokenu dla przechowywania opartego na NSS " "(prawidłowe tylko z opcją -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "• Podczas używania plików do przechowywania:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k PLIK\tplik PEM dla klucza prywatnego\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f PLIK\tplik PEM dla certyfikatu (prawidłowe tylko z opcją -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "• Jeśli klucze mają zostać zaszyfrowane:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p PLIK\tplik przechowujący kod PIN szyfrowania\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\twartość kodu PIN\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Opcjonalne parametry:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "• Ustawienia obsługiwania certyfikatów:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAZWA\tpseudonim do przydzielenia żądaniu\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TYP\ttyp klucza do utworzenia, jeśli jeszcze nie ma żadnego\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g ROZMIAR\trozmiar klucza do utworzenia, jeśli jeszcze nie ma żadnego\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tpróbuje odnowić certyfikat, kiedy zbliża się jego wygaszenie " "(domyślnie)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tnie próbuje odnowić certyfikatu, kiedy zbliża się jego wygaszenie\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tużywa podanego CA zamiast domyślnego\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFIL\tprosi CA o przetworzenie żądania za pomocą nazwanego profilu " "lub szablonu\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -X WYSTAWCA\tprosi CA o przetworzenie żądania za pomocą nazwanego " "wystawcy\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "• Parametry do żądania podpisania:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAZWA\tustawia żądaną nazwę tematu (domyślnie: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U UŻYCIE-ZEWNĘTRZNE\tustawia żądany OID użycia rozszerzonego klucza\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u UŻYCIE-KLUCZA\tustawia żądaną wartość użycia klucza\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAZWA\tustawia żądaną nazwę naczelnika\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D NAZWA-DNS\tustawia żądaną nazwę DNS\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E E-MAIL\tustawia żądany adres e-mail\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADRES\tustawia żądany adres IP\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l PLIK\tplik przechowujący opcjonalne hasło wyzwania\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L HASŁO\topcjonalna wartość hasła wyzwania\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "• Opcje magistrali:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tłączy z usługą certmonger przez magistralę systemową\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tłączy z usługą certmonger przez magistralę sesji\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "• Inne opcje:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tpolecenie do wykonania przed zapisaniem certyfikatu\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tpolecenie do wykonania po zapisaniu certyfikatu\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tplik, w którym przechowywać certyfikaty CA\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tbaza danych NSS, w której przechowywać certyfikaty CA\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tpróbuje czekać na wydanie certyfikatu\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tzgłasza wszystkie informacje o błędach\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Użycie: %s start-tracking [opcje]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "• Podczas modyfikowania istniejącego żądania:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAZWA\tpseudonim istniejącego żądania śledzenia\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "• Jeśli klucze są zaszyfrowane:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAZWA\tpseudonim do nadania śledzonemu żądaniu\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "• Parametry do żądania podpisania w czasie odnowienia:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U UŻYCIE-ZEWNĘTRZNE\tzastępuje żądany OID użycia rozszerzonego klucza\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAZWA\tzastępuje żądaną nazwę naczelnika\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D NAZWA-DNS\tzastępuje żądaną nazwę DNS\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E E-MAIL\tzastępuje żądany adres e-mail\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADRES\tzastępuje żądany adres IP\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Użycie: %s stop-tracking [opcje]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "• Według identyfikatora żądania:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAZWA\tpseudonim dla śledzonego żądania\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Użycie: %s resubmit [opcje]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f PLIK\tplik PEM dla certyfikatu\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "• Wartości nowych parametrów dla żądania podpisania:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAZWA\tnowy pseudonim przyznany śledzonemu żądaniu\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tużywa podanego CA zamiast bieżącego\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Użycie: %s rekey [opcje]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TYP\ttyp nowego klucza do utworzenia\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g ROZMIAR\trozmiar nowego klucza do utworzenia\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Użycie: %s list [opcje]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "• Ogólne opcje:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA\twyświetla tylko żądania i certyfikaty powiązane z tym CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\twyświetla informacje tylko o oczekujących żądaniach\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\twyświetla informacje tylko o śledzonych certyfikatach\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\twyświetla czas w UTC zamiast w lokalnym czasie\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "• Jeśli wybrano konkretne żądanie:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d KATALOG\twyświetla tylko żądania i certyfikaty, które używają tej bazy " "danych NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAZWA\twyświetla tylko żądania i certyfikaty, które używają tego " "pseudonimu\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f PLIK\twyświetla tylko żądania i certyfikaty przechowywane w tym pliku " "PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tłączy z usługą certmonger przez magistralę systemową\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tłączy z usługą certmonger przez magistralę sesji\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Użycie: %s refresh [opcje]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\todświeża informacje o wszystkich oczekujących żądaniach\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Użycie: %s status [opcje]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "• Wybieranie konkretnego żądania:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "• Podczas używania bazy NSS do przechowywania:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr " -d KATALOG\twyświetla stan żądania w bazie danych NSS\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr " -n NAZWA\twyświetla stan certyfikatu, który używa tego pseudonimu\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "• Podczas używania plików do przechowywania:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" " -f PLIK\twyświetla stan certyfikatu przechowywanego w tym pliku PEM\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Użycie: %s list-cas [opcje]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\twyświetla informacje tylko o CA o tej nazwie\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Użycie: %s refresh-ca [opcje]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\todświeża informacje o CA o tej nazwie\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\todświeża informacje o wszystkich znanych CA\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Użycie: %s add-ca [opcje]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\tpseudonim do nadania nowej konfiguracji CA\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" " -e POLECENIE\tpolecenie pomocnicze wykonywane do komunikowania się z CA\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Użycie: %s add-scep-ca [opcje]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tpołożenie serwera SCEP\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ID\t\tidentyfikator CA\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R PLIK\tplik zawierający certyfikat CA\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r PLIK\tplik zawierający certyfikat RA\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr " -I PLIK\tplik zawierający certyfikaty w łańcuchu certyfikującym RA\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tpreferuje nie używać funkcji odnawiania SCEP\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Użycie: %s modify-ca [opcje]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\tpseudonim konfiguracji CA\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e POLECENIE\tzaktualizowane polecenie pomocnicze wykonywane do " "komunikowania się z CA\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Użycie: %s remove-ca [opcje]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\tpseudonim usuwanej konfiguracji CA\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Użycie: %s polecenie [opcje]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "żąda nowego certyfikatu z CA\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "rozpoczyna monitorowanie już wydanego certyfikatu\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "zatrzymuje monitorowanie certyfikatu\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "ponownie wysyła trwające żądanie kwalifikacji lub rozpoczyna nowe\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "tworzy nowy klucz prywatny i zastępuje certyfikat\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "sprawdza stan trwającego żądania kwalifikacji\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "wyświetla listę monitorowanych i żądanych certyfikatów\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "sprawdza stan monitorowanego lub żądanego certyfikatu\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "dodaje konfigurację CA\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "dodaje konfigurację CA SCEP\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "wyświetla znane konfiguracje CA\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "modyfikuje konfigurację CA\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "odświeża pamięć podręczną wszystkich informacji uzyskanych z CA\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "usuwa konfigurację CA\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: nierozpoznane polecenie\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "Nie można ustalić położenia serwera LDAP IPA.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "Nie można skontaktować się z serwerem IPA LDAP.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "Nie można ustalić podstawowego DN informacji domeny na serwerze IPA.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "Błąd podczas ustawiania dla XML-RPC na kliencie.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "Opcja -t nie może być używana z opcją -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "Opcja -k nie może być używana z opcją -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "Opcja -K nie może być używana z opcją -k lub -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Nie można określić nazwy naczelnika dla żądania podpisania.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "Nie skonfigurowano domeny IPA, i nie podano żadnej.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Błąd podczas ustawiania ccache dla usługi „gospodarza” na kliencie za pomocą " "domyślnej tablicy kluczy: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Błąd podczas ustawiania ccache dla „%s” na kliencie za pomocą domyślnej " "tablicy kluczy: %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Błąd podczas ustawiania ccache dla usługi „gospodarza” na kliencie za pomocą " "tablicy kluczy „%s”: %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Błąd podczas ustawiania ccache dla „%s” na kliencie za pomocą tablicy kluczy " "„%s”: %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Nie można odczytać żądania podpisania.\n" #: src/main.c:74 msgid "use session bus" msgstr "używa magistrali sesji" #: src/main.c:75 msgid "use system bus" msgstr "używa magistrali systemowej" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "rozpoczyna dedykowane gniazdo nasłuchiwania" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "używa tylko dedykowanego gniazda nasłuchiwania" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "podaje dedykowane gniazdo nasłuchiwania" #: src/main.c:78 msgid "PATHNAME" msgstr "NAZWA-ŚCIEŻKI" #: src/main.c:79 msgid "don't become a daemon" msgstr "bez zmiany na usługę" #: src/main.c:80 msgid "do become a daemon" msgstr "zmiana na usługę" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "aktywacja przez magistralę, czas oczekiwania na bezczynność" #: src/main.c:81 msgid "SECONDS" msgstr "SEKUNDY" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "bez użycia czasu oczekiwania na bezczynność" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "ustawia poziom debugowania (wymusza opcję -n)" #: src/main.c:83 msgid "NUMBER" msgstr "LICZBA" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "rozpoczyna POLECENIE i kończy działanie po jego ukończeniu" #: src/main.c:87 msgid "write service PID to file" msgstr "zapisuje PID usługi do pliku" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "wymusza przejście NSS do trybu FIPS" #: src/main.c:90 msgid "print version information" msgstr "wyświetla informacje o wersji" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Użycie: %s [-s|-S] [-n|-f] [-d POZIOM] [-p PLIK] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s używa magistrali sesji\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S używa magistrali systemowej\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l rozpoczyna dedykowane gniazdo nasłuchiwania\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L używa tylko dedykowanego gniazda nasłuchiwania\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P ŚCIEŻKA podaje dedykowane gniazdo nasłuchiwania\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n bez zmiany na usługę\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f zmiana na usługę\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b aktywacja przez magistralę, czas oczekiwania na bezczynność\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B bez użycia czasu oczekiwania na bezczynność\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d POZIOM ustawia poziom debugowania (wymusza opcję -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" "\t-c POLECENIE rozpoczyna POLECENIE i kończy działanie po jego ukończeniu\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p PLIK zapisuje PID usługi do pliku\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F wymusza przejście NSS do trybu FIPS\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v wyświetla informacje o wersji i kończy działanie\n" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Nie podano adresu URL SCEP (-u), a nie ma wartości domyślnej.\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Nie podano działania SCEP (-c/-C/-g/-p), a nie ma wartości domyślnej.\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Nie podano certyfikatu RA (-r), a nie ma wartości domyślnej.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" "Błąd podczas odczytywania żądania. Oczekiwano danych PKCS7 zawierających " "pkiMessage GetInitialCert, nie otrzymano niczego.\n" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" "Błąd podczas odczytywania żądania. Oczekiwano danych PKCS7 zawierających " "pkiMessage PKCSReq, nie otrzymano niczego.\n" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "Ostrzeżenie: żądanie nie jest żądaniem PKCSReq ani GetInitialCert.\n" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" "Ostrzeżenie: typ żądania „%s” nie jest żądaniem PKCSReq ani GetInitialCert.\n" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "Ostrzeżenie: żądanie nie ma „transactionId”.\n" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "Ostrzeżenie: żądanie nie ma „senderNonce”.\n" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Otrzymano kod odpowiedzi %d z %s, nie 200.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "Odpowiedź serwera ma nieoczekiwany typ MIME „%s”.\n" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" "Błąd: sprawdzenie poprawności podpisu w odpowiedzi serwera się nie powiodło." "\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "Błąd: odpowiedź nie jest „CertRep” (%s).\n" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "Błąd: odpowiedź nie ma „transactionId”.\n" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "Błąd: odpowiedź zawiera inny „transactionId”.\n" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "Błąd: odpowiedź nie ma „pkiStatus”.\n" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "Błąd: odpowiedź nie ma „recipientNonce”.\n" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "Błąd: nonce odpowiedzi nie pasuje do żądania.\n" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Błąd: odpowiedź nie ma „senderNonce”.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "Nieokreślone niepowodzenie na serwerze.\n" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" "Nierozpoznany lub nieobsługiwany identyfikator algorytmu w żądaniu klienta.\n" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "Test spójności żądania klienta nie powiódł się na serwerze.\n" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "Transakcja jest niedozwolona lub nieobsługiwana przez serwer.\n" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "Odchylenie zegara jest za duże.\n" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "Nieobsługiwane rozszerzenie.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "Musi archiwizować klucze.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "Błędna tożsamość.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "Wymagany jest dowód posiadania.\n" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "Dowód posiadania się nie powiódł.\n" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "Bez ponownego używania kluczy.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "Wewnętrzny błąd CA.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "Proszę spróbować później.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "Serwer zwrócił kod niepowodzenia „%s”.\n" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "Błąd: nie można przetworzyć „signed-data”.\n" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "Błąd: zawartość signed-data nie jest „enveloped-data”.\n" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "Błąd: zawartość enveloped-data nie jest danymi.\n" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "Błąd: pkiStatus „%s” jest nierozpoznany.\n" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Wystąpił wewnętrzny błąd." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Nie odnaleziono pasującego wpisu.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Istnieje już CA o pseudonimie „%s”." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Nie podano typu przechowywania certyfikatu." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Typ przechowywania certyfikatu „%s” nie jest obsługiwany." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Położenie „%s” musi być ścieżką bezwzględną." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Nie podano położenia przechowywania certyfikatu." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "Nie można uzyskać dostępu do położenia nadrzędnego dla „%s” z powodu " "niewystarczających uprawnień." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Nadrzędne położenie „%s” musi być prawidłowym katalogiem." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Położenie „%s” musi być plikiem." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" "Nie można uzyskać dostępu do położenia „%s” z powodu niewystarczających " "uprawnień." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Położenie „%s” musi być katalogiem." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Nie podano pseudonimu certyfikatu." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Istnieje już żądanie o pseudonimie „%s”." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Certyfikat w tym samym położeniu jest już używany przez żądanie " "o pseudonimie „%s”." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Typ przechowywania klucza „%s” nie jest obsługiwany." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Nie podano położenia przechowywania klucza." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nie podano pseudonimu klucza." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Klucz w tym samym położeniu jest już używany przez żądanie o pseudonimie " "„%s”." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Brak obsługi dla typu klucza „%s”." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Nie ma takiego CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Nieznane CA „%s”." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Nierozpoznany parametr lub błędny typ wartości." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Błąd podczas przetwarzania parametrów." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Nierozpoznana nazwa właściwości." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Niewystarczający dostęp. Proszę ponowić działanie jako root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Proszę sprawdzić, czy usługa certmonger została uruchomiona.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Proszę sprawdzić, czy usługa certmonger jest ciągle uruchomiona.\n" certmonger-0.79.19/po/pt.po0000644000175000017500000016226714511314133015051 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Manuela Silva , 2014 # Miguel Sousa , 2012 # nmartins , 2011 # Rui Gouveia , 2011, 2012 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:54-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/certmonger/" "language/pt/)\n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Memória esgotada.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Não foi possível determinar o nome do servidor do CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Incapaz de ler o pedido de assinatura.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Incapaz de ler o pedido de assinatura.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Erro ao configurar para XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Erro a analisar a resposta do servidor.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Erro do servidor.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "O caminho \"%s\" não é absoluto, a tentar utilizar \"%s\" em alternativa.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "O caminho \"%s\" não é absoluto, e houve um erro ao determinar o nome do " "directório actual.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "O caminho \"%s\" não é um directório.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Caminho \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "O caminho \"%s\" não é um ficheiro regular.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Verifique se o serviço do bus de mensagens (D-Bus) está a correr.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Erro ao criar a mensagem de pedido DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Argumentos opcionais:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s: comando não reconhecido\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s: comando não reconhecido\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Ocorreu um erro interno." #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "Memória esgotada.\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Erro %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Erro %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Erro: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Recebida resposta de erro do serviço local %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Não foi recebida uma resposta do serviço %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Erro a inicializar a biblioteca Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Não foi possível avaliar o OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Erro ao analisar o nome Kerberos principal \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Erro ao analisar novamente o nome Kerberos principal \"%s\": %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: opção requer um argumento -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: opção inválida -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Erro: argumento extra não utilizado \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Erro: foram fornecidos argumentos extra não utilizados.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Localização da base de dados ou nome especificado sem o outro.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" "Directório da base de dados e do ficheiro do certificado ambos " "especificados.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Não foi especificada uma directoria de base de dados e nome ou um ficheiro " "de certificado.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Não é possível gravar a chave e o certicifado no mesmo ficheiro.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "O IPA backend necessita o uso da opção -K (nome principal) quando a opção -N " "(nome do assunto) é usada.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Não foi encontrado um CA com o nome \"%s\".\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Erro a definir os argumentos pedidos.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Novo pedido de contratação \"%s\" adicionado.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "O novo pedido de contratação não pode ser adicionado.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Novo pedido de monitorização \"%s\" adicionado.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "O novo pedido de monitorização não pode ser adicionado.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Nenhum ID, directoria da base de dados e nome ou ficheiro do certificado " "especificados.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Pedido \"%s\" modificado.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Pedido \"%s\" não pode ser modificado.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Não foi encontrado pedido com a alcunha especificada.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Nenhum pedido encontrado que corresponda aos argumentos.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Pedido \"%s\" removido.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Pedido \"%s\" não pode ser removido.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Erro a modificar \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Reenviar \"%s\" para \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Reenviar \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Erro a tentar enviar \"%s\" para \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Erro a tentar enviar \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Número de certificados e pedidos a serem monitorizados: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID do pedido '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\testado: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\terro-ca: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tpreso: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tarmazenamento par de chaves: tipo=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NONE" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",localização='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",alcunha='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",ficheiro pin='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertificado: tipo=%s,localização='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\temissor: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tassunto: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "desconhecido" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\texpira: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tcorreio electrónico: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnome principal: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tcomando pré-guardado: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\ttraçagem: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\trenovação automática: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\ttipo-ca: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tlocalização-ajuda: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tpróximo-número-série: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnomes-emissores-conhecidos:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - ferramenta de registo do certificado do cliente\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Uso: %s pedido [opções]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Argumentos requeridos:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Se usar uma base de dados NSS para armazenamento:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tBase de dados NSS para a chave e certificado\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME\tnome para o armazenamento NSS (apenas válido com a opção -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME\tnome de testemunho opcional para o armazenamento NSS (apenas " "válido com a opção -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Se usar ficheiros para armazenamento:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE\tFicheiro PEM para a chave privada\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" " -f FILE\tFicheiro PEM para o certificado (apenas válido com a opção -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Se as chaves são para serem encriptadas:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE\tficheiro que contém o PIN de encriptação\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tvalor do PIN\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Argumentos opcionais:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Certificado das configurações:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME\tnome a atribuir ao pedido\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g SIZE\ttamanho da chave a ser gerada se uma já não estiver em uso\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\ttentativa de renovação do certificado quando a expiração se aproxima " "(por defeito)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tnão tentar renovar o certificado quando a expiração se aproxima\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tusar o CA especificado em vez do por defeito\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parâmetros para o pedido de assinatura:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME\tdefine o nome do assunto pretendido (omissão: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE\tdefinir a utilização de chave estendida OID pedida\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tdefinir nome principal solicitado\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tdefinir o nome de DNS solicitado\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tdefinir o endereço de correio electrónico solicitado\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Opções Bus:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tliga ao serviço certmonger no sistema bus\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tliga ao serviço certmonger no bus de sessão\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Outras opções:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\treportar todos os detalhes de erros\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Uso: %s start-tracking [opções]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Se a modificar um pedido existente:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\tnome de um pedido de monitorização existente\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Se as chaves forem encriptadas:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\tnome a dar ao pedido de monitorização\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parâmetros para o pedido de assinatura no tempo de renovação:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tsobrescreve a utilização de chave estendida OID pedida\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\tsobrescreve nome principal pedido\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\tsobrescreve nome DNS pedido\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\tsobrescreve endereço de e-mail pedido\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Uso: %s stop-tracking [options]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Pelo identificador do pedido:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\tnome para o pedido de monitorização\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Uso: %s resubmit [opções]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\tficheiro PEM para certificado\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Novos valores do parâmetro para o pedido de assinatura:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\tnovo nome a dar ao pedido de monitorização\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tusar o CA especificado em vez do actual\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Uso: %s list [opções]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Opções gerais:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA\tlistar apenas pedidos e certificados associados a este CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tlista apenas informações sobre pedidos pendentes\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tlistar apenas informação sobre certificados monitorozados\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Se a selecionar um pedido especifico:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\tlistar apenas pedidos e certificados que utilizem esta base de " "dados NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME\tlistar apenas pedidos e certificados que utilizem esta alcunha\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE\tlistar apenas pedidos e certificados armazenados neste ficheiro " "PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tliga ao serviço certmonger no sistema bus\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tliga ao serviço certmonger no bus de sessão\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Uso: %s list-cas [opções]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\tlistar apenas informação sobre o CA com este nome\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: comando não reconhecido\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "A opção -t não pode ser utilizada com a opção -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "A opção -k não pode ser utilizada com a opção -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "A opção -K não pode ser utilizada com as opções -k ou -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Incapaz de determinar o nome principal para o pedido de assinatura.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Incapaz de ler o pedido de assinatura.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s utilizar barramento da sessão\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S utilizar barramento do sistema\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n não converter em daemon\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f converter em daemon\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" "\t-b TEMPORIZADOR activado-por-barramento, temporizador de inactividade\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B não utilizar um temporizador de inactividade\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d NÍVEL definir nível de depuração (pressupõe -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FIC escrever PID do serviço para ficheiro\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Não foi recebida uma resposta do serviço %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Erro a analisar a resposta do servidor.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Erro a analisar a resposta do servidor.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Erro do servidor.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Ocorreu um erro interno." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Nenhuma entrada correspondente encontrada.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Já existe um CA com nome de utilizador \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Tipo de armazenamento do certificado não especificado." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Tipo de armazenamento do certificado \"%s\" não suportado." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "A localização \"%s\" tem de ser um caminho absoluto." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Localização de armazenamento do certificado não especificado." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "O pai da localização \"%s\" tem de ser uma directoria válida." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "A localização \"%s\" tem de ser um ficheiro." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "A localização \"%s\" tem de ser uma directoria." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Nome do certificado não especificado." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Já existe um pedido com o nome \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Certificado na mesma localização já é utilizado para pedidos com alcunha \"%s" "\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Tipo de armazenamento da chave \"%s\" não suportado." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Localização de armazenamento da chave não especificado." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nome da chave não especificado." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Chave na mesma localização já é utilizada para pedidos com alcunha \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "CA desconhecido." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Autoridade de certificação \"%s\" desconhecida." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Parâmetro desconhecido ou tipo de valor incorrecto." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/pt_BR.po0000644000175000017500000017217714511314133015435 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Cleiton Lima , 2011 # Fábio Olivé Leite , 2013 # leandro , 2011 # Marcelo Barbosa , 2014 # Marco Aurélio Krause , 2016. #zanata # Fábio Rodrigues Ribeiro , 2021. # Rafael Fontenelle , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2021-04-12 20:18+0000\n" "Last-Translator: Rafael Fontenelle \n" "Language-Team: Portuguese (Brazil) \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 4.5.3\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Sem memória.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Não foi possível determinar nome da máquina do CA.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Não foi possível ler pedido de assinatura.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Não foi possível ler pedido de assinatura.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Erro de criação para XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Erro ao analisar resposta do servidor.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Erro no Servidor.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, fuzzy, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Nenhum agente de URL (-A) dado e nenhum padrão conhecido.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Renovação solicitada, mas não prove número serial.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Nenhuma URL de entidade final (-E) dada e nenhum padrão conhecido\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Nenhum agente de URL (-A) dado e nenhum padrão conhecido.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Nenhum perfil/modelo (-T) dada e nenhum padrão conhecido.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Erro ao desligar NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Erro interno: estado desconhecido.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Erro %d ao conectar em %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Erro %d ao conectar em %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Erro interno: nenhuma resposta para \"%s?%s\".\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "COMANDO" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "DIRETÓRIO" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LISTA" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ENDEREÇO" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "NOME DO ARQUIVO" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "NOME DO HOST" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "BITS" #: src/getcert.c:71 msgid "MODE" msgstr "MODO" #: src/getcert.c:72 msgid "NAME" msgstr "NOME" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "PRINCIPAL" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Caminho \"%s\" não é absoluto, tente usar o \"%s\" em vez disso.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Caminho \"%s\" não é absoluto, e houve um erro ao determinar o nome do " "diretório atual.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Caminho \"%s\": permissões insuficiêntes.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Caminho \"%s\" não é um diretório.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Caminho \"%s\": %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Caminho \"%s\" não é um arquivo normal.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" "Por favor verifique se o serviço de barramento de mensagens (D-Bus) está em " "execução.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Erro ao criar mensagem de pedido DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "Erro ao analisar argumentos." #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "Nome da propriedade não é reconhecida." #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "Nome da propriedade não é reconhecida." #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "Um erro interno ocorreu." #: src/getcert.c:430 msgid "out of memory" msgstr "sem memória" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Erro %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Erro %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Erro: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Recebida reposta com erro do serviço local %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Nenhuma resposta recebida do serviço %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 #, fuzzy msgid "ask the CA to process the request using the named issuer" msgstr "peça à CA para processar a solicitação usando o emissor nomeado" #: src/getcert.c:793 src/getcert.c:2523 #, fuzzy msgid "set requested subject name (default: CN=)" msgstr "definir o nome do assunto solicitado (padrão: CN=)" #: src/getcert.c:794 src/getcert.c:2524 #, fuzzy msgid "set requested key usage value" msgstr "definir o valor de uso da chave solicitado" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Erro ao inicializar biblioteca Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Sem suporte para geração \"%s\" chaves.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Conhece tipos de chaves incluídas:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Não reconhecido keyUsage \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Não foi possível avaliar OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Erro ao analisar nome principal do Kerberos \"%s\": %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Erro a não analisar o nome principal do Kerberos \"%s\":%s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: opção requer um argumento -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: opção inválida -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Erro: argumento extra não utilizado \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Erro: Argumentos extras não utilizados foram fornecidos.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Localização do banco de dados ou login especificado sem o outro\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" "Diretório do banco de dados e arquivo de certificado, ambos especificados\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Nenhum diretório e login de banco de dados ou arquivo de certificado " "especificado.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "A chave e o certificado não podem ser salvos no mesmo arquivo.\n" #: src/getcert.c:1114 #, fuzzy, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "O backend IPA requer o uso da opção -K (nome do principal) quando a opção -N " "(nome do subject) é usada.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Nenhum CA com o nome \"%s\" encontrado.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Erro ao configurar argumentos do pedido.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Novo pedido de assinatura \"%s\" adicionado.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "O novo pedido de assinatura não pôde ser adicionado.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Nova requisição de rastreamento \"%s\" adicionada.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Nova requisição de rastreamento não foi adicionada.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Nenhum ID, diretório da base de dados e nome de usuário ou arquivo de " "certificados especificados.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Pedido \"%s\" modificado.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Requisição \"%s\" não podia ser modificada.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Nenhum pedido encontrado com apelido especificado.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Nenhuma requisição encontrada que tenha argumentos correspondentes.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Pedido \"%s\" removido.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Pedido \"%s\" não pôde ser removido.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Erro ao modificar \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Reenviando \"%s\" para \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Reenviando \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Erro ao tentar enviar \"%s\" para \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Erro ao tentar enviar \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Números de certificados e pedidos sendo rastreados: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "ID do Pedido '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\"status:%s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\"ca-error:%s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\ttravado: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tarmazenamento do par de chave: tipo=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NADA" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",localização='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",apelido='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfile='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertificado: tipo=%s,localização='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\temitente: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tsubject: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "desconhecido" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\texpiração: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\temail: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tnome do principal: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tEndereço IP: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tuso da key: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\troot certificados salvo para os arquivos:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\toutro root certificados salvos para os arquivos:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\toutros certificados salvos para os arquivos:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\troot certificados salvos para o banco de dados:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\toutro root certificados salvos para os bancos de dados:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\toutros certificados salvos para os bancos de dados:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tpre-salva comando: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tpost-salva comando: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tfaixa: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto-renovar: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tself-identifies como: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-tipo: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tajuda-localização: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tpróximo-serial-número: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tnomes-conhecidos-emitente:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tconhecidos perfis/modelos/certificados:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tpadrão perfil/modelo/certificadotipo: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\terro ao atualizar o dado de CA\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - ferramenta de inscrição de certificado cliente\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Uso: %s pedido [opções]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Argumentos necessários:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "Se estiver utilizando uma base de dados NSS para armazenamento:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR\tBanco de dados NSS para chave e certificado\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NOME \tapelido para NSS-based armazenamento (válido somente com -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NOME\tnome de token opcional para NSS-based armazenamento (válido " "somente com -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Se estiver utilizando arquivos para armazenamento:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k ARQUIVO\tPEM arquivo para chave privada\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f ARQUIVO\tPEM arquivo para certificado (válido somente com -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Se as chaves devem ser criptografadas:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p ARQUIVO\tarquivo que mantém a criptografia PIN\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN valor\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Argumentos opcionais:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Configurações de manejo de certificado:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NOME\tapelido para atribuir ao pedido\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TIPO\ttipo de chave para a gerada se um já não esta no local\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g TAMANHO\ttamanho da chave a ser gerada se um já não está neste lugar\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\ttentativa de renovar o certificado quando o vencimento se aproximar " "(padrão)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tnão tente renovar o certificado quando se aproxima da expiração\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tuse o CA especificado ao invés do padrão\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PERFIL\tperguntar o CA processar a requisição usando o modelo ou perfil " "nomeado\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 #, fuzzy msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -T PERFIL\tperguntar o CA processar a requisição usando o modelo ou perfil " "nomeado\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parâmetros para a solicitação de assinatura:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NOME\tnome do assunto solicitado em conjunto (padrão: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE conjunto solicitado prolongado uso de chave OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\tdefine requisição o valor de uso da chave\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" " -K NOME\tconjunto solicitado para o nome principal\n" "\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" " -D DNSNAME\tconjunto solicitado para o nome do DNS \n" "\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" " -E EMAIL\tconjunto solicitado para o endereço de email\n" "\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" " -A ENDEREÇO\tdefinido requisição de endereço IP\n" "\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" "* Bus opções:\n" "\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" " -S\t\tconnectado para o serviço de certmonger sobre o barramento do " "sistema\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" " -s\t\tconnectado para o serviço de certmonger sobre o barramento da " "sessão\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Outras opções:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" " -B\tcomando para rodar antes de salvar o certificado\n" "\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" " -C\tcomando para rodar após salvar o certificado\n" "\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tarquivo para armazenar certificados CA's\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" " -a\tNSS banco de dados para armazenar certificados CA's\n" "\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" " -v\treportar todos os detalhes de erros\n" "\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" "Use: %s start-tracking [opções]\n" "\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Se estiver modificando um pedido existente:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NOME\tapelido de uma solicitação de rastreamento existente\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Se as chaves são criptografadas:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NOME\tapelido para dar à solicitação de rastreamento\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parâmetros para a solicitação de assinatura em tempo de renovação:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE\tsubstituir requisição extendida para uso de chave OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NOME\tsubstituir o nome principal requerido\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" " -D DNSNAME\tsubstituir requisição do nome do DNS\n" "\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" " -E EMAIL\tsubstituir requisição do endereço de email\n" "\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" " -A ENDEREÇO\tsobreescreve requisição de endereço IP\n" "\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Use: %s stop-tracking [opções]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Por identificador de requisição:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" " -i NOME\tapelido para rastreamento de requisição\n" "\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Uso: %s reenvio [opções]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" " -f ARQUIVO\tPEM arquivo para o certificado\n" "\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Novos valores de parâmentro para o pedido de assinatura:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NOME\tnovo apelido para dar a solicitação de rastreamento\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tuse o CA especificado ao invés do atual\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Uso: %s lista [opções]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Opções gerais:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tlistar somente solicitações e certificados associados com esta CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tlistar somente informações sobre solicitações pendentes\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tlistar somente informações sobre certificados rastreados\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Se selecionado um pedido específico:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIRETÓRIO\tsomente lista as requisições e os certificados que usam este " "NSS como banco de dados\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NOME\tsomente lista requisições e certificados que usem este apelido\n" "\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f ARQUIVO\tsomente lista as requisições e os certificados armazenadas " "neste arquivo PEM\n" "\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" " -S\tconectado para o serviço de certmonger sob o barramento do sistema\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" " -s\tconectado para o serviço de certmonger sob a sessão do barramento\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Use: %s list-cas [opções]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\tlista informações somente sobre o CA com este nome\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Uso: %s refresh-ca [opções]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" " -c CA\tatualizar informação sobre a CA com este nome\n" "\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: comando não reconhecido\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" "Não foi possível determinar a localização do servidor IPA LDAP server.\n" "\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "Não foi possível determinar a base DN do domínio no servidor IPA.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" "Erro definido para XMLRPC no cliente.\n" "\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "A opção -t não pode ser usada com a opção -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "A opção -k não pode ser usada com a opção -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "A opção -K não pode ser usada com a opção -k ou com a opção -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" "Não é possível determinar o nome principal para solicitação de assinatura.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Erro definido ccache para serviço de \"host\" no cliente usando o padrão " "keytab: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Erro definido ccache para \"%s\" no cliente usando o padrão keytab: %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Erro definido ccache para \"host\" no cliente usando keytab \"%s\": %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Erro definido ccache para \"%s\" no cliente usando keytab \"%s\": %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Não foi possível ler pedido de assinatura.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" "\t-s use a sessão do barramento\n" "\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" "\t-S use o sistema do barramento\n" "\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" "\t-n não se torna um daemon\n" "\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" "\t-f torna-se um daemon\n" "\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT bus-activated, idle timeout\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" "\t-B não use um timeout oscioso\n" "\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" "\t-d NIVEL define depuração de nível(implica -n)\n" "\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p ARQUIVO escreve serviço para o arquivo PID\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F força NSS no FIPS modo\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, fuzzy, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Nenhum agente de URL (-A) dado e nenhum padrão conhecido.\n" #: src/scep.c:356 #, fuzzy, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Nenhum agente de URL (-A) dado e nenhum padrão conhecido.\n" #: src/scep.c:376 src/scep.c:395 #, fuzzy, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Nenhum perfil/modelo (-T) dada e nenhum padrão conhecido.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Nenhuma resposta recebida do serviço %s.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Erro ao analisar resposta do servidor.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Erro ao analisar resposta do servidor.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Erro interno: estado desconhecido.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Um erro interno ocorreu." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Nenhuma entrada compatível encontrada.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Já existe um CA com o apelido de \"%s\"." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Tipo de armazenamento de certificado não especificado." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Tipo de armazenamento de certificado \"%s\" não suportado." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "O local de \"%s\" deve ser um caminho absoluto." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Localização do armazenamento de certificado não especificada." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "O pai da localização \"%s\" não pode ser acessado devido a permissões " "insuficientes." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "O parente de localização \"%s\" deve ser um diretório válido." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "A localização \"%s\" deve ser um arquivo." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" "A localização \"%s\" não pode ser acessada devido a permissões insuficientes." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "A localização \"%s\" deve ser um diretório." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Nome de usuário do certificado não especificado." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Já existe um pedido com o nome de usuário \"%s\"." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Certificado no mesmo local já é utilizado por requisição com o apelido de " "\"%s\"." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Tipo de armazenamento de chave \"%s\" não suportado." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "A localização de armazenamento da chave não foi especificada." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nome de usuário da chave não foi especificado." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Chave no mesmo local já é utilizado por solicitação com o apelido de \"%s\"." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Sem suporte para tipo de chave \"%s\"." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Não há tal CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Autoridade do certificado \"%s\" não conhecida." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Parâmetro não reconhecido ou tipo de valor errado." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Erro ao analisar argumentos." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Nome da propriedade não é reconhecida." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Permissões insuficientes. Por favor tente novamente como root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Por favor verifique se o serviço certmonger foi iniciado.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Por favor verifique se o serviço certmonger ainda está rodando.\n" certmonger-0.79.19/po/ru.po0000644000175000017500000022123514511314133015043 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Stanislav Darchinov , 2011 # Semyon Apoykov , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2022-12-05 11:48+0000\n" "Last-Translator: Sergey Kazorin \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 4.14.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Недостаточно памяти.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Невозможно определить имя CA\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Невозможно прочесть запрос на подписание \"%s\".\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Невозможно прочитать запрос подписи из переменной среды \"%s\".\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Ошибка при настройке XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Ошибка синтаксического анализа ответа сервера.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Ошибка сервера.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Параметры профиля (-О) должны иметь форму параметр=значение.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Параметры отправки (-о) должны иметь форму параметр=значение.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Учетные данные агента не указаны и не известны значения по умолчанию.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Запрошено продление, но серийный номер не указан.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "URL-адрес конечного объекта (-E) не указан и неизвестен по умолчанию.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "URL-адрес агента (-A) не указан и неизвестно значение по умолчанию.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Профиль / шаблон (-T) не указан и неизвестно по умолчанию.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Ошибка выключения NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Внутренняя ошибка: неизвестное состояние.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "Учетные данные агента (-n) не указаны, но они необходимы.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Ошибка %d при подключении к %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Ошибка %d при подключении к %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Внутренняя ошибка: нет ответа на «%s?%s».\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "КОМАНДА" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "КАТАЛОГ" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "СПИСОК" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "АДРЕС" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "ИМЯ ФАЙЛА" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "ИМЯ ХОСТА" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "БИТЫ" #: src/getcert.c:71 msgid "MODE" msgstr "РЕЖИМ" #: src/getcert.c:72 msgid "NAME" msgstr "ИМЯ" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "ГЛАВНЫЙ" #: src/getcert.c:74 msgid "SUBJECT" msgstr "ПРЕДМЕТ" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "ИМЯ_ПОЛЬЗОВАТЕЛЯ[:ГРУППА]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Путь \"%s\" не является полным, попытка использовать путь\"%s\".\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Путь \"%s\" не является абсолютным, определение имени текущего каталога было " "выполнено с ошибками.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Путь \"%s\": недостаточно прав.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Путь \"%s\" не является каталогом.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Путь \"%s\":%s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Путь \"%s\" не является обычным файлом.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Системная шина не запущена.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Запущено как UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Запуск временного выделенного сервисного демона.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Ошибка подключения к D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" "Пожалуйста, проверьте, что служба шины сообщений (D-Bus) выполняется.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Ошибка при создании запроса к DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "отсутствующий аргумент для %s" #: src/getcert.c:398 msgid "missing argument" msgstr "пропущен аргумент" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "неизвестная команда %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "неизвестная команда" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "псевдонимы слишком глубоко вложены" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "неверное цитирование параметров" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "недопустимое числовое значение" #: src/getcert.c:421 msgid "number too large or too small" msgstr "число слишком велико или слишком мало" #: src/getcert.c:424 msgid "bad operation" msgstr "плохая операция" #: src/getcert.c:427 msgid "internal error" msgstr "внутренняя ошибка" #: src/getcert.c:430 msgid "out of memory" msgstr "недостаточно памяти" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "ошибка в файле конфигурации popt" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Ошибка %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Ошибка %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Ошибка: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Получен ошибочный ответ от службы %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "От службы %s не был получен ответ.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Состояние %s, застряло: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "База данных NSS для ключей и сертификатов" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "псевдоним для хранилища на основе NSS (действует только с -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "необязательное имя токена для хранилища на основе NSS (действительно только " "с -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "PEM-файл для закрытого ключа" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "Файл PEM для сертификата (действителен только с -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "файл, содержащий PIN-код шифрования закрытого ключа" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "PIN-код шифрования с закрытым ключом" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "информация о владельце закрытого ключа" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "права доступа к файлам для закрытого ключа" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "информация о владельце сертификата" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "права доступа к файлу для сертификата" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "База данных NSS, в которой хранятся сертификаты ЦС" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "файл, в котором хранятся сертификаты ЦС" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "команда для запуска перед сохранением сертификата" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "команда для запуска после сохранения сертификата" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "псевдоним, который нужно присвоить запросу" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "тип ключа, который будет сгенерирован, если его еще нет" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "размер ключа, который будет сгенерирован, если он еще не установлен" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "попытаться обновить сертификат, когда истечет срок действия (по умолчанию)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "не пытайтесь продлить сертификат, когда истекает срок его действия" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "использовать указанную конфигурацию ЦС, а не стандартную" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "попросить центр сертификации обработать запрос с использованием указанного " "профиля или шаблона" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "попросить ЦС обработать запрос с использованием указанного эмитента" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "установить запрашиваемое имя субъекта (по умолчанию: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "установить запрошенное значение использования ключа" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "установить запрошенный OID использования расширенного ключа" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "установить запрошенное главное имя" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "установить запрошенное DNS-имя" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "установить запрошенный адрес электронной почты" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "установить запрошенный IP-адрес" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "файл, который содержит необязательное значение пароля запроса" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "необязательное значение пароля запроса" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "запросить сертификат ЦС" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "запросить сертификат не ЦС" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "длина пути для сертификата ЦС" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "попробуйте дождаться выдачи сертификата" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "максимальное время ожидания выдачи сертификата" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "подключиться к сервису сертификатора на шине сеанса" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "подключиться к сервису сертификатора на системной шине" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Ошибка инициализации библиотеки Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Нет поддержки для создания ключей \"%s\".\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "К известным типам ключей относятся:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Неизвестный keyUsage \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Не удалось оценить OID \"%s\".\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Ошибка синтаксического анализа основного имени Kerberos \"%s\":%s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Ошибка при разборе основного имени Kerberos \"%s\":%s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: недопустимое значение - '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: опция требует аргумента - '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: недопустимая опция -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Ошибка: неиспользованный дополнительный аргумент \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Ошибка: предоставлены неиспользованные лишние аргументы.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Расположение базы данных или псевдоним указаны отдельно.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Не определены каталог базы данных и файл сертификата.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Не определены ни каталог базы данных, ни никнейм или файл сертификата.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Ключи и сертификат не могут быть сохранены в один файл.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Бэкэнд IPA требует использования параметра -K (имя участника), когда любой " "из параметров -N (имя субъекта), -E (адрес электронной почты), -A (IP-адрес)" ", -D (имя DNS) или -U (extendedKeyUsage) параметры.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "CA с именем \"%s\" не найден.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Ошибка установки аргументов запроса.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Новый запрос на подписание \"%s\" добавлен.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Новый запрос на подписание не может быть добавлен.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Добавлен новый запрос отслеживания \"%s\".\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Не удалось добавить новый запрос на отслеживание.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "Файл PEM для закрытого ключа (действителен только с -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "PEM-файл для сертификата" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "псевдоним существующего запроса" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "псевдоним для запроса отслеживания" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "переопределить запрошенное значение использования ключа" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "переопределить запрошенный OID использования расширенного ключа" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "переопределить запрошенное главное имя" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "переопределить запрошенное DNS-имя" #: src/getcert.c:1874 msgid "override requested email address" msgstr "заменить запрошенный адрес электронной почты" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "заменить запрошенный IP-адрес" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Не указаны ни идентификатор, ни каталог базы данных, ни псевдоним, ни файл " "сертификата.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Запрос \"%s\" изменен.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Запрос \"%s\" не может быть изменен.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Не найдено ни одного запроса с указанным псевдонимом.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Не найдено ни одного запроса с совпадающими аргументами.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Запрос \"%s\" удален.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Запрос \"%s\" не может быть удален.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "псевдоним для запроса отслеживания" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "новый псевдоним для запроса отслеживания" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "тип нового ключа, который будет сгенерирован" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "размер нового ключа, который будет сгенерирован" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "использовать указанную конфигурацию ЦС, а не текущую" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Ошибка изменения \"%s\".\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Повторная отправка \"%s\" в \"%s\".\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Повторная отправка \"%s\".\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Ошибка при попытке отправить \"%s\" в \"%s\".\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Ошибка при попытке отправить \"%s\".\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "обновить информацию обо всех невыполненных запросах" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "обновлять информацию только для запросов, использующих указанную " "конфигурацию ЦС" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Идентификатор запроса '%s' обновляется.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Идентификатор запроса '%s' НЕ обновляется.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "перечислить только информацию о невыполненных запросах" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "вывести только информацию об отслеживаемых сертификатах" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "перечислить только запросы и сертификаты, связанные с этой конфигурацией ЦС" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "отображать время в формате UTC вместо местного времени" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Количество отслеживаемых сертификатов и запросов: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Запрос ID '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "»статус: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "»ca-ошибка: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tзастрял: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tхранилище пары ключей: type=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "NONE" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",место расположения='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",псевдоним='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",токен='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",настроить прикрепление" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",пин-файл='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tсертификат: тип=%s,место расположения='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\tотпечаток запроса подписи (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\tотпечаток запроса подписи (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "»CA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tисточник: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "»тема: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "неизвестный" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "»истекает: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "»email: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "»dns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tосновное имя: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP-адрес: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tиспользование ключа: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tшаблон/профиль сертификата: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\tкорневые сертификаты, сохраненные в файлы:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tдругие корневые сертификаты, сохраненные в файлы:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tдругие сертификаты, сохраненные в файлы:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\tкорневые сертификаты, сохраненные в базах данных:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tдругие корневые сертификаты, сохраненные в базах данных:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tдругие сертификаты, сохраненные в базах данных:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tкоманда предварительного сохранения: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tкоманда после сохранения: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tотслеживать: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tавто-обновление: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Не указано ни идентификатора, ни каталога базы данных, ни псевдонима, ни " "файла сертификата.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "перечислить только указанную конфигурацию ЦС" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tидентифицирует себя как: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "»ca-тип: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tместо-помощник: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tследующий серийный номер: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tизвестные-имена-поставщика:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tизвестные профили/шаблоны/сертификаты:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tпрофиль по умолчанию/шаблон/certtype: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tИдентификатор ЦС SCEP: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tОтпечаток сертификата ЦС SCEP (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tОтпечаток сертификата ЦС SCEP (MD5): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "обновить информацию о конфигурации ЦС с этим именем" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "обновить информацию обо всех известных центрах сертификации" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "Ни псевдоним ЦС, ни флаг -a не указаны.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Данные для ЦС '%s' обновляются.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Данные для безымянного центра сертификации обновляются.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tошибка обновления данных ЦС\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "псевдоним для новой конфигурации ЦС" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "вспомогательная команда для запуска для связи с ЦС" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "Псевдоним ЦС не указан.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "Не указана вспомогательная команда ЦС.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Добавлен новый ЦС \"%s\".\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Не удалось добавить новый ЦС.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "расположение сервера SCEP" #: src/getcert.c:4458 msgid "CA identifier" msgstr "Идентификатор ЦС" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "файл, содержащий сертификат ЦС" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "файл, содержащий сертификаты в сертификационной цепочке RA" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "предпочитаю не использовать функцию продления SCEP" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "URL-адрес сервера не указан.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS требует сертификата ЦС.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Ошибка построения командной строки.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "Ошибка при установке идентификатора CA.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "псевдоним конфигурации ЦС" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "обновленная вспомогательная команда для запуска для связи с ЦС" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "ЦС \"%s\" изменен.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "ЦС не может быть изменён.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "псевдоним удаляемой конфигурации ЦС" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "ЦС \"%s\" удалён.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "ЦС не может быть удалён.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - инструмент регистрации сертификатов клиента\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Использование: запрос %s [параметры]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Необходимый аргументы:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* В случае использования для хранения базы данных NSS:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR База данных NSS для ключей и сертификатов\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n NAME псевдоним для хранилища на основе NSS (действует только с -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAME необязательное имя токена для хранилища на основе NSS (" "действительно только с -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* В случае использования файлов для хранения:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE PEM файл для закрытого ключа\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE файл PEM для сертификата (действителен только с -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* В случае, если ключи шифруются:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE файл, содержащий PIN-код шифрования\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN PIN-код\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Необязательный аргументы:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Настройки обработки сертификатов:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAME псевдоним, который нужно присвоить запросу\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TYPE тип ключа, который будет сгенерирован, если его еще нет\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g SIZE\tразмер ключа, который будет сгенерирован, если он еще не " "установлен\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tпопытаться обновить сертификат, когда истечет срок действия (по " "умолчанию)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tне пытайтесь продлить сертификат, когда истекает срок его действия\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tиспользовать указанный ЦС, а не тот, что по умолчанию\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFILE\tпопросить центр сертификации обработать запрос с " "использованием указанного профиля или шаблона\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -X ISSUER\tпопросить ЦС обработать запрос с использованием указанного " "поставщика\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Параметры для запроса на подпись:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" " -N NAME\tустановить запрашиваемое имя субъекта (по умолчанию: " "CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tустановить запрошенный OID использования расширенного ключа\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\tустановить запрошенное значение использования ключа\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME\tустановить запрошенное главное имя\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME\tустановить запрошенное DNS-имя\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL\tустановить запрошенный адрес электронной почты\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADDRESS\tустановить запрошенный IP-адрес\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l FILE\tфайл, содержащий необязательный пароль запроса\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L PASSWORD\tнеобязательное значение пароля запроса\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Параметры шины:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tподключиться к сервису сертификатора на системной шине\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tподключиться к сервису сертификатора на шине сеанса\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Другие варианты:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tкоманда для запуска перед сохранением сертификата\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tкоманда для запуска после сохранения сертификата\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tфайл, в котором хранятся сертификаты ЦС\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tБаза данных NSS, в которой хранятся сертификаты ЦС\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tпопробуйте дождаться выдачи сертификата\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tсообщать все подробности об ошибках\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Использование: %s start-tracking [параметры]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* При изменении существующего запроса:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME\tпсевдоним существующего запроса на отслеживание\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Если ключи зашифрованы:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME\tпсевдоним для запроса отслеживания\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Параметры для запроса подписи при продлении:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U EXTUSAGE\tпереопределить запрошенный OID использования расширенного " "ключа\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME\tпереопределить запрошенное главное имя\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME\tпереопределить запрошенное DNS-имя\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\tзаменить запрошенный адрес электронной почты\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADDRESS\tзаменить запрошенный IP-адрес\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Использование: %s stop-tracking [параметры]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* По идентификатору запроса:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME\tник для запроса отслеживания\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Использование: повторная отправка %s [параметры]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE\tPEM-файл для сертификата\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Новые значения параметров запроса на подписание:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME\tновый псевдоним для запроса отслеживания\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tиспользовать указанный ЦС, а не текущий\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Использование: %s rekey [параметры]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TYPE\tтип нового ключа, который будет сгенерирован\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g SIZE\tразмер нового ключа, который будет сгенерирован\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Использование: %s список [параметры]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Основные опции:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tперечислить только запросы и сертификаты, связанные с этим ЦС\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tперечислить только информацию о невыполненных запросах\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tвывести информацию об отслеживаемых сертификатах\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\tотображать время в формате UTC вместо местного времени\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* При выборе конкретного запроса:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DIR\tтолько перечислить запросы и сертификаты, которые используют эту " "базу данных NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAME\tсписок запросов и сертификатов, которые используют этот " "псевдоним\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FILE\tтолько список запросов и сертификатов, хранящихся в этом файле " "PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tподключиться к сервису сертификатора на системной шине\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: неизвестная команда\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Ошибка настройки кэша учётных данных для службы \"host\" у клиента, " "использующего таблицу ключей «%s»: %s\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Невозможно прочесть запрос на подписание.\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "От службы %s не был получен ответ.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "Ошибка сервера.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Произошла внутренняя ошибка." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "CA с именем \"%s\" уже существует." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/si.po0000644000175000017500000014167014511314133015034 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the certmonger package. # Hela Basa , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.79\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2021-08-18 19:05+0000\n" "Last-Translator: Hela Basa \n" "Language-Team: Sinhala \n" "Language: si\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 4.7.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "විධානය" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "ගොනුවේ නම" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "නම" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 msgid "missing argument" msgstr "" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" #: src/getcert.c:3736 msgid "\temail: " msgstr "" #: src/getcert.c:3742 msgid "\tdns: " msgstr "" #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/sv.po0000644000175000017500000021157314511314133015051 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Göran Uddeborg , 2011-2013, 2021. # Göran Uddeborg , 2016. #zanata, 2021. # Luna Jernberg , 2020. # Anders Jonsson , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2021-07-01 13:04+0000\n" "Last-Translator: Anders Jonsson \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.7.1\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Slut på minne.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Det går inte att avgöra värdnamnet för CA:n.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Kan inte läsa signeringsbegäran från fil \"%s\".\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Kan inte läsa signeringsbegäran från miljövariabeln ”%s”.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Fel vid inställning av XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Fel vid tolkning av svar från servern.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Serverfel.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Profilparametrar (-O) måste ha formen param=värde.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Insändningsparametrar (-o) måste ha formen param=värde.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Inga agentkreditiv angivna, och inget standardvärde är känt.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Förnyelse begärd, men inget serienummer angivet.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Ingen slutposts-URL (-E) angiven, och inget standardvärde är känt.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Ingen agent-URL (-A) angiven, och inget standardvärde är känt.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Ingen profil/mall (-T) angiven, och inget standardvärde är känt.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Fel när NSS stängdes av.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Internt fel: okänt tillstånd.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "Inga agentkreditiv (-n) angivna, men de behövs.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Fel %d vid anslutning till %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Fel %d vid anslutning till %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Internt fel: inget svar på ”%s?%s”.\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "KOMMANDO" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "KATALOG" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LISTA" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ADRESS" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "FILNAMN" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "VÄRDNAMN" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "BITAR" #: src/getcert.c:71 msgid "MODE" msgstr "LÄGE" #: src/getcert.c:72 msgid "NAME" msgstr "NAMN" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "HUVUDMAN" #: src/getcert.c:74 msgid "SUBJECT" msgstr "ÄMNE" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "ANVÄNDARNAMN[:GRUPPNAMN]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "Sökvägen ”%s” är inte absolut, försöker använda ”%s” istället.\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Sökvägen ”%s” är inte absolut, och det uppstod ett fel när namnet på den " "aktuella katalogen skulle bestämmas.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Sökvägen ”%s”: otillräckliga rättigheter.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Sökvägen ”%s” är inte en katalog.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Sökväg ”%s”: %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Sökvägen ”%s” är inte normal fil.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Ingen systembuss kör\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Kör som UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Startar en temporär dedicerad servicedemon.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Fel vid anslutning till D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Kontrollera att tjänsten meddelandebuss (D-Bus) kör.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Fel när DBus-meddelandet med begäran skapades.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "saknar argument för %s" #: src/getcert.c:398 msgid "missing argument" msgstr "saknar argument" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "okänd flagga %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "okänd flagga" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "alias är nästade för djupt" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "felaktig parametercitering" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "ogiltigt numeriskt värde" #: src/getcert.c:421 msgid "number too large or too small" msgstr "nummer för stort eller för litet" #: src/getcert.c:424 msgid "bad operation" msgstr "felaktig åtgärd" #: src/getcert.c:427 msgid "internal error" msgstr "internt fel" #: src/getcert.c:430 msgid "out of memory" msgstr "slut på minne" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "fel i popt konfigurationsfil" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Fel %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Fel %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Fel: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Mottog felsvar från den lokala tjänsten %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Inget svar mottaget från tjänsten %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Tillståndet %s, fast: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "NSS-databas för nyckel och cert" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "smeknamn för NSS-baserad lagring (endast giltigt med -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "frivilligt symbolnamn för NSS-baserad lagring (endast giltig med -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "PEM-fil för privat nyckel" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "PEM-fil för certifikat (endast giltigt med -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "fil som innehåller den privata nyckelns krypterings-PIN" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "privata nyckelns krypterings-PIN" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "ägarinformation för den privata nyckeln" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "filrättigheter för den privata nyckeln" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "ägarinformation för certifikatet" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "filrättigheter för certifikatet" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "NSS-databas i vilken CA:ns certifikat skall lagras" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "fil i vilken CA:ns certifikat skall lagras" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "kommando att köra före certifikatet sparas" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "kommando att köra efter certifikatet sparas" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "smeknamn att tilldela till begäran" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "typ av nyckel att genereras om det inte redan finns en" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "storlek på nyckel som skall genereras om det inte redan finns en" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "försök att förnya certifikatet när utgångsdatumet närmar sig (standard)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "försök inte förnya certifikatet när utgångsdatumet närmar sig" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "använd angiven CA-konfiguration istället för standard" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "be CA:n att bearbeta begäran med användning av den angivna profilen eller " "mallen" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "be CA:n att bearbeta begäran med användning av den namngivna utgivaren" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "ställ in begärt ämnesnamn (standard: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "sätt angivet värde på nyckelanvändning" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "ställ in begärd utökad nyckels användnings-OID" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "ställ in begärt huvudnamn" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "ställ in begärt DNS-namn" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "ställ in begärd e-postadress" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "ange begärd IP-adress" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "fil som innehåller en valfritt utmaningslösenordsvärde" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "ett valfritt utmatningslösenordvärde" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "begär ett CA-certifikat" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "begär ett icke-CA-certifikat" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "sökvägslängd för CA-certifikatet" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "försök att vänta på att certifikatet ges ut" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "maxtid att vänta på att certifikatet ges ut" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "anslut till tjänsten certmonger på sessionsbussen" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "anslut till tjänsten certmonger på systembussen" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Fel vid initiering av Kerberos bibliotek: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Inget stöd för att generera ”%s”-nycklar.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Kända nyckeltyper inkluderar:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Okänd nyckelanvändning ”%s”.\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Det gick inte att beräkna OID ”%s”.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Fel vid tolkning av Kerberos-huvudnamn ”%s”: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Fel vid avtolkning av Kerberos-huvudnamn ”%s”: %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: ogiltigt värde -- ”%s”\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: flaggan kräver ett argument -- ”%c”\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: felaktig flagga -- ”%c”\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Fel: oanvänt extra argument ”%s”.\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Fel: oanvända extra argument gavs.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Databasplats eller smeknamn angivet utan den andra.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Databaskatalog och certifikatfil båda angivna.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "Ingen av databaskatalog och smeknamn eller certifikatfil angiven.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Nyckeln och certifikatet kan inte båda sparas i samma fil.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA-bakänden kräver användning av flaggan -K (huvudnamn) när någon av " "flaggorna -N (subjektnamn), -E (e-postadress), -A (IP-adress), -D (DNS-namn) " "eller -U (utökad nyckelanvändning) används.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Ingen CA med namnet ”%s” hittades.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Fel vid inställning av argument till begäran.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Nya begäran om signering ”%s” tillagd.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Nya begäran om signering kunde inte läggas till.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Ny spårningsbegäran ”%s” tilllagd.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Nya spårningsbegäran kunde inte läggas till.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "PEM-fil för privat nyckel (endast giltigt med -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "PEM-fil för certifikatet" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "smeknamn på en befintlig begäran" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "smeknamn att ge på spårningbegäran" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "åsidosätt begärt nyckelanvändningsvärde" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "åsidosätt begärd förlängd nyckelanvändning-OID" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "åsidosätt begärt huvudnamn" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "åsidosätt begärt DNS-namn" #: src/getcert.c:1874 msgid "override requested email address" msgstr "åsidosätt begärd e-postadress" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "åsidosätt begärd IP-adress" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Ingen av ID eller databaskatalog och smeknamn eller certifikatfil angiven.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Begäran ”%s” ändrad.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Begäran ”%s” kunde inte ändras.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Ingen begäran hittades med angivet smeknamn.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Ingen begäran hittades som matchade argumenten.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Begäran ”%s” borttagen.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Begäran ”%s” kunde inte tas bort.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "smeknamn för spårningbegäran" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "nytt smeknamn att ge på spårningbegäran" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "typ av ny nyckel som skall genereras" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "storlek på ny nyckel som skall genereras" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "använd angiven CA-konfiguration istället för den aktuella" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Fel när ”%s” ändrades.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Skickar om ”%s” till ”%s”.\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Skickar om ”%s”.\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Fel vid försök att skicka ”%s” till ”%s”.\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Fel vid försök att skicka ”%s”.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "uppdatera informationen om alla utestående begäranden" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "uppdatera information endast för begäranden som använder den angivna CA-" "konfigurationen" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Begärans-ID ”%s” uppdateras.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Begärans-ID ”%s” uppdateras INTE.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "lista endast information om utestående begäranden" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "lista endast information om spårade certifikat" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "lista endast begäranden och certifikat som är associerade med denna CA-" "konfiguration" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "Visa tid i UTC istället för i lokal tid" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Antalet certifikat och spårade begäran: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Begärans-id ”%s”:\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tstatus: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-fel: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tfastnat: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tnyckelparslagring: typ=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "INGEN" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",plats=”%s”" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",smeknamn=”%s”" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",symbol=”%s”" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",pin angiven" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pin-fil=”%s”" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tcertifikat: typ=%s,plats='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\tsignerar begärans tumavtryck (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\tsignerar begärans tumavtryck (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tutgivare: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tämne: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "okänt" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tlöper ut: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\te-post: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\thuvudnamn: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP-adress: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tnyckelanvändning: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tcertifikatmall/-profil: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\trotcertifikat sparades i filer:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tandra rotcertifikat sparades i filer:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tandra certifikat sparades i filer:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\trotcertifikat sparades i databaser:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tandra rotcertifikat sparades i databaser:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tandra certifikat sparades i databaser:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tkommando före det sparas: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tkommando efter det sparas: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tspår: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tauto-förnyelse: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Ingen av ID eller databaskatalog och smeknamn eller certifikatfil filen " "angiven.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "lista endast den angivna CA-konfigurationen" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA ”%s”:\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tsjälvidentifierar som: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-typ: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\thjälparplats: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tnästa-serienummer: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tkänt utfärdarnamn:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tkända profiler/mallar/certifikattyper:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tstandardprofil/-mall/-certifikattyp: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tSCEP CA-identifierare: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tSCEP CA-certifikatets tumavtryck (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tSCEP CA-certifikatets tumavtryck (SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "uppdatera informationen om CA-konfigurationen med detta namn" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "uppdatera information om alla kända CA:n" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "Varken CA-smeknamn eller -a-flaggan angavs.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Data för CA ”%s” uppdateras.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Data för namnlös CA uppdateras.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tfel vid uppdatering av CA-data\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "smeknamn att ge till den nya CA-konfigurationen" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "hjälpkommando att köra för att kommunicera med denna CA" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "CA-smeknamn inte angivet.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "CA-hjälpkommando inte angivet.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Ny CA ”%s” tillagd.\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Ny CA kunde inte läggas till.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "SCEP-serverns plats" #: src/getcert.c:4458 msgid "CA identifier" msgstr "CA-identifierare" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "fil som innehåller CA:ns certifikat" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "fil som innehåller RA:ns certifikat" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "fil som innehåller certifikat i RA:ns certifieringskedja" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "föredra att inte använda funktionen SCEP-förnyelse" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "server-URL inte angiven.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS kräver ett CA-certifikat.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Fel när kommandoraden byggdes.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "Fel när CA-identifierare ställdes in.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "smeknamn på CA-konfigurationen" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "uppdaterade hjälpkommandot att köra för att kommunicera med CA:n" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "CA ”%s” ändrad.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "CA kunde inte ändras.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "smeknamn på CA-konfigurationen att ta bort" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "CA ”%s” borttagen.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "CA:n kunde inte tas bort.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - registreringsverktyg för klientcertifikat\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Användning: %s request [flaggor]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Obligatoriska argument:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Om du använder en NSS-databas för lagring:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d KAT\tNSS-databas för nyckel och cert\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr " -n NAMN\tsmeknamn för NSS-baserad lagring (endast giltigt med -d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t NAMN\tfrivilligt symbolnamn för NSS-baserad lagring (endast giltig med -" "d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Om du använder filer för lagring:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FIL\tPEM-fil för privat nyckel\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FIL\tPEM-fil för certifikat (endast giltigt med -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Om nycklar skall krypteras:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FIL\tfil som håller PIN för kryptering\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN-värde\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Valfria argument:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Inställningar för certifikathantering:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I NAMN\tsmeknamn att tilldela till begäran\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TYPE\ttyp av nyckel att genereras om det inte redan finns en\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g STORLEK\tstorlek på nyckel som skall genereras om det inte redan finns " "en\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tförsök att förnya certifikatet när utgångsdatumet närmar sig " "(standard)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tförsök inte förnya certifikatet när utgångsdatumet närmar sig\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\tanvänd angiven CA istället för standard\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFIL\tbe CA:n att bearbeta begäran med användning av den angivna " "profilen eller mallen\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -X UTGIVARE\tbe CA:n att bearbeta begäran med användning av den namngivna " "utgivaren\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Parametrar för signeringsbegäran:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N NAMN\tställ in begärt ämnesnamn (standard: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTANV\tställ in begärd förlängd nyckelanvändning-OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u NYCKELANVÄNDNING\tsätt angivet värde på nyckelanvändning\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAMN\tställ in begärt huvudnamn\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNS-NAMN\tställ in begärt DNS-namn\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EPOST\tställ in begärd e-postadress\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADRESS\tange begärd IP-adress\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l FIL\tfil som innehåller en valfritt utmaningslösenord\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L LÖSENORD\tett valfritt utmaningslösenordvärde\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Bussflaggor:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tanslut till tjänsten certmonger på systembussen\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\tanslut till tjänsten certmonger på sessionsbussen\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Andra flaggor:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tkommando att köra före certifikatet sparas\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tkommando att köra efter certifikatet sparas\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tfil i vilken CA:ns certifikat skall lagras\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tNSS-databas i vilken CA:ns certifikat skall lagras\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tförsök att vänta på att certifikatet ges ut\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\trapportera alla detaljer om fel\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Användning: %s start-tracking [flaggor]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Om du ändrar en befintlig begäran:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAMN\tsmeknamn på en befintlig spårningsbegäran\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Om nycklarna är krypterade:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAMN\tsmeknamn att ge på spårningbegäran\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Parametrar för signeringsbegäran vid förnyelsetidpunkten:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTANV\tåsidosätt begärd förlängd nyckelanvändning-OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAMN\tåsidosätt begärt huvudnamn\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNS-NAMN\tåsidosätt begärt DNS-namn\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL\tåsidosätt begärd e-postadress\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADRESS\tåsidosätt begärd IP-adress\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Användning: %s stop-tracking [flaggor]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* Enligt identifierare för begäran:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAMN\tsmeknamn för spårningsbegäran\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Användning: %s resubmit [flaggor]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FIL\tPEM-fil för certifikat\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Nya parametervärden för signeringsbegäran:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAMN\tnytt smeknamn för att ge till spårningsbegäran\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tanvänd den angivna CA:n istället för den nuvarande\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Användning: %s rekey [flaggor]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TYP\ttyp av ny nyckel som skall genereras\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g STORLEK\tstorlek på ny nyckel som skall genereras\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Användning: %s list [flaggor]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Allmänna flaggor:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tlista endast begäran och certifikat associerade med denna CA\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tlista endast information om utestående begäran\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tlista endast information om spårade certifikat\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\tvisar tid i UTC istället för lokal tid\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Om du väljer en viss begäran:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d KAT\tlista endast begäran och certifikat som använder denna NSS-" "databas\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n NAMN\tlista endast begäran och certifikat som använder detta smeknamn\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f FIL\tlista endast begäran och certifikat lagrade i denna PEM-fil\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tanslut till tjänsten certmonger på systembussen\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\tanslut till tjänsten certmonger på sessionsbussen\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Användning: %s refresh [flaggor]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\tuppdatera informationen om alla utestående begäranden\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Användning: %s status [flaggor]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* Väljer en viss begäran:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* När en NSS-databas används för lagring:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr " -d KAT\treturnera status för begäran i denna NSS-databas\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" " -n NAMN\treturnera status för certifikatet som använder detta smeknamn\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* När filer används för lagring:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr " -f FIL\treturnera status för certifikatet lagrat i denna PEM-fil\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Användning: %s list-cas [flaggor]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\tlista endast information om CA:n med detta namn\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Användning: %s refresh-ca [flaggor]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\tuppdatera information om CA:n med detta namn\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\tuppdatera information om alla kända CA:n\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Användning: %s add-ca [flaggor]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\tsmeknamn att ge den nya CA-konfigurationen\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr " -e KMD\thjälpkommando att köra för att kommunicera med CA:n\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Användning: %s add-scep-ca [flaggor]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tplats för SCEP-servern\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ID\t\tCA-identifierare\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R FIL\tfil som innehåller CA:ns certifikat\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r FIL\tfil som innehåller RA:ns certifikat\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr " -I FIL\tfil som innehåller certifikat i RA:ns certifieringskedja\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tföredra att inte använda funktionen SCEP-förnyelse\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Användning: %s modify-ca [flaggor]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\tsmeknamn på CA-konfigurationen\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e KMD\tuppdaterat hjälpkommando att köra för att kommunicera med CA:n\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Användning: %s remove-ca [flaggor]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\tsmeknamn på CA-konfigurationen att ta bort\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Användning: %s kommando [flaggor]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "begär ett nytt certifikat från en CA\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "börja övervaka ett redan utgivet certifikat\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "sluta övervaka ett certifikat\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "skicka om en pågående registreringsbegäran, eller starta en ny\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "generera en ny privat nyckel och ersätt ett certifikat\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "kontrollera statusen på en pågående registreringsbegäran\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "lista certifikat som övervakas och begärs\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "kontrollera statusen på ett certifikat som övervakas eller begärs\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "lägg till en CA-konfiguration\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "lägg till en SCEP CA-konfiguration\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "lista kända CA-konfigurationer\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "ändra en CA-konfiguration\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "uppdatera cachen med all information som har erhållits från en CA\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "ta bort en CA-konfiguration\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: okänt kommando\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "Kan inte avgöra platsen för IPA LDAP-servern.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "Kan inte kontakta en IPA LDAP-server.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "Kan inte avgöra bas-DN för domäninformation på IPA-servern.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "Fel när det sattes upp för XMLRPC på klienten.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "Flaggan -t kan inte användas med flaggan -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "Flaggan -k kan inte användas med flaggan -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "Flaggan -K kan inte användas med vare sig flaggan -k eller -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "Det går inte att avgöra huvudnamn för signeringsbegäran.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "Ingen IPA-domän konfigurerad, och ingen angiven.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Fel när ccache sattes upp för tjänsten ”host” på klienten med " "standardnyckeltabell: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Fel när ccache sattes upp för ”%s” på klienten med standardnyckeltabell: " "%s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Fel när ccache sattes upp för tjänsten ”host” på klienten med användning av " "nyckeltabellen ”%s”: %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Fel när ccache sattes upp för ”%s” på klienten med nyckeltabellen ”%s”: %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Kan inte läsa signeringsbegäran.\n" #: src/main.c:74 msgid "use session bus" msgstr "använd sessionsbussen" #: src/main.c:75 msgid "use system bus" msgstr "använd systembussen" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "starta ett dedikerat lyssningsuttag" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "använd endast ett dedikerat lyssningsuttag" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "ange det dedikerade lyssningsuttaget" #: src/main.c:78 msgid "PATHNAME" msgstr "SÖKVÄGSNAMN" #: src/main.c:79 msgid "don't become a daemon" msgstr "bli inte en demon" #: src/main.c:80 msgid "do become a daemon" msgstr "bli en demon" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "bussaktiverad, tidsgräns för inaktivitet" #: src/main.c:81 msgid "SECONDS" msgstr "SEKUNDER" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "använd inte tidsgräns för inaktivitet" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "ange felsökningsnivå (implicerar -n)" #: src/main.c:83 msgid "NUMBER" msgstr "TAL" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "starta KOMMANDO och avsluta när det gör det" #: src/main.c:87 msgid "write service PID to file" msgstr "skriv service-PID till en fil" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "framtvinga NSS till FIPS-läge" #: src/main.c:90 msgid "print version information" msgstr "skriv versionsinformation" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Användning: %s [-s|-S] [-n|-f] [-d NIVÅ] [-p FIL] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s använd sessionsbussen\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S använd systembussen\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l starta ett dedikerat lyssningsuttag\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L använd endast ett dedikerat lyssningsuttag\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P PATH ange det dedikerade lyssningsuttaget\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n bli inte en demon\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f bli en demon\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIDSGRÄNS bussaktiverad, tidsgräns vid inaktivitet\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B använd inte en tidsgräns vid inaktivitet\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d NIVÅ sätt felsökningsnivån (medför -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c KOMMANDO starta KOMMANDO och avsluta när det gör det\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p FIL skriv tjänstens PID till filen\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F tvinga in NSS i FIPS-läge\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v skriv versionsinformation och avsluta\n" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Ingen SCEP URL (-u) angiven, och inget standardvärde är känt.\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" "Ingen SCEP operation (-c/-C/-g/-p) angiven, och inget standardvärde är känt." "\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Inget RA certifikat (-r) angiven, och inget standardvärde är känt.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" "Fel vid läsning av begäran. PKCS7-data innehållande ett GetInitialCert " "pkiMessage förväntades, fick ingenting.\n" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" "Fel vid läsning av begäran. PKCS7-data innehållande ett PKCSReq pkiMessage " "förväntades, fick ingenting.\n" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" "Varning: begäran är varken en PKCSReq- eller en GetInitialCert-begäran.\n" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" "Varning: begäranstypen ”%s” är varken en PKCSReq- eller en GetInitialCert-" "begäran.\n" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "Varning: begäran saknar transaktions-id.\n" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "Varning: begäran saknar senderNonce.\n" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Fick svarskod %d från %s, inte 200.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "Serversvaret var av en oväntad MIME-typ ”%s”.\n" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Fel: misslyckades att verifiera signaturen av svar från servern.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "Fel: svaret var inte ett CertRep (%s).\n" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "Fel: svaret saknar transaktions-id.\n" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "Fel: svaret innehåller ett annat transaktions-id.\n" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "Fel: svaret saknar pkiStatus.\n" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "Fel: svaret saknar recipientNonce.\n" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "Fel: svars-nonce matchar inte begäran.\n" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Fel: svaret saknar senderNonce.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "Ospecificerat fel på servern.\n" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "Okänd eller ej stödd algoritm identifierad i klientbegäran.\n" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "Integritetskontrollen av klientbegäran misslyckades på servern.\n" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "Transaktionen är antingen inte tillåten eller stödjs inte av servern.\n" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "Klockskillnaden är för stor.\n" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "Ej stödd utökning.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "Måste arkivera nycklar.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "Felaktig identitet.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "Ägandebevis krävs.\n" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "Ägandebevis misslyckades.\n" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "Ingen nyckelåteranvändning.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "Internt CA-fel.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "Försök senare.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "Servern returnerade felkod ”%s”.\n" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "Fel: kunde inte tolka signerad data.\n" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "Fel: last med signerad data är inte inslagen data.\n" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "Fel: last med inslagen data är inte data.\n" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "Fel: pkiStatus ”%s” är inte känd.\n" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Ett internt fel har uppstått." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Ingen matchande post funnen.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Det finns redan en CA med smeknamnet ”%s”." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Lagringstyp för certifikat inte angiven." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Lagringstyp ”%s” för certifikat stödjs inte." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Platsen ”%s” måste vara en absolut sökväg." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Lagringsplats för certifikat inte angiven." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "Föräldern till platsen ”%s” kunde inte nås på grund av otillräckliga " "rättigheter." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Förälder till platsen ”%s” måste vara en giltig katalog." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Platsen ”%s” måste vara en fil." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "Platsen ”%s” kunde inte nås på grund av otillräckliga rättigheter." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Platsen ”%s” måste vara en katalog." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Certifikatsmeknamn inte angivet." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Det finns redan en begäran med smeknamnet ”%s”." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "Certifikat på samma plats används redan av begäran med smeknamnet ”%s”." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Nyckellagringstypen ”%s” stödjs inte." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Nyckellagringsplats inte angiven." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Nyckelsmeknamn inte angivet." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "Nyckel på samma plats används redan av begäran med smeknamnet ”%s”." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Inget stöd för nyckeltypen ”%s”." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Ingen sådan CA." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Certifikatmyndighet ”%s” inte känd." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Okända parameter eller fel värdetyp." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Fel vid argumenttolkning." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Okänt egenskapsnamn." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Otillräckliga rättigheter. Försök åtgärden igen som root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Kontrollera att tjänsten certmonger har startats.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Kontrollera att tjänsten certmonger fortfarande kör.\n" certmonger-0.79.19/po/ta.po0000644000175000017500000014174514511314133015030 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Felix I , 2011 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:54-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Tamil (http://www.transifex.com/projects/p/certmonger/" "language/ta/)\n" "Language: ta\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 msgid "missing argument" msgstr "" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "" #: src/getcert.c:406 msgid "unrecognized option" msgstr "" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "" #: src/getcert.c:430 msgid "out of memory" msgstr "" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "»CA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "" #: src/getcert.c:3736 msgid "\temail: " msgstr "" #: src/getcert.c:3742 msgid "\tdns: " msgstr "" #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr "" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr "" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr "" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr "" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr "" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr "" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr "" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/po/tr.po0000644000175000017500000021417614511314133015050 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Hasan Alp İNAN , 2011 # Oğuz Ersen , 2021. # Mustafa Çalışkan , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2021-03-07 07:01+0000\n" "Last-Translator: Oğuz Ersen \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n>1);\n" "X-Generator: Weblate 4.5.1\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Bellek yetersiz.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "CA'nın ana makine adı belirlenemiyor.\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "\"%s\" dosyasından imzalama isteği okunamıyor.\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "\"%s\" ortam değişkeninden imzalama isteği okunamıyor.\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "XMLRPC için kurulum yapılırken hata oluştu.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Sunucu yanıtı ayrıştırılırken hata oluştu.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Sunucu hatası.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Profil parametreleri (-O), param=değer biçiminde olmalıdır.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "Gönderme parametreleri (-o), param=değer biçiminde olmalıdır.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "Aracı kimlik bilgileri belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Yenileme istendi, ancak seri numarası belirtilmedi.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "Son varlık URL'si (-E) belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "Aracı URL'si (-A) belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Profil/şablon (-T) belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "NSS kapatılırken hata oluştu.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Dahili hata: bilinmeyen durum.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "Aracı kimlik bilgileri (-n) belirtilmedi ancak gerekli.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "%d hatası %s adresine bağlanırken oluştu: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "%d hatası %s adresine bağlanırken oluştu.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Dahili hata: \"%s?%s\" için yanıt yok.\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "KOMUT" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "DİZİN" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "LİSTE" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "ADRES" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "DOSYA_ADI" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "ANA_MAKİNE_ADI" #: src/getcert.c:67 msgid "ID" msgstr "KİMLİK" #: src/getcert.c:69 msgid "BITS" msgstr "BİT" #: src/getcert.c:71 msgid "MODE" msgstr "MOD" #: src/getcert.c:72 msgid "NAME" msgstr "AD" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "TEMSİLCİ" #: src/getcert.c:74 msgid "SUBJECT" msgstr "SAHİP" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "KULLANICI_ADI[:GRUP_ADI]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "\"%s\" yolu mutlak değil, bunun yerine \"%s\" yolu kullanılmaya çalışılıyor." "\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "\"%s\" yolu mutlak değil ve geçerli dizinin adı belirlenirken bir hata " "oluştu.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "\"%s\" yolu: izinler yetersiz.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "\"%s\" yolu bir dizin değil.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "\"%s\" yolu: %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "\"%s\" yolu normal bir dosya değil.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Çalışan sistem veri yolu yok.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "UID 0 olarak çalışıyor.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Geçici bir özel hizmet arka plan programı başlatılıyor.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "D-Bus'a bağlanırken hata oluştu.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Lütfen mesaj veri yolu (D-Bus) hizmetinin çalıştığını doğrulayın.\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "D-Bus istek mesajı oluşturulurken hata oluştu.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "%s için argüman eksik" #: src/getcert.c:398 msgid "missing argument" msgstr "argüman eksik" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "tanınmayan seçenek %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "tanınmayan seçenek" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "takma adlar çok fazla iç içe geçti" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "parametrede yanlış tırnak işareti kullanımı" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "geçersiz sayısal değer" #: src/getcert.c:421 msgid "number too large or too small" msgstr "sayı çok büyük veya çok küçük" #: src/getcert.c:424 msgid "bad operation" msgstr "yanlış işlem" #: src/getcert.c:427 msgid "internal error" msgstr "dahili hata" #: src/getcert.c:430 msgid "out of memory" msgstr "bellek yetersiz" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "popt yapılandırma dosyasında hata" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Hata %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Hata %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Hata: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Yerel %s hizmetinden hata yanıtı alındı.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "%s hizmetinden yanıt alınmadı.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Durum %s, takıldı: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "Anahtar ve sertifika için NSS veri tabanı" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "NSS tabanlı depolama için takma ad (yalnızca -d ile geçerlidir)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "NSS tabanlı depolama için isteğe bağlı belirteç adı (yalnızca -d ile " "geçerlidir)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "özel anahtar için PEM dosyası" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "sertifika için PEM dosyası (yalnızca -k ile geçerlidir)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "özel anahtar şifreleme PIN'ini saklayan dosya" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "özel anahtar şifreleme PIN'i" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "özel anahtar için sahip bilgisi" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "özel anahtar için dosya izinleri" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "sertifika için sahip bilgisi" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "sertifika için dosya izinleri" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "CA sertifikalarının saklanacağı NSS veri tabanı" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "CA sertifikalarının saklanacağı dosya" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "sertifikayı kaydetmeden önce çalıştırılacak komut" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "sertifikayı kaydettikten sonra çalıştırılacak komut" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "isteğe atanacak takma ad" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "zaten bir tane yoksa oluşturulacak anahtarın türü" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "zaten bir tane yoksa oluşturulacak anahtarın boyutu" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "sona erme tarihi yaklaştığında sertifikayı yenilemeyi dene (öntanımlı)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "sona erme tarihi yaklaştığında sertifikayı yenilemeyi deneme" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "öntanımlı olan yerine belirtilen CA yapılandırmasını kullan" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "CA'dan, belirtilen profili veya şablonu kullanarak isteği işlemesini iste" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "CA'dan, belirtilen sağlayıcıyı kullanarak isteği işlemesini iste" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "istenen sahip adını ayarla (öntanımlı: CN=)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "istenen anahtar kullanım değerini ayarla" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "istenen genişletilmiş anahtar kullanımı OID'sini ayarla" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "istenen temsilci adını ayarla" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "istenen DNS adını ayarla" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "istenen e-posta adresini ayarla" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "istenen IP adresini ayarla" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "isteğe bağlı bir sınama parolası değeri içeren dosya" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "isteğe bağlı bir sınama parolası değeri" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "bir CA sertifikası iste" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "CA olmayan bir sertifika iste" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "CA sertifikası için yol uzunluğu" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "sertifikanın verilmesini beklemeye çalış" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "sertifikanın verilmesi için beklenecek en fazla süre" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "oturum veri yolunda certmonger hizmetine bağlan" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "sistem veri yolunda certmonger hizmetine bağlan" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Kerberos kütüphanesi başlatılırken hata oluştu: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "\"%s\" anahtarları oluşturma desteği yok.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Bilinen anahtar türleri:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Tanınmayan keyUsage (anahtar kullanımı) \"%s\".\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "OID \"%s\" değerlendirilemedi.\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Kerberos temsilci adı \"%s\" ayrıştırılırken hata oluştu: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" "Kerberos temsilci adı \"%s\" ayrıştırılmasını tersine çevirirken hata oluştu:" " %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: geçersiz değer -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: seçenek bir argüman gerektiriyor -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: geçersiz seçenek -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Hata: kullanılmayan fazladan argüman \"%s\".\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Hata: kullanılmayan fazladan argümanlar belirtildi.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "Veri tabanı konumu veya takma addan biri, diğeri olmadan belirtildi.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Hem veri tabanı dizini hem de sertifika dosyası belirtildi.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Veri tabanı dizini ve takma ad ya da sertifika dosyasından hiçbiri " "belirtilmedi.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Anahtar ve sertifika aynı dosyaya kaydedilemez.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "IPA arka ucu -N (sahip adı), -E (e-posta adresi), -A (IP adresi), -D (DNS " "adı) veya -U (extendedKeyUsage) seçeneklerinden birisi kullanıldığında -K " "seçeneğinin (temsilci adı) kullanılmasını gerektiriyor.\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "\"%s\" adında bir CA bulunamadı.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "İstek argümanları ayarlanırken hata oluştu.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Yeni imzalama isteği \"%s\" eklendi.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Yeni imzalama isteği eklenemedi.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Yeni izleme isteği \"%s\" eklendi.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Yeni izleme isteği eklenemedi.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "özel anahtar için PEM dosyası (yalnızca -f ile geçerlidir)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "sertifika için PEM dosyası" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "var olan bir isteğin takma adı" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "izleme isteğine verilecek takma ad" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "istenen anahtar kullanım değerinin üzerine yaz" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "istenen genişletilmiş anahtar kullanımı OID'sinin üzerine yaz" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "istenen temsilci adının üzerine yaz" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "istenen DNS adının üzerine yaz" #: src/getcert.c:1874 msgid "override requested email address" msgstr "istenen e-posta adresinin üzerine yaz" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "istenen IP adresinin üzerine yaz" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Kimlik ya da veri tabanı dizini ve takma ad ya da sertifika dosyasından " "hiçbiri belirtilmedi.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "\"%s\" isteği değiştirildi.\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "\"%s\" isteği değiştirilemedi.\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Belirtilen takma ada sahip bir istek bulunamadı.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Argümanlarla eşleşen bir istek bulunamadı.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "\"%s\" isteği kaldırıldı.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "\"%s\" isteği kaldırılamadı.\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "izleme isteği için takma ad" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "izleme isteğine verilecek yeni takma ad" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "oluşturulacak yeni anahtarın türü" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "oluşturulacak yeni anahtarın boyutu" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "geçerli olanın yerine belirtilen CA yapılandırmasını kullan" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "\"%s\" değiştirilirken hata oluştu.\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "\"%s\", \"%s\"e yeniden gönderiliyor.\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "\"%s\" yeniden gönderiliyor.\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "\"%s\", \"%s\"e gönderilmeye çalışılırken hata oluştu.\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "\"%s\" gönderilmeye çalışılırken hata oluştu.\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "bekleyen tüm isteklerle ilgili bilgileri yenile" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "yalnızca belirtilen CA yapılandırmasını kullanan istekler için bilgileri " "yenile" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "İstek kimliği '%s' yenileniyor.\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "İstek kimliği '%s' yenilenmiyor.\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "yalnızca bekleyen isteklerle ilgili bilgileri listele" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "yalnızca izlenen sertifikalarla ilgili bilgileri listele" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "yalnızca bu CA yapılandırmasıyla ilişkili istekleri ve sertifikaları listele" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "saatleri yerel saat yerine UTC olarak göster" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "İzlenen sertifika ve isteklerin sayısı: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "İstek kimliği '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tdurum: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-hatası: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\ttakıldı: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tanahtar çifti deposu: tür=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "YOK" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",konum='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",takma_ad='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",belirteç='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",pin belirlendi" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pin_dosyası='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tsertifika: tür=%s,konum='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\timzalama isteği parmak izi (MD5): %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\timzalama isteği parmak izi (SHA1): %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tsağlayıcı: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tsahip: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "bilinmiyor" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tsona erme tarihi: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\te-posta: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\ttemsilci adı: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP adresi: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tanahtar kullanımı: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\tgenişletilmiş anahtar kullanımı: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tsertifika şablonu/profili: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\tkök sertifikalar aşağıdaki dosyalara kaydedildi:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tdiğer kök sertifikalar aşağıdaki dosyalara kaydedildi:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tdiğer sertifikalar aşağıdaki dosyalara kaydedildi:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\tkök sertifikalar aşağıdaki veri tabanlarına kaydedildi:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tdiğer kök sertifikalar aşağıdaki veri tabanlarına kaydedildi:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tdiğer sertifikalar aşağıdaki veri tabanlarına kaydedildi:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tkaydetme öncesi komutu: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tkaydetme sonrası komutu: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tizle: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\totomatik yenile: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Kimlik ya da veri tabanı dizini ve takma ad ya da sertifika dosyasından " "hiçbiri belirtilmedi.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "yalnızca belirtilen CA yapılandırmasını listele" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tkendini şöyle tanımlar: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-türü: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tyardımcı konumu: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tsonraki seri numarası: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tbilinen sağlayıcı adları:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tbilinen profiller/şablonlar/sertifika türleri:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\töntanımlı profil/şablon/sertifika türü: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tSCEP CA tanımlayıcısı: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tSCEP CA sertifika parmak izi (MD5): %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tSCEP CA sertifika parmak izi (SHA1): %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "bu ada sahip CA yapılandırmasıyla ilgili bilgileri yenile" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "bilinen tüm CA'larla ilgili bilgileri yenile" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "CA takma adı veya -a seçeneği belirtilmedi.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "CA '%s' için veriler yenileniyor.\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Adsız CA için veriler yenileniyor.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tCA verilerini yenilerken hata oluştu\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "yeni CA yapılandırmasına verilecek takma ad" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "CA ile iletişim kurmak için çalıştırılacak yardımcı komut" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "CA takma adı belirtilmedi.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "CA yardımcı komutu belirtilmedi.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Yeni CA \"%s\" eklendi.\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Yeni CA eklenemedi.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "SCEP sunucusu konumu" #: src/getcert.c:4458 msgid "CA identifier" msgstr "CA tanımlayıcısı" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "CA'nın sertifikasını içeren dosya" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "RA'nın sertifikasını içeren dosya" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "RA'nın sertifika zincirindeki sertifikaları içeren dosya" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "SCEP yenileme özelliğini kullanmamayı tercih et" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "sunucu URL'si belirtilmedi.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS bir CA sertifikası gerektiriyor.\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Komut satırı oluşturulurken hata oluştu.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "CA tanımlayıcısı ayarlanırken hata oluştu.\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "CA yapılandırmasının takma adı" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "CA ile iletişim kurmak için çalıştırılacak güncellenmiş yardımcı komut" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "CA \"%s\" değiştirildi.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "CA değiştirilemedi.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "kaldırılacak CA yapılandırmasının takma adı" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "CA \"%s\" kaldırıldı.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "CA kaldırılamadı.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - istemci sertifika kayıt aracı\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Kullanım: %s request [seçenekler]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Gerekli argümanlar:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Depolama için bir NSS veri tabanı kullanılıyorsa:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DİZİN\tAnahtar ve sertifika için NSS veri tabanı\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n AD\tNSS tabanlı depolama için takma ad (yalnızca -d ile geçerlidir)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t AD\tNSS tabanlı depolama için isteğe bağlı belirteç adı (yalnızca -d " "ile geçerlidir)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Depolama için dosyalar kullanılıyorsa:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k DOSYA\tözel anahtar için PEM dosyası\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f DOSYA\tsertifika için PEM dosyası (yalnızca -k ile geçerlidir)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Anahtarlar şifrelenecekse:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p DOSYA\tşifreleme PIN değerinin bulunduğu dosya\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN değeri\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "İsteğe bağlı argümanlar:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Sertifika işleme ayarları:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I AD\tisteğe atanacak takma ad\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr " -G TÜR\tzaten bir tane yoksa oluşturulacak anahtarın türü\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr " -g BOYUT\tzaten bir tane yoksa oluşturulacak anahtarın boyutu\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tsona erme tarihi yaklaştığında sertifikayı yenilemeyi dene " "(öntanımlı)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr " -R\t\tsona erme tarihi yaklaştığında sertifikayı yenilemeyi deneme\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA\t\töntanımlı olan yerine belirtilen CA'yı kullan\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T PROFİL\tCA'dan, belirtilen profili veya şablonu kullanarak isteği " "işlemesini iste\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -X SAĞLAYICI\tCA'dan, belirtilen sağlayıcıyı kullanarak isteği işlemesini " "iste\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* İmzalama isteği için parametreler:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N AD\tistenen sahip adını ayarla (öntanımlı: CN=)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U KULLANIM\tistenen genişletilmiş anahtar kullanımı OID'sini ayarla\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KULLANIM\tistenen anahtar kullanım değerini ayarla\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K AD\tistenen temsilci adını ayarla\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNS_ADI\tistenen DNS adını ayarla\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EPOSTA\tistenen e-posta adresini ayarla\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A ADRES\tistenen IP adresini ayarla\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l DOSYA\tisteğe bağlı bir sınama parolası içeren dosya\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L PAROLA\tisteğe bağlı bir sınama parolası değeri\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Veri yolu seçenekleri:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S\t\tsistem veri yolunda certmonger hizmetine bağlan\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s\t\toturum veri yolunda certmonger hizmetine bağlan\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Diğer seçenekler:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tsertifikayı kaydetmeden önce çalıştırılacak komut\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tsertifikayı kaydettikten sonra çalıştırılacak komut\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tCA sertifikalarının saklanacağı dosya\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tCA sertifikalarının saklanacağı NSS veri tabanı\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tsertifikanın verilmesini beklemeye çalış\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\thataların tüm ayrıntılarını bildir\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Kullanım: %s start-tracking [seçenekler]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* Var olan bir istek değiştiriliyorsa:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i AD\tvar olan bir izleme isteğinin takma adı\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Anahtarlar şifrelenmişse:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I AD\tizleme isteğine verilecek takma ad\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Yenileme zamanında imzalama isteği için parametreler:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U KULLANIM\tistenen genişletilmiş anahtar kullanımı OID'sinin üzerine " "yaz\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K AD\tistenen temsilci adının üzerine yaz\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNS_ADI\tistenen DNS adının üzerine yaz\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EPOSTA\tistenen e-posta adresinin üzerine yaz\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A ADRES\tistenen IP adresinin üzerine yaz\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Kullanım: %s stop-tracking [seçenekler]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* İstek tanımlayıcısına göre:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i AD\tizleme isteği için takma ad\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Kullanım: %s resubmit [seçenekler]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f DOSYA\tsertifika için PEM dosyası\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* İmzalama isteği için yeni parametre değerleri:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I AD\tizleme isteğine verilecek yeni takma ad\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA\t\tgeçerli olanın yerine belirtilen CA'yı kullan\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Kullanım: %s rekey [seçenekler]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G TÜR\toluşturulacak yeni anahtarın türü\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g BOYUT\toluşturulacak yeni anahtarın boyutu\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Kullanım: %s list [seçenekler]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Genel seçenekler:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tyalnızca bu CA ile ilişkili istekleri ve sertifikaları listele\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tyalnızca bekleyen isteklerle ilgili bilgileri listele\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t\tyalnızca izlenen sertifikalarla ilgili bilgileri listele\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\tsaatleri yerel saat yerine UTC olarak göster\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* Belirli bir istek seçiliyorsa:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d DİZİN\tyalnızca bu NSS veri tabanını kullanan istekleri ve " "sertifikaları listele\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n AD\tyalnızca bu takma adı kullanan istekleri ve sertifikaları listele\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f DOSYA\tyalnızca bu PEM dosyasında saklanan istekleri ve sertifikaları " "listele\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S\tsistem veri yolunda certmonger hizmetine bağlan\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s\toturum veri yolunda certmonger hizmetine bağlan\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Kullanım: %s refresh [seçenekler]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\tbekleyen tüm isteklerle ilgili bilgileri yenile\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Kullanım: %s status [seçenekler]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* Belirli bir isteğin seçilmesi:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* Depolama için bir NSS veri tabanı kullanıldığında:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr " -d DİZİN\tBu NSS veri tabanındaki isteğin durumunu döndür\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr " -n AD\tBu takma adı kullanan sertifikanın durumunu döndür\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* Depolama için dosyalar kullanıldığında:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr " -f DOSYA\tBu PEM dosyasında saklanan sertifikanın durumunu döndür\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Kullanım: %s list-cas [seçenekler]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA\tyalnızca bu ada sahip CA ile ilgili bilgileri listele\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Kullanım: %s refresh-ca [seçenekler]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\tbu ada sahip CA ile ilgili bilgileri yenile\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\tbilinen tüm CA'larla ilgili bilgileri yenile\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Kullanım: %s add-ca [seçenekler]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\tyeni CA yapılandırmasına verilecek takma ad\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr " -e KOMUT\tCA ile iletişim kurmak için çalıştırılacak yardımcı komut\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Kullanım: %s add-scep-ca [seçenekler]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u URL\tSCEP sunucusunun konumu\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i KİMLİK\t\tCA tanımlayıcısı\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R DOSYA\tCA'nın sertifikasını içeren dosya\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r DOSYA\tRA'nın sertifikasını içeren dosya\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr " -I DOSYA\tRA'nın sertifika zincirindeki sertifikaları içeren dosya\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tSCEP yenileme özelliğini kullanmamayı tercih et\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Kullanım: %s modify-ca [seçenekler]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\tCA yapılandırmasının takma adı\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e KOMUT\tCA ile iletişim kurmak için çalıştırılacak güncellenmiş yardımcı " "komut\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Kullanım: %s remove-ca [seçenekler]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\tkaldırılacak CA yapılandırmasının takma adı\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Kullanım: %s command [seçenekler]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "bir CA'dan yeni bir sertifika iste\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "önceden verilmiş bir sertifikayı izlemeye başla\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "sertifikayı izlemeyi bırak\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" "Devam eden bir kayıt isteğini yeniden gönder veya yeni bir tane başlat\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "yeni bir özel anahtar oluştur ve bir sertifikayı değiştir\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "devam eden bir kayıt isteğinin durumunu denetle\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "izlenen ve istenen sertifikaları listele\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "izlenen veya istenen bir sertifikanın durumunu denetle\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "bir CA yapılandırması ekle\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "bir SCEP CA yapılandırması ekle\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "bilinen CA yapılandırmalarını listele\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "bir CA yapılandırmasını değiştir\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "bir CA'dan alınan tüm bilgilerin önbelleğini yenile\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "bir CA yapılandırmasını kaldır\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: tanınmayan komut\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "IPA LDAP sunucusunun konumu belirlenemiyor.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "Bir IPA LDAP sunucusuyla iletişim kurulamıyor.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "IPA sunucusundaki etki alanı bilgilerinin temel DN'si belirlenemiyor.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "İstemcide XMLRPC için kurulum yapılırken hata oluştu.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "-t seçeneği, -K seçeneğiyle birlikte kullanılamaz.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "-k seçeneği, -K seçeneğiyle birlikte kullanılamaz.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "-K seçeneği, -k veya -t seçeneğiyle birlikte kullanılamaz.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "İmzalama isteği için temsilci adı belirlenemiyor.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "Bir IPA etki alanı yapılandırılmadı ve hiçbiri belirtilmedi.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "İstemcide \"host\" hizmeti için öntanımlı anahtar tablosunu kullanarak " "ccache ayarlanırken hata oluştu: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "İstemcide \"%s\" için öntanımlı anahtar tablosunu kullanarak ccache " "ayarlanırken hata oluştu : %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "İstemcide \"host\" hizmeti için \"%s\" anahtar tablosunu kullanarak ccache " "ayarlanırken hata oluştu: %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "İstemcide \"%s\" için \"%s\" anahtar tablosunu kullanarak ccache " "ayarlanırken hata oluştu: %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "İmzalama isteği okunamıyor.\n" #: src/main.c:74 msgid "use session bus" msgstr "oturum veri yolunu kullan" #: src/main.c:75 msgid "use system bus" msgstr "sistem veri yolunu kullan" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "özel bir dinleme soketi başlat" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "yalnızca özel bir dinleme soketi kullan" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "özel dinleme soketini belirt" #: src/main.c:78 msgid "PATHNAME" msgstr "YOL_ADI" #: src/main.c:79 msgid "don't become a daemon" msgstr "arka plan programı olma" #: src/main.c:80 msgid "do become a daemon" msgstr "arka plan programı ol" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "veri yolu etkinleştirildi, boşta kalma zaman aşımı" #: src/main.c:81 msgid "SECONDS" msgstr "SANİYE" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "boşta kalma zaman aşımı kullanma" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "hata ayıklama seviyesini ayarla (-n anlamına gelir)" #: src/main.c:83 msgid "NUMBER" msgstr "SAYI" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "KOMUT'u başlat ve başladığında çık" #: src/main.c:87 msgid "write service PID to file" msgstr "hizmetin PID değerini dosyaya yaz" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "NSS'yi FIPS moduna zorla" #: src/main.c:90 msgid "print version information" msgstr "sürüm bilgisini yazdır" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Kullanım: %s [-s|-S] [-n|-f] [-d SEVİYE] [-p DOSYA] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s oturum veri yolunu kullan\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S sistem veri yolunu kullan\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l özel bir dinleme soketi başlat\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L yalnızca özel bir dinleme soketi kullan\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P YOL özel dinleme soketini belirt\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n arka plan programı olma\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f arka plan programı ol\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b SÜRE veri yolu etkinleştirildi, boşta kalma zaman aşımı\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B boşta kalma zaman aşımı kullanma\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d SEVİYE hata ayıklama seviyesini ayarla (-n anlamına gelir)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c KOMUT KOMUT'u başlat ve başladığında çık\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p DOSYA hizmetin PID değerini dosyaya yaz\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F NSS'yi FIPS moduna zorla\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v sürüm bilgisini yazdır ve çık\n" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "SCEP URL'si (-u) belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" "SCEP işlemi (-c/-C/-g/-p) belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "RA sertifikası (-r) belirtilmedi ve bilinen öntanımlı değer yok.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" "İstek okunurken hata oluştu. GetInitialCert pkiMessage içeren PKCS7 verisi " "bekleniyordu, hiçbir şey alınmadı.\n" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" "İstek okunurken hata oluştu. PKCSReq pkiMessage içeren PKCS7 verisi " "bekleniyordu, hiçbir şey alınmadı.\n" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "Uyarı: istek, PKCSReq veya GetInitialCert isteği değil.\n" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "Uyarı: \"%s\" istek türü, PKCSReq veya GetInitialCert isteği değil.\n" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "Uyarı: isteğin transactionId değeri eksik.\n" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "Uyarı: isteğin senderNonce değeri eksik.\n" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "%d yanıt kodu alındı (%s adresinden), 200 değil.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "Sunucu yanıtı beklenmeyen \"%s\" MIME türündeydi.\n" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Hata: sunucu yanıtında imza doğrulaması başarısız oldu.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "Hata: yanıt bir CertRep değildi (%s).\n" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "Hata: yanıtın transactionId değeri eksik.\n" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "Hata: yanıt farklı bir transactionId içeriyor.\n" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "Hata: yanıtın pkiStatus değeri eksik.\n" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "Hata: yanıtın recipientNonce değeri eksik.\n" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "Hata: nonce yanıtı istekle eşleşmiyor.\n" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Hata: yanıtın senderNonce değeri eksik.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "Sunucuda belirtilmeyen hata.\n" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" "İstemci isteğinde tanınmayan veya desteklenmeyen algoritma tanımlayıcısı.\n" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "Sunucuda istemci isteğinin bütünlük denetimi başarısız oldu.\n" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "İşleme izin verilmiyor veya sunucu tarafından desteklenmiyor.\n" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "Saat farkı çok büyük.\n" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "Desteklenmeyen uzantı.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "Anahtarlar arşivlenmeli.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "Yanlış kimlik.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "Sahiplik kanıtı gerekli.\n" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "Sahiplik kanıtı başarısız oldu.\n" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "Anahtarı yeniden kullanma yok.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "Dahili CA hatası.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "Daha sonra tekrar dene.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "Sunucu \"%s\" hata kodunu döndürdü.\n" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "Hata: signed-data ayrıştırılamadı.\n" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "Hata: signed-data yükü enveloped-data değil.\n" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "Hata: enveloped-data yükü veri değil.\n" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "Hata: pkiStatus \"%s\" tanınmadı.\n" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Dahili bir hata oluştu." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Eşleşen girdi bulunamadı.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "\"%s\" takma adına sahip bir CA zaten var." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Sertifika depolama türü belirtilmedi." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Sertifika depolama türü \"%s\" desteklenmiyor." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "\"%s\" konumu bir mutlak yol olmalıdır." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Sertifika depolama konumu belirtilmedi." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "Yetersiz izinler nedeniyle \"%s\" konumunun üst ögesine erişilemedi." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "\"%s\" konumunun üst ögesi geçerli bir dizin olmalıdır." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "\"%s\" konumu bir dosya olmalıdır." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "Yetersiz izinler nedeniyle \"%s\" konumuna erişilemedi." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "\"%s\" konumu bir dizin olmalıdır." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Sertifika takma adı belirtilmedi." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "\"%s\" takma adına sahip bir istek zaten var." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Aynı konumdaki sertifika, \"%s\" takma adına sahip istek tarafından zaten " "kullanılıyor." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Anahtar depolama türü \"%s\" desteklenmiyor." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Anahtar depolama konumu belirtilmedi." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Anahtar takma adı belirtilmedi." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Aynı konumdaki anahtar, \"%s\" takma adına sahip istek tarafından zaten " "kullanılıyor." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "\"%s\" anahtar türü için destek yok." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Böyle bir CA yok." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Sertifika yetkilisi \"%s\" bilinmiyor." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Tanınmayan parametre veya yanlış değer türü." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Argümanlar ayrıştırılırken hata oluştu." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Tanınmayan varlık adı." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "Yetersiz erişim. Lütfen işlemi root olarak yeniden deneyin.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Lütfen certmonger hizmetinin başlatıldığını doğrulayın.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Lütfen certmonger hizmetinin hala çalışmakta olduğunu doğrulayın.\n" certmonger-0.79.19/po/uk.po0000644000175000017500000025713514511314133015044 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Nalin Dahyabhai , 2011 # Yuri Chornoivan , 2011-2014, 2020. # Yuri Chornoivan , 2013, 2020. # Yuri Chornoivan , 2016. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2020-12-09 08:35+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 4.3.2\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "Не вистачає пам'яті.\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "Не вдалося визначити назву вузла служби сертифікації (CA).\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "Не вдалося прочитати запит щодо підпису з файла «%s».\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "Не вдалося прочитати запит щодо підпису зі змінної середовища «%s».\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "Помилка встановлення XMLRPC.\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "Помилка обробки відповіді сервера.\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "Помилка сервера.\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "Параметри профілю (-O) має бути вказано у форматі параметр=значення.\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" "Параметри надсилання (-o) має бути вказано у форматі параметр=значення.\n" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" "Не вказано реєстраційних даних агента, типові значення також невідомі.\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "Надіслано запит щодо поновлення, але не надано серійного номера.\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" "Не вказано завершального запису адреси (-E), типове значення запису також " "невідоме.\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" "Не вказано адреси агента (-A), типове значення адреси також невідоме.\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "Не вказано профілю або шаблону (-T), типове значення також невідоме.\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "Помилка під час спроби завершення роботи NSS.\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "Внутрішня помилка: невідомий стан.\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "Не вказано реєстраційних даних агента (-n), а без них не обійтися.\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "Помилка %d під час спроби встановлення з’єднання з %s: %s.\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "Помилка %d під час спроби з’єднатися з %s.\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "Внутрішня помилка: немає відповіді на «%s?%s».\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "КОМАНДА" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "КАТАЛОГ" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "СПИСОК" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "АДРЕСА" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "НАЗВА ФАЙЛА" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "НАЗВА ВУЗЛА" #: src/getcert.c:67 msgid "ID" msgstr "Ід" #: src/getcert.c:69 msgid "BITS" msgstr "БІТИ" #: src/getcert.c:71 msgid "MODE" msgstr "РЕЖИМ" #: src/getcert.c:72 msgid "NAME" msgstr "НАЗВА" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "РЕЄСТРАЦІЙНИЙ ЗАПИС" #: src/getcert.c:74 msgid "SUBJECT" msgstr "SUBJECT" #: src/getcert.c:75 msgid "URL" msgstr "АДРЕСА" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "КОРИСТУВАЧ[:ГРУПА]" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "" "Шлях «%s» не є абсолютним, спробуємо замість нього скористатися «%s».\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "" "Шлях «%s» не є абсолютним, спроба визначення назви поточного каталогу також " "зазнала невдачі.\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "Шлях «%s»: недостатні права доступу.\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "Шлях «%s» не вказує на каталог.\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "Шлях «%s»: %s.\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "Шлях «%s» не вказує на звичайний файл.\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "Системний канал повідомленнями не запущено.\n" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "Працюємо з UID 0.\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "Запускаємо тимчасову окрему фонову службу обслуговування.\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "Помилка під час спроби з’єднатися з D-Bus.\n" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "Будь ласка, перевірте, чи працює служба каналу повідомлень (D-Bus).\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "Помилка під час спроби створення повідомлення запиту до DBus.\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "пропущено аргумент %s" #: src/getcert.c:398 msgid "missing argument" msgstr "не вистачає аргументу" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "невідомий параметр %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "нерозпізнаний параметр" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "надто великий рівень вкладеності у альтернативних назвах" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "помилкове використання лапок у параметрі" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "некоректне значення символічного посилання" #: src/getcert.c:421 msgid "number too large or too small" msgstr "число є надто великим або надто малим" #: src/getcert.c:424 msgid "bad operation" msgstr "помилкова дія" #: src/getcert.c:427 msgid "internal error" msgstr "внутрішня помилка" #: src/getcert.c:430 msgid "out of memory" msgstr "недостатньо пам'яті" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "помилка у файлі налаштувань popt" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "Помилка %s: %s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "Помилка %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "Помилка: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "Отримано повідомлення про помилку від локальної служби %s.\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "Не отримано відповіді від служби %s.\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "Стан %s, прив’язка: %s.\n" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "База даних NSS для ключа і сертифіката" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "псевдонім сховища на основі NSS (працюватиме, лише якщо вказано -d)" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" "додаткова назва ключа до заснованого на NSS сховища (працюватиме, лише якщо " "вказано -d)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "файл PEM закритого ключа" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "файл PEM сертифіката (працюватиме, лише якщо вказано -k)" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "файл, у якому зберігається PIN закритого ключа шифрування" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "PIN закритого ключа шифрування" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "дані щодо власника закритого ключа" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "права доступу до файла закритого ключа" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "дані щодо власника сертифіката" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "права доступу до файла сертифіката" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "база даних NSS, у якій слід зберігати сертифікати CA" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "файл, у якому слід зберігати сертифікати CA" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "команда, яку слід виконати до збереження сертифіката" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "команда, яку слід виконати після збереження сертифіката" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "псевдонім, який слід пов’язати з запитом" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "тип ключа, який слід створити, якщо не буде виявлено готового" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" "розмір ключа, який слід створити, якщо не буде виявлено готового, у бітах" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" "спробувати оновити сертифікат, якщо наближається завершення строку дії " "(типова поведінка)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" "не намагатися оновити сертифікат, якщо наближається завершення строку дії" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" "використовувати вказані налаштування служби сертифікації (CA), а не типові" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" "попросити CA обробити запит з використанням вказаного профілю або шаблона" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" "попросити службу сертифікації обробити запит з використанням вказаного " "видавця" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "Встановити бажане призначення (Типово: CN=<назва вузла>)" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "встановити вказане значення використання ключа" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "Встановити додаткове використання ключа за допомогою OID" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "встановити вказану назву реєстраційного запису" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "встановити вказану назву за DNS" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "встановити вказану адресу електронної пошти" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "встановити вказану IP-адресу" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "файл, у якому зберігається додаткове значення пароля виклику" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "додаткове значення пароля виклику" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "надіслати запит щодо сертифіката служби сертифікації (CA)" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "надіслати запит щодо сертифіката без служби сертифікації (CA)" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "довжина шляху сертифіката служби сертифікації" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "спробувати зачекати на момент випуску сертифіката" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "максимальний час очікування на видання сертифіката" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "втановити зв’язок зі службою certmonger за допомогою каналу сеансу" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" "встановити зв’язок зі службою certmonger за допомогою системного каналу" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "Помилка під час ініціалізації бібліотеки Kerberos: %s.\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "Підтримки створення ключів «%s» не передбачено.\n" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "Серед відомих типів ключів такі:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "Нерозпізнане значення використання ключа «%s».\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "Не вдалося визначити OID «%s».\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "Помилка під час обробки реєстраційного запису Kerberos «%s»: %s.\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "Помилка під час пакування реєстраційного запису Kerberos «%s»: %s.\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s: некоректне значення — «%s»\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: разом з параметром слід вказати аргумент -- «%c»\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: некоректний параметр — «%c»\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "Помилка: зайвий аргумент «%s».\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "Помилка: було вказано невикористовувані зайві аргументи.\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" "Вказано адресу бази даних або псевдонім без визначення іншого необхідного " "елемента.\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "Одночасно вказано каталог бази даних і файл сертифіката.\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" "Не вказано ні каталогу бази даних з псевдонімом, ні файла сертифіката.\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "Ключ і сертифікат не можна зберігати у одному файлі.\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "Модуль обробки IPA вимагає використання параметра -K (назви реєстраційного " "запису), якщо використано якийсь із параметрів з набору -N (ім'я особи чи " "назва організації призначення), -E (адреса електронної пошти), -A (IP-адреса)" ", -D (назва DNS) або -U (extendedKeyUsage).\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "Не виявлено служби сертифікації (CA) з назвою «%s».\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "Помилка під час спроби встановлення параметрів запиту.\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "Додано новий запит «%s» щодо підписування.\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "Не вдалося додати новий запит щодо підписування.\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "Додано новий запит «%s» щодо стеження.\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "Не вдалося додати новий запит щодо стеження.\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "файл PEM для закритого ключа (працюватиме, лише якщо вказано -f)" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "файл PEM сертифіката" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "псевдонім наявного запиту" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "псевдонім, який слід пов’язати з запитом щодо стеження" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "перевизначити значення використання запитаного ключа" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "перевизначити додаткове використання ключа за допомогою OID" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "перевизначити вказану назву реєстраційного запису" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "перевизначити вказану назву за DNS" #: src/getcert.c:1874 msgid "override requested email address" msgstr "перевизначити вказану адресу електронної пошти" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "перевизначити вказану IP-адресу" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" "Не вказано ні ідентифікатора, ні каталогу бази даних з псевдонімом, ні файла " "сертифіката.\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "Змінено запит «%s».\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "Не вдалося змінити запит «%s».\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "Не виявлено запиту з вказаним псевдонімом.\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "Запиту, що відповідає аргументам, не виявлено.\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "Запит «%s» вилучено.\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "Не вдалося вилучити запит «%s».\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "псевдонім запиту щодо стеження" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "новий псевдонім, який слід пов’язати з запитом щодо стеження" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "тип нового ключа для створення" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "розмір нового ключа для створення" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" "використовувати вказані налаштування служби сертифікації (CA), а не поточні" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "Помилка під час спроби змінити «%s».\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "Повторне надсилання «%s» до «%s».\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "Повторне надсилання «%s».\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "Помилка під час спроби надсилання «%s» до «%s».\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "Помилка під час спроби надсилання «%s».\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "освіжити дані щодо усіх незвичних запитів" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" "освіжити дані лише для запитів, де використовуються вказані налаштування CA" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "Оновлюємо ідентифікатор запиту «%s».\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "Не оновлюємо ідентифікатор запиту «%s».\n" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "показати лише відомості щодо нетипових запитів" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "показати лише відомості щодо сертифікатів, за якими ведеться стеження" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" "показати список лише тих запитів та сертифікатів, які пов’язано з вказаними " "налаштуваннями служби сертифікації (CA)" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "показувати всесвітній час замість місцевого часу" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "Кількість сертифікатів та запитів, за якими ведеться стеження: %d.\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "Ідентифікатор запиту «%s»:\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\tстан: %s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-помилка: %s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "\tприв’язка: %s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "\tсховище пар ключів: тип=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "Немає" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",розташування=«%s»" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",псевдонім=«%s»" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",ключ=«%s»" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr ",встановлено pin" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",пін-файл=«%s»" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\tсертифікат: тип=%s,розташування=«%s»" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "\tвідбиток (MD5) запиту щодо підписування: %s\n" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "\tвідбиток (SHA1) запиту щодо підписування: %s\n" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA: %s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "\tвидавець: %s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "\tпризначення: %s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "невідоме" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\tзавершення дії: %s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\tел. пошта: " #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tреєстраційний запис: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP-адреса: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\tвикористання ключа: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\tшаблон/профіль сертифіката: %s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "\tкореневі сертифікати, збережені до файлів:\n" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "\tінші кореневі сертифікати, збережені до файлів:\n" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "\tінші сертифікати, збережені до файлів:\n" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "\tкореневі сертифікати, збережені до баз даних:\n" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\tінше кореневі файли, збережені до баз даних:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\tінші сертифікати, збережені до баз даних:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\tкоманда до збереження: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\tкоманда після збереження: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\tстеження: %s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\tавтооновлення: %s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" "Не вказано ні ідентифікатора, ні каталогу бази даних з псевдонімом, ні файла " "сертифіката.\n" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "вивести список лише вказаних налаштувань служби сертифікації (CA)" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "Служба сертифікації «%s»:\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "\tсамоідентифікація: %s\n" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-тип: %s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\tадреса допоміжної програми: %s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\tнаступний серійний номер: %s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tвідомі назви видавця:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "\tвідомі профілі, шаблони, типи сертифікатів:\n" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "\tтиповий профіль, шаблон або тип сертифіката: %s\n" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "\tідентифікатор CA SCEP: %s\n" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "\tвідбиток (MD5) сертифіката CA SCEP: %s\n" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "\tвідбиток (SHA1) сертифіката CA SCEP: %s\n" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "освіжити дані щодо налаштувань CA із вказаною назвою" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "освіжити дані щодо усіх відомих CA" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "Не вказано ні псевдоніма CA, ні прапорця -a.\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "Оновлюємо дані для CA «%s».\n" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "Оновлюємо дані для CA без назви.\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\tпомилка під час спроби оновлення даних CA\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "псевдонім, який слід надати новим налаштуванням CA" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "допоміжна команда, яку слід віддати для обміну даними з CA" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "не вказано псевдонім CA.\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "не вказано допоміжну команду CA.\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "Додано новий запис CA «%s».\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "Не вдалося додати новий запис CA.\n" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "розташування сервера SCEP" #: src/getcert.c:4458 msgid "CA identifier" msgstr "ідентифікатор CA" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "файл, де міститься сертифікат CA" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "файл, де міститься сертифікат RA" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "файл, який містить сертифікати у ланцюжку сертифікації RA" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "віддавати перевагу невикористанню можливості оновлення SCEP" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "не вказано адресу сервера.\n" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "HTTPS потребує сертифіката служби сертифікації (CA).\n" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "Помилка під час спроби побудови рядка команди.\n" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" "Помилка під час спроби встановити ідентифікатор служби сертифікації (CA).\n" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "псевдонім налаштувань CA" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "оновлена допоміжна команда, яку слід віддати для обміну даними з CA" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "Запис CA «%s» змінено.\n" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "Не вдалося змінити запис CA.\n" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "псевдонім налаштувань CA для вилучення" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "Запис CA «%s» вилучено.\n" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "Не вдалося вилучити запис CA.\n" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s — інструмент реєстрації клієнтських сертифікатів\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "Використання: %s request [параметри]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "Обов’язкові аргументи:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* Якщо для зберігання даних використовується база даних NSS:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d КАТАЛОГ\tБаза даних ключів і сертифікатів NSS\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr "" " -n НАЗВА\tпсевдонім сховища на основі NSS (працюватиме, лише якщо вказано -" "d)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t НАЗВА\tдодаткова назва ключа до заснованого на NSS сховища " "(працюватиме, лише якщо вказано -d)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* Якщо для зберігання даних використовуються файли:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k ФАЙЛ\tФайл PEM закритого ключа\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f ФАЙЛ\tФайл PEM сертифіката (працюватиме, лише якщо вказано -k)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* Якщо ключі слід зашифрувати:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p ФАЙЛ\tФайл, у якому зберігається PIN-код шифрування\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tЗначення PIN-коду шифрування\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "Необов’язкові аргументи:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* Параметри обробки сертифікатів:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr " -I НАЗВА\tпсевдонім, який слід пов’язати з запитом\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" " -G ТИП\tтип ключа, який слід створити, якщо не буде виявлено готового\n" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" " -g РОЗМІР\tрозмір ключа, який слід створити, якщо не буде виявлено " "готового, у бітах\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" " -r\t\tСпробувати оновити сертифікат, якщо наближається завершення строку " "дії (типова поведінка)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" " -R\t\tНе намагатися оновити сертифікат, якщо наближається завершення " "строку дії\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" " -c CA\t\tвикористовувати вказану службу сертифікації (CA), а не типову\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" " -T ПРОФІЛЬ\tпопросити CA обробити запит з використанням вказаного профілю " "або шаблона\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" " -X ВИДАВЕЦЬ\tпопросити службу сертифікації обробити запит з використанням " "вказаного видавця\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* Параметри запиту щодо підписування:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N НАЗВА\tВстановити бажане призначення (Типово: CN=<назва вузла>)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" " -U ДОД.ВИКОР.\tВстановити додаткове використання ключа за допомогою OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u ВИКОРИСТАННЯ встановити вказане значення використання ключа\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K НАЗВА\tВстановити вказану назву реєстраційного запису\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D НАЗВА-DNS\tвстановити вказану назву за DNS\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E ЕЛ.ПОШТА\tвстановити вказану адресу електронної пошти\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr " -A АДРЕСА\tвстановити вказану IP-адресу\n" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr " -l ФАЙЛ\tфайл, який містить додатковий пароль виклику\n" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr " -L ПАРОЛЬ\tдодаткове значення пароля виклику\n" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* Параметри каналу зв’язку:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" " -S\t\tВстановити зв’язок зі службою certmonger за допомогою системного " "каналу\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" " -s\t\tВстановити зв’язок зі службою certmonger за допомогою каналу сеансу\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* Інші параметри:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\tкоманда, яку слід виконати до збереження сертифіката\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\tкоманда, яку слід виконати після збереження сертифіката\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr " -F\tфайл, у якому слід зберігати сертифікати CA\n" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr " -a\tбаза даних NSS, у якій слід зберігати сертифікати CA\n" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr " -w\tспробувати зачекати на момент випуску сертифіката\n" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\tповідомляти про всі дані щодо помилок\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "Використання: %s start-tracking [параметри]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* У разі зміни наявного запиту:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i НАЗВА\tпсевдонім наявного запиту щодо стеження\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* Якщо ключі зашифровано:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I НАЗВА\tПсевдонім, який слід пов’язати з запитом щодо стеження\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* Параметри запиту щодо підписування під час оновлення:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" " -U ДОД.ВИКОР.\tПеревизначити додаткове використання ключа за допомогою " "OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K НАЗВА\tПеревизначити вказану назву реєстраційного запису\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D НАЗВА-DNS\tПеревизначити вказану назву за DNS\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E ЕЛ.ПОШТА\tПеревизначити вказану адресу електронної пошти\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr " -A АДРЕСА\tперевизначити вказану IP-адресу\n" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "Використання: %s stop-tracking [параметри]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* За ідентифікатором запиту:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i НАЗВА\tПсевдонім запиту щодо стеження\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "Використання: %s resubmit [параметри]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f ФАЙЛ\tФайл PEM сертифіката\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* Нові значення параметрів запиту щодо підписування:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" " -I НАЗВА\tНовий псевдонім, який слід пов’язати з запитом щодо стеження\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" " -c CA\t\tВикористовувати вказану службу сертифікації (CA), а не поточну\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "Використання: %s rekey [параметри]\n" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr " -G ТИП \tтип нового ключа для створення\n" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr " -g РОЗМІР\tрозмір нового ключа для створення\n" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "Використання: %s list [параметри]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* Загальні параметри:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr "" " -c CA\tПоказати список лише тих запитів та сертифікатів, які пов’язано з " "вказаною службою сертифікації (CA)\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r\tПоказати лише відомості щодо нетипових запитів\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" " -t\tПоказати лише відомості щодо сертифікатів, за якими ведеться стеження\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr " -u\tпоказувати всесвітній час замість місцевого часу\n" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* У разі вибору певного запиту:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d КАТАЛОГ\tпоказувати список лише тих запитів і сертифікатів, які " "використовують цю базу даних NSS\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -d НАЗВА\tпоказувати список лише тих запитів і сертифікатів, які " "використовують цю назву\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f ФАЙЛ\tпоказувати список лише тих запитів і сертифікатів, які " "зберігаються у цьому файлі PEM\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" " -S\tВстановити зв’язок зі службою certmonger за допомогою системного " "каналу\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" " -s\tВстановити зв’язок зі службою certmonger за допомогою каналу сеансу\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "Користування: %s refresh [параметри]\n" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr " -a\tосвіжити дані щодо усіх незвичних запитів\n" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "Користування: %s status [параметри]\n" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "* Вибір певного запиту:\n" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "* Якщо використовуємо базу даних NSS для зберігання:\n" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr " -d КАТ\tповернути стан для запиту у вказаній базі даних NSS\n" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" " -n НАЗВА\tповернути стан для сертифіката, який використовує вказаний " "псевдонім\n" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "* Якщо використовуємо файли для зберігання даних:\n" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" " -f ФАЙЛ\tповернути стан для сертифіката, що зберігається у вказаному файлі " "PEM\n" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "Використання: %s list-cas [параметри]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" " -c CA\tПоказати лише відомості щодо служби сертифікації (CA) з вказаною " "назвою\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "Користування: %s refresh-ca [параметри]\n" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr " -c CA\tоновити дані щодо CA із вказаною назвою\n" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr " -a\tосвіжити дані щодо усіх відомих CA\n" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "Використання: %s add-ca [параметри]\n" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr " -c CA\t\tпсевдонім, який слід надати новим налаштуванням CA\n" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" " -e КОМАНДА\tдопоміжна команда, яку слід віддати для обміну даними з CA\n" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "Використання: %s add-scep-ca [параметри]\n" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr " -u АДРЕСА\tрозташування сервера SCEP\n" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr " -i ІД\t\tідентифікатор CA\n" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr " -R ФАЙЛ\tфайл, який містить сертифікат CA\n" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr " -r ФАЙЛ\tфайл, який містить сертифікат RA\n" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr " -I ФАЙЛ\tфайл, який містить сертифікати у ланцюжку сертифікації RA\n" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr " -n\tвіддавати перевагу невикористанню можливості оновлення SCEP\n" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "Використання: %s modify-ca [параметри]\n" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr " -c CA\t\tпсевдонім налаштувань CA\n" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" " -e КОМАНДА\tоновлена допоміжна команда, яку слід віддати для обміну даними " "з CA\n" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "Використання: %s remove-ca [параметри]\n" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr " -c CA\tпсевдонім налаштувань CA для вилучення\n" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "Використання: %s command [параметри]\n" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "надіслати запит щодо нового сертифіката до CA\n" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "почати спостереження за вже виданим сертифікатом\n" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "припинити спостереження за сертифікатом\n" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" "повторно надіслати оброблюваний запит щодо надання ролі або надіслати новий " "запит\n" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "створити закритий ключ і замінити сертифікат\n" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "перевірити стан оброблюваного запиту щодо надання ролі\n" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" "вивести список сертифікатів, за якими ведеться спостереження і щодо яких " "надіслано запити\n" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" "перевірити стан сертифіката, за якими ведеться спостереження або щодо якого " "надіслано запит\n" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "додати налаштування CA\n" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "додати налаштування CA SCEP\n" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "вивести список відомих налаштувань CA\n" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "змінити налаштування CA\n" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "освіжити кеш усіх даних, отримати від CA\n" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "вилучити налаштування CA\n" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s: невідома команда\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "Не вдалося визначити розташування сервера LDAP IPA.\n" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "Не вдалося встановити зв’язок із сервером LDAP IPA.\n" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "Не вдалося визначити базовий DN даних щодо домену на сервері IPA.\n" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "Помилка встановлення XMLRPC на боці клієнта.\n" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "Параметр -t не можна використовувати разом з параметром -K.\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "Параметр -k не можна використовувати разом з параметром -K.\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "Параметр -K не можна використовувати разом з параметрами -k і -t.\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" "Не вдалося визначити назву реєстраційного запису запиту щодо підписування.\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "Не налаштовано жодного домену IPA і жодного не вказано.\n" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" "Помилка встановлення ccache для служби «host» на боці клієнта за допомогою " "типового сховища ключів: %s.\n" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" "Помилка встановлення ccache для «%s» на боці клієнта за допомогою типової " "таблиці ключів: %s.\n" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" "Помилка встановлення ccache для служби «host» на боці клієнта за допомогою " "сховища ключів «%s»: %s.\n" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" "Помилка встановлення ccache для «%s» на боці клієнта за допомогою сховища " "ключів «%s»: %s.\n" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "Не вдалося прочитати запит щодо підпису.\n" #: src/main.c:74 msgid "use session bus" msgstr "використовувати канал сеансу" #: src/main.c:75 msgid "use system bus" msgstr "використовувати канал системи" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "розпочати роботу спеціалізованого сокета очікування на дані" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "використовувати лише спеціалізований сокет очікування на дані" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "вказати спеціалізований сокет очікування на дані" #: src/main.c:78 msgid "PATHNAME" msgstr "ШЛЯХ" #: src/main.c:79 msgid "don't become a daemon" msgstr "не переходити у стан фонової служби" #: src/main.c:80 msgid "do become a daemon" msgstr "запустити у режимі фонової служби" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "задіяння каналу даних, час очікування у стані бездіяльності" #: src/main.c:81 msgid "SECONDS" msgstr "СЕКУНДИ" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "не використовувати час очікування у стані бездіяльності" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "встановити рівень діагностики (використовується -n)" #: src/main.c:83 msgid "NUMBER" msgstr "ЧИСЛО" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "виконати КОМАНДУ і вийти після завершення її виконання" #: src/main.c:87 msgid "write service PID to file" msgstr "записати PID служби до файла" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "примусово перевести NSS у режим FIPS" #: src/main.c:90 msgid "print version information" msgstr "вивести дані щодо версії програми" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "Використання: %s [-s|-S] [-n|-f] [-d РІВЕНЬ] [-p ФАЙЛ] [-F] [-v]\n" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s використовувати канал даних сеансу\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S використовувати канал даних системи\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "\t-l\tрозпочати роботу спеціалізованого сокета очікування на дані\n" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "\t-L\tвикористовувати лише спеціалізований сокет очікування на дані\n" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "\t-P ШЛЯХ\tвказати спеціалізований сокет очікування на дані\n" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n не запускати у режимі фонової служби\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f запустити у режимі фонової служби\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" "\t-b ЧАС_ОЧІКУВАННЯ задіяння каналу даних, час очікування у стані " "бездіяльності\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B не використовувати час очікування у стані бездіяльності\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d РІВЕНЬ встановити рівень діагностики (використовується -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "\t-c КОМАНДА виконати КОМАНДУ і вийти після завершення її виконання\n" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "\t-p ФАЙЛ записати PID служби до файла\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F примусово перевести NSS у режим FIPS\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "\t-v вивести дані щодо версії і завершити роботу\n" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "Не вказано адреси SCEP (-u), а типова адреса є невідомою.\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "Не вказано дії SCEP (-c/-C/-g/-p), а типова дія є невідомою.\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "Не вказано сертифікат RA (-r), а типовий сертифікат є невідомим.\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" "Помилка читання запиту. У даних PKCS7 мало міститися pkiMessage " "GetInitialCert, але не отримано нічого.\n" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" "Помилка читання запиту. У даних PKCS7 мало міститися pkiMessage PKCSReq, але " "не отримано нічого.\n" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" "Попередження: запит не є ні запитом PKCSReq, ні запитом GetInitialCert.\n" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" "Попередження: тип запиту «%s» не є ні запитом PKCSReq, ні запитом " "GetInitialCert.\n" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "Попередження: у запиті не міститься transactionId.\n" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "Попередження: у запиті не міститься senderNonce.\n" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "Отримано код відповіді %d від %s, а не 200.\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "Відповідь сервера належить до неочікуваного типу MIME «%s».\n" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "Помилка: підпис відповіді сервера не пройшов перевірки.\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "Помилка: відповідь не є CertRep (%s).\n" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "Помилка: у відповіді немає transactionId.\n" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "Помилка: відповідь містить інший transactionId.\n" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "Помилка: у відповіді немає pkiStatus.\n" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "Помилка: у відповіді немає recipientNonce.\n" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "Помилка: nonce відповіді не відповідає запиту.\n" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "Помилка: у відповіді немає senderNonce.\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "Невказана помилка на сервері.\n" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" "Невідомий або непідтримуваний ідентифікатор алгоритму у запиті клієнта.\n" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "Не вдалося пройти перевірку цілісності запиту клієнта на сервері.\n" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" "Операцію або заборонено на сервері, або на сервері не передбачено підтримки " "операції.\n" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "Надто велика зміна фаз синхронних імпульсів.\n" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "Непідтримуване розширення.\n" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "Слід архівувати ключі.\n" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "Помилковий профіль.\n" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "Потрібне доведення належності.\n" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "Не вдалося довести належність.\n" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "Без повторного використання ключа.\n" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "Внутрішня помилка служби сертифікації.\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "Спробуйте пізніше.\n" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "Сервер повернув код помилки «%s».\n" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "Помилка: не вдалося обробити signed-data.\n" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "Помилка: вміст signed-data не є enveloped-data.\n" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "Помилка: вміст enveloped-data не є даними.\n" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "Помилка: невідомий pkiStatus «%s».\n" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "Сталася внутрішня помилка." #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "Відповідного запису не знайдено.\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "Служба сертифікації (CA) з псевдонімом «%s» вже існує." #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "Тип сховища сертифікатів не вказано." #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "Підтримки типу сховищ сертифікатів «%s» не передбачено." #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "Адресою «%s» має бути абсолютний шлях." #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "Адресу сховища сертифікатів не вказано." #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" "Батьківська тека адреси «%s» недоступна через недостатні права доступу." #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "Батьківським каталогом адреси «%s» має бути коректний каталог." #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "Адресою «%s» має бути файл." #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "Адреса «%s» недоступна через недостатні права доступу." #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "Адресою «%s» має бути каталог." #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "Псевдонім сертифіката не вказано." #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "Запит з псевдонімом «%s» вже існує." #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" "Сертифікат з цією адресою вже використовується за запитом з псевдонімом «%s»." #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "Підтримки типу сховищ ключів «%s» не передбачено." #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "Адресу сховища ключів не вказано." #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "Псевдонім ключа не вказано." #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" "Ключ з цією адресою вже використовується за запитом з псевдонімом «%s»." #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "Підтримки ключів типу «%s» не передбачено." #: src/tdbush.c:1400 msgid "No such CA." msgstr "Такої служби сертифікації (CA) не виявлено." #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "Невідома служба сертифікації «%s»." #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "Невідомий параметр або помилковий тип значення." #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "Помилка під час спроби обробити аргументи." #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "Нерозпізнана назва властивості." #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" "Недостатні права доступу. Будь ласка, повторіть дію від імені користувача " "root.\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "Будь ласка, перевірте, чи запущено фонову службу certmonger.\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "Будь ласка, перевірте, чи працює ще фонова служба certmonger\n" certmonger-0.79.19/po/zh_CN.po0000644000175000017500000016552014511314133015422 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # alanzheng , 2011 # Huan Chen , 2011 # Tommy He , 2011, 2012 # Ma Kai , 2011 # Tiansworld , 2013 # Tommy He , 2013 # Wei Liu , 2012 # Charles Lee , 2021. # Serena She , 2021. msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2021-12-04 09:16+0000\n" "Last-Translator: Serena She \n" "Language-Team: Chinese (Simplified) \n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 4.9.1\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "内存不足。\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "无法确定CA的主机名。\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "无法读取来自“%s”文件的签名请求。\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "无法读取来自环境变量“%s”的签名请求。\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "设置 xmlrpc 时出错。\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "分析服务器响应时出错。\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "服务器出错。\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "档案参数(-O)必须使用“param=value”的形式。\n" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "未指定代理凭据,且无已知默认值。\n" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "已请求延期,但未提供序列号。\n" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "未指定结尾条目 URL (-E),且无已知默认值。\n" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "未指定中间代理 URL (-A),且无已知默认值。\n" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "未指定预置文件/模板 (-T),且无已知默认值。\n" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "关闭网络代理服务(NSS)时出错。\n" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "内部错误: 未知的状态。\n" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "未提供代理凭据(-n),它们是必须的。\n" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "错误 %d 连接至 %s: %s。\n" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "错误 %d 连接至 %s。\n" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "内部错误: \"%s?%s\" 没有响应。\n" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "命令" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "目录" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "列表" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "地址" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "文件名称" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "主机名称" #: src/getcert.c:67 msgid "ID" msgstr "ID" #: src/getcert.c:69 msgid "BITS" msgstr "比特" #: src/getcert.c:71 msgid "MODE" msgstr "模式" #: src/getcert.c:72 msgid "NAME" msgstr "名称" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "原理" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "URL" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "路径 \"%s\" 并非绝对路径,尝试使用 \"%s\" 替代。\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "路径 %s 不是绝对路径,并且确定当前目录时出错。\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "路径“%s”:权限不足。\n" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "路径 \"%s\" 并不是一个目录。\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "路径 \"%s\": %s。\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "路径 \"%s\" 并不是一个普通文件。\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "以 UID 0 运行。\n" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "启动临时专用服务守护程序。\n" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "请检验信息总线(D-Bus)服务是否正在运行。\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "创建 DBus 请求消息时出错。\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 msgid "missing argument" msgstr "缺少参数" #: src/getcert.c:401 #, c-format msgid "unrecognized option %s" msgstr "未识别的选项 %s" #: src/getcert.c:406 msgid "unrecognized option" msgstr "未识别的选项" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "别名嵌套过深" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "无效数值" #: src/getcert.c:421 msgid "number too large or too small" msgstr "数字过大或过小" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 msgid "internal error" msgstr "内部错误" #: src/getcert.c:430 msgid "out of memory" msgstr "内存不足" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "错误 %s:%s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "错误 %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "错误: %s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "从本地 %s 服务收到错误响应。\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "没有从 %s 服务收到响应。\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "NSS 存储的可选令牌名称(使用 -d 才会生效)" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "私钥 PEM 文件" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "保存私钥加密 PIN 码的文件" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "私钥加密 PIN 码" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "私钥所有者信息" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "私钥的文件权限" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "证书的所有者信息" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "证书的文件权限" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "保存证书前运行的命令" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "-C\t在保存证书后运行的命令" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "分配给请求的昵称" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "证书到期时,尝试更新证书(默认)" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "证书到期时,不尝试更新证书" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "要求 CA 使用指名的签署者处理请求" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "等待证书发行的最大时间" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "初始化 Kerberos 库时出错:%s\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "已知密钥类型包括:" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "未识别的 keyUsage \"%s\"。\n" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "无法估计 OID“%s”。\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "解析 Kerberos 实体名“%s”时出错:%s。\n" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "反解析 Kerberos 主机名 “%s”时出错:%s。\n" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "%s:无效值 -- '%s'\n" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s: 操作需要一个参数 -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s: 无效的选项 -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "错误:未使用的额外参数 \"%s\"。\n" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "错误:输入了额外未使用的参数。\n" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "数据库位置或别名缺一不可。\n" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "数据库目录和证书文件都已指定。\n" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "没有指定数据库目录和别名,或证书文件。\n" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "密钥和证书不能保存到同一个文件。\n" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" "当使用 -N(主题名)、-E(电子邮件地址)、-A(IP地址)、-D(DNS 名称)或者 -U(扩展密钥用途) 时,IPA 后端要求使用 -K " "选项(实体名)。\n" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "没有找到具有名称“%s”的 CA.\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "设定请求参数时出错。\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "新的签名请求“%s”已添加。\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "新的签名请求无法添加。\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "新的跟踪请求“%s”已添加。\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "新的跟踪请求无法添加。\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "证书的 PEM 文件" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "现有请求的昵称" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "没有指定 ID 、数据库目录和别名,或证书文件。\n" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "请求 “%s”已修改。\n" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "请求“%s”无法修改。\n" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "未找到包含指定昵称的请求。\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "没有找到匹配参数的请求。\n" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "请求“%s”已移除。\n" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "请求“%s”无法移除。\n" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "追踪请求的昵称" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "给追踪请求的新昵称" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "生成的新密钥的类型" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "生成的新密钥的大小" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "修改“%s”时出错。\n" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "正在重新提交“%s”到“%s”。\n" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "正在重新提交“%s”。\n" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "试图提交“%s”到“%s”时出错。\n" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "试图提交“%s”时出错。\n" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "请求 ID ‘%s’ 正在更新中。\n" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "-t 只列出被跟踪证书的相关信息" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "正在跟踪的证书和请求数量:%d\n" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "请求 ID '%s':\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr " 状态:%s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr " CA 错误:%s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr " 死机:%s\n" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr " 密钥对存储:type=%s" #: src/getcert.c:3652 msgid "NONE" msgstr "无" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr ",location='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr ",nickname='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr ",token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr ",pinfile='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "证书:type=%s,location='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr " CA:%s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr " 发行者:%s\n" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr " 主题:%s\n" #: src/getcert.c:3719 msgid "unknown" msgstr "未知" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr " 到期时间:%s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr " 电子邮件: " #: src/getcert.c:3742 msgid "\tdns: " msgstr " DNS: " #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr " 实体名: " #: src/getcert.c:3756 msgid "\tIP address: " msgstr "\tIP 地址: " #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "\t密钥用法: %s\n" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku: " #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "\t证书模板/主页:%s\n" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "\t保存到数据库的其他根证书:\n" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "\t保存到数据库的其他证书:\n" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "\t保存前命令: %s\n" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "\t保存后命令: %s\n" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr " 跟踪:%s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr " 自动更新:%s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "仅列出指定的 CA 配置" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA '%s':\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr " CA 类型:%s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr " helper 位置:%s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr " 下个序列号:%s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr " 已知发行者名称:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "刷新有关该名称的 CA 配置的信息" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "刷新有关所有已知 CA 的信息" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "未指定 CA 昵称或 -a 标记。\n" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "未命名 CA 的数据正在刷新中。\n" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "\t刷新 CA 数据出错\n" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "给新 CA 配置的昵称" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "与 CA 通信的帮助命令" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "未指定 CA 昵称。\n" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "未指定 CA 帮助命令。\n" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "新 CA“%s”已添加。\n" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - 客户端证书登记工具\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "用法:%s request [options]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "所需参数:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* 如果使用 NSS 数据库作为存储:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d DIR 密钥和证书的NSS 数据库\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr " -n NAME 基于 NSS 的存储的别名(只在同时使用 -d 时有效)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "-t NAME 基于 NSS 的存储的可选令牌名(只在同时使用 -d 时有效)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* 如果使用文件作为存储:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k FILE 私钥的PEM 文件\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f FILE 证书的 PEM 文件(只在同时使用 -k 时有效)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* 如果密钥要被加密:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p FILE 保存加密 PIN 的文件\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN PIN 值\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "可选参数:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* 证书处理设置:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" " -I NAME 要分配给请求的别名\n" "\n" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr " -g SIZE 要生成的密钥大小,如果密钥不存在\n" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr " -r 在临近到期时试图更新证书(默认)\n" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr " -R 不在临近到期时试图更新证书\n" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr " -c CA 使用指定的 CA 而不是默认 CA\n" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr " -T 预置文件\t要求 CA 使用指名的预置文件或模板处理请求\n" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr " -X 签署者\t要求 CA 使用指名的签署者处理请求\n" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "* 签名请求的参数:\n" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr " -N NAME 设定所需的主题名(默认:CN=<主机名>)\n" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr " -U EXTUSAGE 设定所需的扩展密钥使用 OID\n" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr " -u KEYUSAGE\t设定请求的密钥用法值\n" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr " -K NAME 设定所需实体名\n" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr " -D DNSNAME 设定所需的 DNS 名\n" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr " -E EMAIL 设定所需的电子邮件地址\n" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* 总线选项:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr " -S 在系统总线上连接到的 certmonger 服务\n" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr " -s 在会话总线上连接到的 certmonger 服务\n" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* 其他选项:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr " -B\t在保存证书前运行的命令\n" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr " -C\t在保存证书后运行的命令\n" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v 报告所有错误细节\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "用法:%s start-tracking [options]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "* 如果修改现存请求:\n" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr " -i NAME 现存跟踪请求的别名\n" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* 如果密钥已加密:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr " -I NAME 要指定于跟踪请求的别名\n" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "* 签名请求在更新时的参数:\n" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr " -U EXTUSAGE 覆盖所需的扩展密钥使用 OID\n" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr " -K NAME 覆盖所需的实体名\n" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr " -D DNSNAME 覆盖所需的 DNS 名\n" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr " -E EMAIL 覆盖所需的电子邮件地址\n" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "用法:%s stop-tracking [选项]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "* 由请求标识符:\n" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr " -i NAME 跟踪请求的别名\n" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "用法:%s resubmit [选项]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f FILE 证书的 PEM 文件\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "* 签名请求的新参数值:\n" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr " -I NAME 要指定于跟踪请求的新别名\n" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr " -c CA 使用指定的 CA 而不是当前的\n" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "用法:%s list [选项]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* 一般选项:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA 只列出与此 CA 关联的请求和证书\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr " -r 只列出未解决请求的相关信息\n" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr " -t 只列出被跟踪证书的相关信息\n" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "* 如果选择一个特定的需求:\n" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr "" " -d 目录»仅列出使用该 " "NSS 数据库的请求和认证\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr "" " -n 名称»仅显示使用该" "名称的请求和认证\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr "" " -f 文件»仅列出保存在" "此 PEM 文件中的请求和认证\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr " -S 在系统总线上连接 certmonger 服务\n" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr " -s 在会话总线上连接 certmonger 服务\n" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "用法:%s list-cas [选项]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr " -c CA 只列出具有此名称的 CA 的相关信息\n" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s:未识别命令\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "" "选项 -t 不可跟选项 -K 共同使用。\n" "\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "选项 -k 不可跟选项 -K 共同使用。\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "选项 -K 不可跟选项 -k 或选项 -t 共同使用。\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "无法确定签名请求的实体名。\n" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "无法读取签名请求。\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "\t-s 使用和会话总线\n" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S 使用系统总线\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "\t-n 不成为守护进程\n" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "\t-f 成为守护进程\n" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "\t-b TIMEOUT 使用总线激活, idle 超时\n" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "\t-B 不使用 idle 超时\n" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d LEVEL 设定调试级别 (使用 -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" "\t-p FILE 在文件中写入服务 PID\n" "\n" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "\t-F 强制 NSS 进入 FIPS 模式\n" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "未指定 SCEP URL(-U),且无已知默认值。\n" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "未指定 SCEP 操作(-c/-C/-g/-p),且无已知默认值。\n" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "未指定 RA 证书(-r),且无已知默认值。\n" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "来自 %2$s 响应代码为 %1$d 而非 200。\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "错误:验证服务器响应上的签名失败。\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "错误:回复缺失 senderNonce。\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, c-format msgid "Internal CA error.\n" msgstr "内部 CA 错误。\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "发生一个内部错误。" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "没有找到匹配的条目。\n" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "具有别名“%s”的 CA 已经存在。" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "证书存储类型没有指定。" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "证书存储类型“%s”不支持。" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "位置“%s”必须是绝对路径。" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "证书存储位置没有指定。" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "位置“%s”的上一层必须是有效目录。" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "位置“%s”必须是文件。" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "位置“%s”必须是目录。" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "证书别名没有指定。" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "具有别名“%s”的请求已经存在。" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "在相同位置的认证已经被包含昵称 \"%s\" 的请求使用。" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "密钥存储类型“%s”不支持。" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "密钥存储位置没有指定。" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "密钥别名没有指定。" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "在相同位置的键已经被包含昵称 \"%s\" 的请求使用。" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "没有该 CA。" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "证书认证中心“%s”未知。" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "未识别的参数或错误的值类型。" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "访问权限不足。请以根用户重试操作。\n" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "请检验 certmonger 服务是否已启动。\n" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "请检验 certmonger 服务是否仍在运行。\n" certmonger-0.79.19/po/zh_TW.po0000644000175000017500000015131114511314133015445 0ustar gitgit00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Cheng-Chia Tseng , 2011 # Walter Cheuk , 2012 msgid "" msgstr "" "Project-Id-Version: certmonger 0.78.6\n" "Report-Msgid-Bugs-To: certmonger-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2017-02-26 02:20-0500\n" "PO-Revision-Date: 2015-01-05 05:52-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" "certmonger/language/zh_TW/)\n" "Language: zh-TW\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 3.9.6\n" #: src/casave.c:322 src/casave.c:361 src/dogtag.c:233 src/dogtag.c:238 #: src/dogtag.c:256 src/dogtag.c:261 src/getcert.c:291 #, c-format msgid "Out of memory.\n" msgstr "" "記憶體不足。\n" "\n" #: src/certmaster.c:136 #, c-format msgid "Unable to determine hostname of CA.\n" msgstr "無法判斷 CA 的主機名稱。\n" #: src/certmaster.c:153 src/dogtag.c:521 src/ipa.c:796 #, fuzzy, c-format msgid "Unable to read signing request from file \"%s\".\n" msgstr "無法讀取簽署請求。\n" #: src/certmaster.c:156 src/dogtag.c:524 src/ipa.c:799 #, fuzzy, c-format msgid "Unable to read signing request from environment variable \"%s\".\n" msgstr "無法讀取簽署請求。\n" #: src/certmaster.c:184 #, c-format msgid "Error setting up for XMLRPC.\n" msgstr "設置 XMLRPC 時發生錯誤。\n" #: src/certmaster.c:206 src/getcert.c:526 src/getcert.c:545 src/getcert.c:564 #: src/getcert.c:583 src/getcert.c:601 src/getcert.c:694 src/getcert.c:1409 #: src/getcert.c:1796 src/getcert.c:2354 src/getcert.c:2440 src/getcert.c:3021 #: src/getcert.c:3244 src/getcert.c:3272 src/getcert.c:3499 src/getcert.c:3603 #: src/getcert.c:3638 src/getcert.c:3673 src/getcert.c:3710 src/getcert.c:3973 #: src/getcert.c:4429 src/getcert.c:4547 src/getcert.c:4742 #, c-format msgid "Error parsing server response.\n" msgstr "解析伺服器回應時發生錯誤。\n" #: src/certmaster.c:210 #, c-format msgid "Server error.\n" msgstr "伺服器錯誤。\n" #: src/dogtag.c:226 #, c-format msgid "Profile params (-O) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:249 #, c-format msgid "Submit params (-o) must be in the form of param=value.\n" msgstr "" #: src/dogtag.c:408 src/dogtag.c:413 src/dogtag.c:442 #, c-format msgid "No agent credentials specified, and no default known.\n" msgstr "" #: src/dogtag.c:418 #, c-format msgid "Requested renewal, but no serial number provided.\n" msgstr "" #: src/dogtag.c:422 #, c-format msgid "No end-entity URL (-E) given, and no default known.\n" msgstr "" #: src/dogtag.c:427 src/dogtag.c:437 src/dogtag.c:594 #, c-format msgid "No agent URL (-A) given, and no default known.\n" msgstr "" #: src/dogtag.c:432 #, c-format msgid "No profile/template (-T) given, and no default known.\n" msgstr "" #: src/dogtag.c:452 #, c-format msgid "Error shutting down NSS.\n" msgstr "" #: src/dogtag.c:487 src/dogtag.c:777 #, c-format msgid "Internal error: unknown state.\n" msgstr "" #: src/dogtag.c:600 #, c-format msgid "No agent credentials (-n) given, but they are needed.\n" msgstr "" #: src/dogtag.c:757 src/scep.c:619 #, c-format msgid "Error %d connecting to %s: %s.\n" msgstr "" #: src/dogtag.c:762 src/scep.c:624 #, c-format msgid "Error %d connecting to %s.\n" msgstr "" #: src/dogtag.c:770 src/scep.c:648 #, c-format msgid "Internal error: no response to \"%s?%s\".\n" msgstr "" #: src/getcert.c:61 src/main.c:84 src/main.c:86 msgid "COMMAND" msgstr "" #: src/getcert.c:62 msgid "DIRECTORY" msgstr "" #: src/getcert.c:63 src/getcert.c:70 msgid "LIST" msgstr "" #: src/getcert.c:64 src/getcert.c:68 msgid "ADDRESS" msgstr "" #: src/getcert.c:65 src/main.c:87 msgid "FILENAME" msgstr "" #: src/getcert.c:66 msgid "HOSTNAME" msgstr "" #: src/getcert.c:67 msgid "ID" msgstr "" #: src/getcert.c:69 msgid "BITS" msgstr "" #: src/getcert.c:71 msgid "MODE" msgstr "" #: src/getcert.c:72 msgid "NAME" msgstr "" #: src/getcert.c:73 msgid "PRINCIPAL" msgstr "" #: src/getcert.c:74 msgid "SUBJECT" msgstr "" #: src/getcert.c:75 msgid "URL" msgstr "" #: src/getcert.c:76 msgid "USERNAME[:GROUPNAME]" msgstr "" #: src/getcert.c:115 #, c-format msgid "Path \"%s\" is not absolute, attempting to use \"%s\" instead.\n" msgstr "\"%s\" 並非絕對路徑,改為使用 \"%s\"。\n" #: src/getcert.c:120 #, c-format msgid "" "Path \"%s\" is not absolute, and there was an error determining the name of " "the current directory.\n" msgstr "路徑「%s」非絕對路徑,並且在判斷目前目錄的名稱時發生錯誤。\n" #: src/getcert.c:142 #, c-format msgid "Path \"%s\": insufficient permissions.\n" msgstr "" #: src/getcert.c:148 #, c-format msgid "Path \"%s\" is not a directory.\n" msgstr "\"%s\" 路徑並非目錄。\n" #: src/getcert.c:154 #, c-format msgid "Path \"%s\": %s.\n" msgstr "路徑 \"%s\":%s。\n" #: src/getcert.c:194 #, c-format msgid "Path \"%s\" is not a regular file.\n" msgstr "\"%s\" 路徑並非普通檔案。\n" #: src/getcert.c:340 #, c-format msgid "No system bus running.\n" msgstr "" #: src/getcert.c:341 #, c-format msgid "Running as UID 0.\n" msgstr "" #: src/getcert.c:342 #, c-format msgid "Launching temporary dedicated service daemon.\n" msgstr "" #: src/getcert.c:371 #, c-format msgid "Error connecting to D-Bus.\n" msgstr "" #: src/getcert.c:372 src/tdbusm.c:2166 #, c-format msgid "Please verify that the message bus (D-Bus) service is running.\n" msgstr "請驗證訊息匯流排 (D-Bus) 服務是否正在執行。\n" #: src/getcert.c:379 #, c-format msgid "Error creating DBus request message.\n" msgstr "建立 DBus 請求訊息時發生錯誤。\n" #: src/getcert.c:393 #, c-format msgid "missing argument for %s" msgstr "" #: src/getcert.c:398 #, fuzzy msgid "missing argument" msgstr "可有可無的引數:\n" #: src/getcert.c:401 #, fuzzy, c-format msgid "unrecognized option %s" msgstr "%s:指令無法辨識\n" #: src/getcert.c:406 #, fuzzy msgid "unrecognized option" msgstr "%s:指令無法辨識\n" #: src/getcert.c:409 msgid "aliases nested too deeply" msgstr "" #: src/getcert.c:412 msgid "bad parameter quoting" msgstr "" #: src/getcert.c:418 msgid "invalid numeric value" msgstr "" #: src/getcert.c:421 msgid "number too large or too small" msgstr "" #: src/getcert.c:424 msgid "bad operation" msgstr "" #: src/getcert.c:427 #, fuzzy msgid "internal error" msgstr "發生內部錯誤。" #: src/getcert.c:430 #, fuzzy msgid "out of memory" msgstr "" "記憶體不足。\n" "\n" #: src/getcert.c:434 msgid "error in popt configuration file" msgstr "" #: src/getcert.c:477 #, c-format msgid "Error %s: %s\n" msgstr "錯誤 %s:%s\n" #: src/getcert.c:481 #, c-format msgid "Error %s\n" msgstr "錯誤 %s\n" #: src/getcert.c:487 #, c-format msgid "Error: %s\n" msgstr "錯誤:%s\n" #: src/getcert.c:489 #, c-format msgid "Received error response from local %s service.\n" msgstr "從本地 %s 服務接收到錯誤回應。\n" #: src/getcert.c:495 #, c-format msgid "No response received from %s service.\n" msgstr "沒有從 %s 服務接收到回應。\n" #: src/getcert.c:699 src/getcert.c:3978 #, c-format msgid "State %s, stuck: %s.\n" msgstr "" #: src/getcert.c:768 src/getcert.c:1846 src/getcert.c:2500 src/getcert.c:3100 #: src/getcert.c:3354 src/getcert.c:3875 msgid "NSS database for key and cert" msgstr "" #: src/getcert.c:769 src/getcert.c:1847 src/getcert.c:2501 src/getcert.c:3101 #: src/getcert.c:3355 src/getcert.c:3876 msgid "nickname for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:770 src/getcert.c:1848 src/getcert.c:2502 src/getcert.c:3102 #: src/getcert.c:3356 src/getcert.c:3877 msgid "optional token name for NSS-based storage (only valid with -d)" msgstr "" #: src/getcert.c:771 msgid "PEM file for private key" msgstr "" #: src/getcert.c:772 msgid "PEM file for certificate (only valid with -k)" msgstr "" #: src/getcert.c:773 src/getcert.c:1851 src/getcert.c:2508 msgid "file which holds the private key encryption PIN" msgstr "" #: src/getcert.c:774 src/getcert.c:1852 src/getcert.c:2509 msgid "private key encryption PIN" msgstr "" #: src/getcert.c:775 src/getcert.c:1853 src/getcert.c:2510 msgid "owner information for private key" msgstr "" #: src/getcert.c:776 src/getcert.c:1854 src/getcert.c:2511 msgid "file permissions for private key" msgstr "" #: src/getcert.c:777 src/getcert.c:1855 src/getcert.c:2512 msgid "owner information for certificate" msgstr "" #: src/getcert.c:778 src/getcert.c:1856 src/getcert.c:2513 msgid "file permissions for certificate" msgstr "" #: src/getcert.c:779 src/getcert.c:1857 src/getcert.c:2514 msgid "NSS database in which to store the CA's certificates" msgstr "" #: src/getcert.c:780 src/getcert.c:1858 src/getcert.c:2515 msgid "file in which to store the CA's certificates" msgstr "" #: src/getcert.c:781 src/getcert.c:1859 src/getcert.c:2516 msgid "command to run before saving the certificate" msgstr "" #: src/getcert.c:782 src/getcert.c:1860 src/getcert.c:2517 msgid "command to run after saving the certificate" msgstr "" #: src/getcert.c:783 msgid "nickname to assign to the request" msgstr "" #: src/getcert.c:784 msgid "type of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:785 msgid "size of key to be generated if one is not already in place" msgstr "" #: src/getcert.c:786 src/getcert.c:1863 msgid "attempt to renew the certificate when expiration nears (default)" msgstr "" #: src/getcert.c:787 src/getcert.c:1864 msgid "don't attempt to renew the certificate when expiration nears" msgstr "" #: src/getcert.c:789 src/getcert.c:1866 msgid "use the specified CA configuration rather than the default" msgstr "" #: src/getcert.c:791 src/getcert.c:1868 src/getcert.c:2521 msgid "ask the CA to process the request using the named profile or template" msgstr "" #: src/getcert.c:792 src/getcert.c:1869 src/getcert.c:2522 msgid "ask the CA to process the request using the named issuer" msgstr "" #: src/getcert.c:793 src/getcert.c:2523 msgid "set requested subject name (default: CN=)" msgstr "" #: src/getcert.c:794 src/getcert.c:2524 msgid "set requested key usage value" msgstr "" #: src/getcert.c:795 src/getcert.c:2525 msgid "set requested extended key usage OID" msgstr "" #: src/getcert.c:796 src/getcert.c:2526 msgid "set requested principal name" msgstr "" #: src/getcert.c:797 src/getcert.c:2527 msgid "set requested DNS name" msgstr "" #: src/getcert.c:798 src/getcert.c:2528 msgid "set requested email address" msgstr "" #: src/getcert.c:799 src/getcert.c:2529 msgid "set requested IP address" msgstr "" #: src/getcert.c:800 src/getcert.c:1876 src/getcert.c:2530 msgid "file which holds an optional challenge password value" msgstr "" #: src/getcert.c:801 src/getcert.c:1877 src/getcert.c:2531 msgid "an optional challenge password value" msgstr "" #: src/getcert.c:802 src/getcert.c:1878 src/getcert.c:2532 msgid "request a CA certificate" msgstr "" #: src/getcert.c:803 src/getcert.c:1879 src/getcert.c:2533 msgid "request a non-CA certificate" msgstr "" #: src/getcert.c:804 src/getcert.c:1880 src/getcert.c:2534 msgid "path length for CA certificate" msgstr "" #: src/getcert.c:805 src/getcert.c:1881 src/getcert.c:2535 msgid "try to wait for the certificate to be issued" msgstr "" #: src/getcert.c:806 src/getcert.c:1882 src/getcert.c:2536 msgid "maximum time to wait for the certificate to be issued" msgstr "" #: src/getcert.c:807 src/getcert.c:1883 src/getcert.c:2537 src/getcert.c:3105 #: src/getcert.c:3360 src/getcert.c:3880 src/getcert.c:4038 src/getcert.c:4270 #: src/getcert.c:4366 src/getcert.c:4463 src/getcert.c:4591 src/getcert.c:4679 msgid "connect to the certmonger service on the session bus" msgstr "" #: src/getcert.c:808 src/getcert.c:1884 src/getcert.c:2538 src/getcert.c:3106 #: src/getcert.c:3361 src/getcert.c:3881 src/getcert.c:4039 src/getcert.c:4271 #: src/getcert.c:4367 src/getcert.c:4464 src/getcert.c:4592 src/getcert.c:4680 msgid "connect to the certmonger service on the system bus" msgstr "" #: src/getcert.c:825 src/getcert.c:1893 src/getcert.c:2547 #, c-format msgid "Error initializing Kerberos library: %s.\n" msgstr "初始化 Kerberos 函式庫時發生錯誤:%s。\n" #: src/getcert.c:889 src/getcert.c:2619 #, c-format msgid "No support for generating \"%s\" keys.\n" msgstr "" #: src/getcert.c:891 src/getcert.c:2621 #, c-format msgid "Known key types include:" msgstr "" #: src/getcert.c:931 src/getcert.c:1983 src/getcert.c:2643 #, c-format msgid "Unrecognized keyUsage \"%s\".\n" msgstr "" #: src/getcert.c:941 src/getcert.c:1993 src/getcert.c:2653 #, c-format msgid "Could not evaluate OID \"%s\".\n" msgstr "無法評估 OID 「%s」。\n" #: src/getcert.c:952 src/getcert.c:2004 src/getcert.c:2664 #, c-format msgid "Error parsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:961 src/getcert.c:2013 src/getcert.c:2673 #, c-format msgid "Error unparsing Kerberos principal name \"%s\": %s.\n" msgstr "" #: src/getcert.c:1016 src/getcert.c:2068 src/getcert.c:2728 #, c-format msgid "%s: invalid value -- '%s'\n" msgstr "" #: src/getcert.c:1039 src/getcert.c:2096 src/getcert.c:2751 src/getcert.c:3176 #: src/getcert.c:3422 src/getcert.c:4073 #, c-format msgid "%s: option requires an argument -- '%c'\n" msgstr "%s:選項必需引數 -- '%c'\n" #: src/getcert.c:1043 src/getcert.c:2099 src/getcert.c:2754 src/getcert.c:3180 #: src/getcert.c:3426 src/getcert.c:4076 #, c-format msgid "%s: invalid option -- '%c'\n" msgstr "%s:選項無效 -- '%c'\n" #: src/getcert.c:1057 #, c-format msgid "Error: unused extra argument \"%s\".\n" msgstr "" #: src/getcert.c:1060 src/getcert.c:2115 src/getcert.c:2767 src/getcert.c:3200 #: src/getcert.c:3439 src/getcert.c:3938 src/getcert.c:4089 src/getcert.c:4321 #: src/getcert.c:4416 src/getcert.c:4518 src/getcert.c:4641 src/getcert.c:4724 #, c-format msgid "Error: unused extra arguments were supplied.\n" msgstr "" #: src/getcert.c:1066 src/getcert.c:2121 src/getcert.c:2381 src/getcert.c:2791 #, c-format msgid "Database location or nickname specified without the other.\n" msgstr "" #: src/getcert.c:1072 src/getcert.c:2127 src/getcert.c:2387 src/getcert.c:2797 #, c-format msgid "Database directory and certificate file both specified.\n" msgstr "" #: src/getcert.c:1080 src/getcert.c:2395 src/getcert.c:2805 #, c-format msgid "" "None of database directory and nickname or certificate file specified.\n" msgstr "" #: src/getcert.c:1087 src/getcert.c:2143 #, c-format msgid "Key and certificate can not both be saved to the same file.\n" msgstr "" #: src/getcert.c:1114 #, c-format msgid "" "The IPA backend requires the use of the -K option (principal name) when any " "of the -N (subject name), -E (email address), -A (IP address), -D (DNS " "name), or -U (extendedKeyUsage) options is used.\n" msgstr "" #: src/getcert.c:1296 src/getcert.c:1762 src/getcert.c:2272 src/getcert.c:2867 #: src/getcert.c:3208 src/getcert.c:3447 src/getcert.c:4731 #, c-format msgid "No CA with name \"%s\" found.\n" msgstr "找不到名稱為「%s」的 CA。\n" #: src/getcert.c:1404 src/getcert.c:1791 src/getcert.c:2348 src/getcert.c:2435 #: src/getcert.c:3015 src/getcert.c:4424 src/getcert.c:4542 src/getcert.c:4561 #: src/getcert.c:4651 src/getcert.c:4737 #, c-format msgid "Error setting request arguments.\n" msgstr "設定請求參數時發生錯誤。\n" #: src/getcert.c:1415 #, c-format msgid "New signing request \"%s\" added.\n" msgstr "已加入新增的簽署請求「%s」。\n" #: src/getcert.c:1421 #, c-format msgid "New signing request could not be added.\n" msgstr "無法加入新增的簽署請求。\n" #: src/getcert.c:1802 #, c-format msgid "New tracking request \"%s\" added.\n" msgstr "已加入新增的追蹤請求「%s」。\n" #: src/getcert.c:1809 #, c-format msgid "New tracking request could not be added.\n" msgstr "無法加入新增的追蹤請求。\n" #: src/getcert.c:1849 msgid "PEM file for private key (only valid with -f)" msgstr "" #: src/getcert.c:1850 src/getcert.c:2503 src/getcert.c:3103 src/getcert.c:3357 #: src/getcert.c:3878 msgid "PEM file for certificate" msgstr "" #: src/getcert.c:1861 msgid "nickname of an existing request" msgstr "" #: src/getcert.c:1862 msgid "nickname to give to tracking request" msgstr "" #: src/getcert.c:1870 msgid "override requested key usage value" msgstr "" #: src/getcert.c:1871 msgid "override requested extended key usage OID" msgstr "" #: src/getcert.c:1872 msgid "override requested principal name" msgstr "" #: src/getcert.c:1873 msgid "override requested DNS name" msgstr "" #: src/getcert.c:1874 msgid "override requested email address" msgstr "" #: src/getcert.c:1875 msgid "override requested IP address" msgstr "" #: src/getcert.c:2136 src/getcert.c:3194 #, c-format msgid "" "None of ID or database directory and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:2362 #, c-format msgid "Request \"%s\" modified.\n" msgstr "" #: src/getcert.c:2366 #, c-format msgid "Request \"%s\" could not be modified.\n" msgstr "" #: src/getcert.c:2374 src/getcert.c:2784 src/getcert.c:3454 src/getcert.c:3946 #, c-format msgid "No request found with specified nickname.\n" msgstr "找不到指定暱稱的請求。\n" #: src/getcert.c:2426 src/getcert.c:2811 src/getcert.c:3465 src/getcert.c:3957 #, c-format msgid "No request found that matched arguments.\n" msgstr "" #: src/getcert.c:2445 #, c-format msgid "Request \"%s\" removed.\n" msgstr "" #: src/getcert.c:2449 #, c-format msgid "Request \"%s\" could not be removed.\n" msgstr "" #: src/getcert.c:2504 src/getcert.c:3104 src/getcert.c:3358 src/getcert.c:3879 msgid "nickname for tracking request" msgstr "" #: src/getcert.c:2505 msgid "new nickname to give to tracking request" msgstr "" #: src/getcert.c:2506 msgid "type of new key to be generated" msgstr "" #: src/getcert.c:2507 msgid "size of new key to be generated" msgstr "" #: src/getcert.c:2519 msgid "use the specified CA configuration rather than the current one" msgstr "" #: src/getcert.c:3029 #, c-format msgid "Error modifying \"%s\".\n" msgstr "" #: src/getcert.c:3045 #, c-format msgid "Resubmitting \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3048 #, c-format msgid "Resubmitting \"%s\".\n" msgstr "" #: src/getcert.c:3057 #, c-format msgid "Error attempting to submit \"%s\" to \"%s\".\n" msgstr "" #: src/getcert.c:3060 #, c-format msgid "Error attempting to submit \"%s\".\n" msgstr "" #: src/getcert.c:3096 msgid "refresh information about all outstanding requests" msgstr "" #: src/getcert.c:3098 msgid "" "refresh information only for requests using the specified CA configuration" msgstr "" #: src/getcert.c:3290 #, c-format msgid "Request ID '%s' being refreshed.\n" msgstr "" #: src/getcert.c:3292 #, c-format msgid "Request ID '%s' NOT being refreshed.\n" msgstr "" #: src/getcert.c:3349 msgid "list only information about outstanding requests" msgstr "" #: src/getcert.c:3350 msgid "list only information about tracked certificates" msgstr "" #: src/getcert.c:3352 msgid "list only requests and certs associated with this CA configuration" msgstr "" #: src/getcert.c:3359 msgid "display times in UTC instead of local time" msgstr "" #: src/getcert.c:3476 #, c-format msgid "Number of certificates and requests being tracked: %d.\n" msgstr "" #: src/getcert.c:3625 #, c-format msgid "Request ID '%s':\n" msgstr "請求 ID「%s」:\n" #: src/getcert.c:3626 #, c-format msgid "\tstatus: %s\n" msgstr "\t狀態:%s\n" #: src/getcert.c:3630 #, c-format msgid "\tca-error: %s\n" msgstr "\tca-錯誤:%s\n" #: src/getcert.c:3632 #, c-format msgid "\tstuck: %s\n" msgstr "" #: src/getcert.c:3652 #, c-format msgid "\tkey pair storage: type=%s" msgstr "" #: src/getcert.c:3652 msgid "NONE" msgstr "無" #: src/getcert.c:3654 #, c-format msgid ",location='%s'" msgstr "、位置='%s'" #: src/getcert.c:3657 src/getcert.c:3679 #, c-format msgid ",nickname='%s'" msgstr "、暱稱='%s'" #: src/getcert.c:3660 src/getcert.c:3682 #, c-format msgid ",token='%s'" msgstr "、token='%s'" #: src/getcert.c:3663 #, c-format msgid ",pin set" msgstr "" #: src/getcert.c:3666 #, c-format msgid ",pinfile='%s'" msgstr "、pin檔案='%s'" #: src/getcert.c:3677 #, c-format msgid "\tcertificate: type=%s,location='%s'" msgstr "\t憑證:類型=%s、位置='%s'" #: src/getcert.c:3693 #, c-format msgid "\tsigning request thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:3698 #, c-format msgid "\tsigning request thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:3715 #, c-format msgid "\tCA: %s\n" msgstr "\tCA:%s\n" #: src/getcert.c:3717 #, c-format msgid "\tissuer: %s\n" msgstr "" #: src/getcert.c:3718 #, c-format msgid "\tsubject: %s\n" msgstr "" #: src/getcert.c:3719 msgid "unknown" msgstr "未知" #: src/getcert.c:3723 src/getcert.c:3727 src/getcert.c:3732 #, c-format msgid "\texpires: %s\n" msgstr "\t失效日期:%s\n" #: src/getcert.c:3736 msgid "\temail: " msgstr "\t電郵:" #: src/getcert.c:3742 msgid "\tdns: " msgstr "\tdns:" #: src/getcert.c:3748 msgid "\tprincipal name: " msgstr "\tprincipal 名稱:" #: src/getcert.c:3756 msgid "\tIP address: " msgstr "" #: src/getcert.c:3775 #, c-format msgid "\tkey usage: %s\n" msgstr "" #: src/getcert.c:3779 msgid "\teku: " msgstr "\teku:" #: src/getcert.c:3787 #, c-format msgid "\tcertificate template/profile: %s\n" msgstr "" #: src/getcert.c:3793 src/getcert.c:4154 #, c-format msgid "\troot certificates saved to files:\n" msgstr "" #: src/getcert.c:3802 src/getcert.c:4163 #, c-format msgid "\tother root certificates saved to files:\n" msgstr "" #: src/getcert.c:3811 src/getcert.c:4172 #, c-format msgid "\tother certificates saved to files:\n" msgstr "" #: src/getcert.c:3820 src/getcert.c:4181 #, c-format msgid "\troot certificates saved to databases:\n" msgstr "" #: src/getcert.c:3829 src/getcert.c:4190 #, c-format msgid "\tother root certificates saved to databases:\n" msgstr "" #: src/getcert.c:3838 src/getcert.c:4199 #, c-format msgid "\tother certificates saved to databases:\n" msgstr "" #: src/getcert.c:3843 src/getcert.c:4245 #, c-format msgid "\tpre-save command: %s\n" msgstr "" #: src/getcert.c:3846 src/getcert.c:4251 #, c-format msgid "\tpost-save command: %s\n" msgstr "" #: src/getcert.c:3849 #, c-format msgid "\ttrack: %s\n" msgstr "\ttrack:%s\n" #: src/getcert.c:3853 #, c-format msgid "\tauto-renew: %s\n" msgstr "\t自動更新:%s\n" #: src/getcert.c:3961 #, c-format msgid "" "None of ID or database directory and and nickname or certificate file " "specified.\n" msgstr "" #: src/getcert.c:4036 msgid "list only the specified CA configuration" msgstr "" #: src/getcert.c:4104 #, c-format msgid "CA '%s':\n" msgstr "CA「%s」:\n" #: src/getcert.c:4110 #, c-format msgid "\tself-identifies as: %s\n" msgstr "" #: src/getcert.c:4119 #, c-format msgid "\tca-type: %s\n" msgstr "\tca-類型:%s\n" #: src/getcert.c:4121 #, c-format msgid "\thelper-location: %s\n" msgstr "\thelper-位置:%s\n" #: src/getcert.c:4126 #, c-format msgid "\tnext-serial-number: %s\n" msgstr "\t下個序號:%s\n" #: src/getcert.c:4136 #, c-format msgid "\tknown-issuer-names:\n" msgstr "\tknown-issuer-names:\n" #: src/getcert.c:4145 #, c-format msgid "\tknown profiles/templates/certtypes:\n" msgstr "" #: src/getcert.c:4208 #, c-format msgid "\tdefault profile/template/certtype: %s\n" msgstr "" #: src/getcert.c:4216 #, c-format msgid "\tSCEP CA identifier: %s\n" msgstr "" #: src/getcert.c:4229 #, c-format msgid "\tSCEP CA certificate thumbprint (MD5): %s\n" msgstr "" #: src/getcert.c:4235 #, c-format msgid "\tSCEP CA certificate thumbprint (SHA1): %s\n" msgstr "" #: src/getcert.c:4267 msgid "refresh information about the CA configuration with this name" msgstr "" #: src/getcert.c:4269 msgid "refresh information about all known CAs" msgstr "" #: src/getcert.c:4316 #, c-format msgid "Neither CA nickname nor -a flag specified.\n" msgstr "" #: src/getcert.c:4342 #, c-format msgid "Data for CA '%s' being refreshed.\n" msgstr "" #: src/getcert.c:4344 #, c-format msgid "Data for unnamed CA being refreshed.\n" msgstr "" #: src/getcert.c:4347 #, c-format msgid "\terror refreshing CA data\n" msgstr "" #: src/getcert.c:4364 src/getcert.c:4456 msgid "nickname to give to the new CA configuration" msgstr "" #: src/getcert.c:4365 msgid "helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4406 src/getcert.c:4503 src/getcert.c:4631 src/getcert.c:4719 #, c-format msgid "CA nickname not specified.\n" msgstr "" #: src/getcert.c:4411 src/getcert.c:4636 #, c-format msgid "CA helper command not specified.\n" msgstr "" #: src/getcert.c:4435 src/getcert.c:4553 #, c-format msgid "New CA \"%s\" added.\n" msgstr "" #: src/getcert.c:4438 src/getcert.c:4573 #, c-format msgid "New CA could not be added.\n" msgstr "" #: src/getcert.c:4457 msgid "location of SCEP server" msgstr "" #: src/getcert.c:4458 msgid "CA identifier" msgstr "" #: src/getcert.c:4459 msgid "file containing CA's certificate" msgstr "" #: src/getcert.c:4460 msgid "file containing RA's certificate" msgstr "" #: src/getcert.c:4461 msgid "file containing certificates in RA's certifying chain" msgstr "" #: src/getcert.c:4462 msgid "prefer to not use the SCEP Renewal feature" msgstr "" #: src/getcert.c:4508 #, c-format msgid "server URL not specified.\n" msgstr "" #: src/getcert.c:4513 #, c-format msgid "HTTPS requires a CA certificate.\n" msgstr "" #: src/getcert.c:4535 #, c-format msgid "Error building command line.\n" msgstr "" #: src/getcert.c:4567 #, c-format msgid "Error setting CA identifier.\n" msgstr "" #: src/getcert.c:4589 msgid "nickname of the CA configuration" msgstr "" #: src/getcert.c:4590 msgid "updated helper command to run to communicate with CA" msgstr "" #: src/getcert.c:4658 #, c-format msgid "CA \"%s\" modified.\n" msgstr "" #: src/getcert.c:4661 #, c-format msgid "CA could not be modified.\n" msgstr "" #: src/getcert.c:4678 msgid "nickname of CA configuration to remove" msgstr "" #: src/getcert.c:4747 #, c-format msgid "CA \"%s\" removed.\n" msgstr "" #: src/getcert.c:4749 #, c-format msgid "CA could not be removed.\n" msgstr "" #: src/getcert.c:4787 #, c-format msgid "%s - client certificate enrollment tool\n" msgstr "%s - 客戶端憑證註冊工具\n" #: src/getcert.c:4791 #, c-format msgid "Usage: %s request [options]\n" msgstr "用法:%s 請求 [選項]\n" #: src/getcert.c:4793 src/getcert.c:4842 src/getcert.c:4890 src/getcert.c:4912 #: src/getcert.c:4960 src/getcert.c:5038 msgid "Required arguments:\n" msgstr "請求的參數:\n" #: src/getcert.c:4794 src/getcert.c:4845 src/getcert.c:4893 src/getcert.c:4915 #: src/getcert.c:4963 src/getcert.c:5020 src/getcert.c:5041 msgid "* If using an NSS database for storage:\n" msgstr "* 如以 NSS 資料庫作為儲存:\n" #: src/getcert.c:4795 src/getcert.c:4846 src/getcert.c:4894 src/getcert.c:4916 #: src/getcert.c:4964 src/getcert.c:5042 msgid " -d DIR\tNSS database for key and cert\n" msgstr " -d 目錄\t金鑰及憑證的 NSS 資料庫\n" #: src/getcert.c:4796 src/getcert.c:4847 src/getcert.c:4895 src/getcert.c:4917 #: src/getcert.c:4965 src/getcert.c:5043 msgid " -n NAME\tnickname for NSS-based storage (only valid with -d)\n" msgstr " -n 名稱\t基於 NSS 的儲存裝置的暱稱 (只有與 -d 一起用才有效)\n" #: src/getcert.c:4797 src/getcert.c:4848 src/getcert.c:4896 src/getcert.c:4918 #: src/getcert.c:4966 src/getcert.c:5044 msgid "" " -t NAME\toptional token name for NSS-based storage (only valid with -d)\n" msgstr "" " -t 名稱\t基於 NSS 的儲存裝置的 token 名稱 (可有可無;只有與 -d 一起用才有" "效)\n" #: src/getcert.c:4798 src/getcert.c:4849 src/getcert.c:4897 src/getcert.c:4919 #: src/getcert.c:4967 src/getcert.c:5023 src/getcert.c:5045 msgid "* If using files for storage:\n" msgstr "* 如以檔案作為儲存:\n" #: src/getcert.c:4799 src/getcert.c:4850 src/getcert.c:4898 msgid " -k FILE\tPEM file for private key\n" msgstr " -k 檔案\t私鑰的 PEM 檔案\n" #: src/getcert.c:4800 src/getcert.c:4851 src/getcert.c:4899 msgid " -f FILE\tPEM file for certificate (only valid with -k)\n" msgstr " -f 檔案\t憑證的 PEM 檔案 (只有與 -k 一起用才有效)\n" #: src/getcert.c:4801 msgid "* If keys are to be encrypted:\n" msgstr "* 如金鑰要加密:\n" #: src/getcert.c:4802 src/getcert.c:4853 src/getcert.c:4923 src/getcert.c:4971 msgid " -p FILE\tfile which holds the encryption PIN\n" msgstr " -p 檔案\t儲存加密 PIN 的檔案\n" #: src/getcert.c:4803 src/getcert.c:4854 src/getcert.c:4924 src/getcert.c:4972 msgid " -P PIN\tPIN value\n" msgstr " -P PIN\tPIN 值\n" #: src/getcert.c:4805 src/getcert.c:4856 src/getcert.c:4901 src/getcert.c:4937 #: src/getcert.c:4985 src/getcert.c:5010 src/getcert.c:5048 src/getcert.c:5058 #: src/getcert.c:5076 src/getcert.c:5091 src/getcert.c:5108 src/getcert.c:5122 #: src/getcert.c:5141 src/getcert.c:5155 msgid "Optional arguments:\n" msgstr "可有可無的引數:\n" #: src/getcert.c:4806 src/getcert.c:4857 src/getcert.c:4938 src/getcert.c:4986 msgid "* Certificate handling settings:\n" msgstr "* 憑證處理設定:\n" #: src/getcert.c:4807 msgid " -I NAME\tnickname to assign to the request\n" msgstr "" #: src/getcert.c:4808 msgid " -G TYPE\ttype of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4809 msgid " -g SIZE\tsize of key to be generated if one is not already in place\n" msgstr "" #: src/getcert.c:4810 src/getcert.c:4859 msgid "" " -r\t\tattempt to renew the certificate when expiration nears (default)\n" msgstr "" #: src/getcert.c:4811 src/getcert.c:4860 msgid " -R\t\tdon't attempt to renew the certificate when expiration nears\n" msgstr "" #: src/getcert.c:4813 src/getcert.c:4862 msgid " -c CA\t\tuse the specified CA rather than the default\n" msgstr "" #: src/getcert.c:4815 src/getcert.c:4864 src/getcert.c:4943 src/getcert.c:4991 msgid "" " -T PROFILE\task the CA to process the request using the named profile or " "template\n" msgstr "" #: src/getcert.c:4816 src/getcert.c:4865 src/getcert.c:4944 src/getcert.c:4992 msgid " -X ISSUER\task the CA to process the request using the named issuer\n" msgstr "" #: src/getcert.c:4817 msgid "* Parameters for the signing request:\n" msgstr "" #: src/getcert.c:4818 src/getcert.c:4927 src/getcert.c:4975 msgid " -N NAME\tset requested subject name (default: CN=)\n" msgstr "" #: src/getcert.c:4819 src/getcert.c:4928 src/getcert.c:4976 msgid " -U EXTUSAGE\tset requested extended key usage OID\n" msgstr "" #: src/getcert.c:4820 src/getcert.c:4868 src/getcert.c:4929 src/getcert.c:4977 msgid " -u KEYUSAGE\tset requested key usage value\n" msgstr "" #: src/getcert.c:4821 src/getcert.c:4930 src/getcert.c:4978 msgid " -K NAME\tset requested principal name\n" msgstr "" #: src/getcert.c:4822 src/getcert.c:4931 src/getcert.c:4979 msgid " -D DNSNAME\tset requested DNS name\n" msgstr "" #: src/getcert.c:4823 src/getcert.c:4932 src/getcert.c:4980 msgid " -E EMAIL\tset requested email address\n" msgstr "" #: src/getcert.c:4824 src/getcert.c:4933 src/getcert.c:4981 msgid " -A ADDRESS\tset requested IP address\n" msgstr "" #: src/getcert.c:4825 src/getcert.c:4873 src/getcert.c:4934 src/getcert.c:4982 msgid " -l FILE\tfile which holds an optional challenge password\n" msgstr "" #: src/getcert.c:4826 src/getcert.c:4874 src/getcert.c:4935 src/getcert.c:4983 msgid " -L PASSWORD\tan optional challenge password value\n" msgstr "" #: src/getcert.c:4827 src/getcert.c:4875 src/getcert.c:4902 src/getcert.c:4945 #: src/getcert.c:4995 src/getcert.c:5025 src/getcert.c:5049 src/getcert.c:5066 #: src/getcert.c:5081 src/getcert.c:5097 src/getcert.c:5112 src/getcert.c:5131 #: src/getcert.c:5145 src/getcert.c:5158 msgid "* Bus options:\n" msgstr "* 匯流排選項:\n" #: src/getcert.c:4828 src/getcert.c:4876 src/getcert.c:4903 src/getcert.c:4946 #: src/getcert.c:4996 src/getcert.c:5050 msgid " -S\t\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:4829 src/getcert.c:4877 src/getcert.c:4904 src/getcert.c:4947 #: src/getcert.c:4997 src/getcert.c:5051 msgid " -s\t\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:4830 src/getcert.c:4878 src/getcert.c:4905 src/getcert.c:4948 #: src/getcert.c:4998 src/getcert.c:5028 src/getcert.c:5069 src/getcert.c:5084 #: src/getcert.c:5100 src/getcert.c:5115 src/getcert.c:5134 src/getcert.c:5148 #: src/getcert.c:5161 msgid "* Other options:\n" msgstr "* 其他選項:\n" #: src/getcert.c:4831 src/getcert.c:4879 src/getcert.c:4949 src/getcert.c:4999 msgid " -B\tcommand to run before saving the certificate\n" msgstr "" #: src/getcert.c:4832 src/getcert.c:4880 src/getcert.c:4950 src/getcert.c:5000 msgid " -C\tcommand to run after saving the certificate\n" msgstr "" #: src/getcert.c:4833 src/getcert.c:4881 src/getcert.c:4951 src/getcert.c:5001 msgid " -F\tfile in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4834 src/getcert.c:4882 src/getcert.c:4952 src/getcert.c:5002 msgid " -a\tNSS database in which to store the CA's certificates\n" msgstr "" #: src/getcert.c:4835 src/getcert.c:4883 src/getcert.c:4953 src/getcert.c:5003 msgid " -w\ttry to wait for the certificate to be issued\n" msgstr "" #: src/getcert.c:4836 src/getcert.c:4884 src/getcert.c:4906 src/getcert.c:4954 #: src/getcert.c:5004 src/getcert.c:5029 src/getcert.c:5052 src/getcert.c:5070 #: src/getcert.c:5085 src/getcert.c:5101 src/getcert.c:5116 src/getcert.c:5135 #: src/getcert.c:5149 src/getcert.c:5162 msgid " -v\treport all details of errors\n" msgstr " -v\t報告錯誤的所有詳情\n" #: src/getcert.c:4840 #, c-format msgid "Usage: %s start-tracking [options]\n" msgstr "用法:%s start-tracking [選項]\n" #: src/getcert.c:4843 msgid "* If modifying an existing request:\n" msgstr "" #: src/getcert.c:4844 msgid " -i NAME\tnickname of an existing tracking request\n" msgstr "" #: src/getcert.c:4852 src/getcert.c:4922 src/getcert.c:4970 msgid "* If keys are encrypted:\n" msgstr "* 如金鑰已加密:\n" #: src/getcert.c:4858 msgid " -I NAME\tnickname to give to tracking request\n" msgstr "" #: src/getcert.c:4866 msgid "* Parameters for the signing request at renewal time:\n" msgstr "" #: src/getcert.c:4867 msgid " -U EXTUSAGE\toverride requested extended key usage OID\n" msgstr "" #: src/getcert.c:4869 msgid " -K NAME\toverride requested principal name\n" msgstr "" #: src/getcert.c:4870 msgid " -D DNSNAME\toverride requested DNS name\n" msgstr "" #: src/getcert.c:4871 msgid " -E EMAIL\toverride requested email address\n" msgstr "" #: src/getcert.c:4872 msgid " -A ADDRESS\toverride requested IP address\n" msgstr "" #: src/getcert.c:4888 #, c-format msgid "Usage: %s stop-tracking [options]\n" msgstr "用法:%s stop-tracking [選項]\n" #: src/getcert.c:4891 src/getcert.c:4913 src/getcert.c:4961 src/getcert.c:5039 msgid "* By request identifier:\n" msgstr "" #: src/getcert.c:4892 src/getcert.c:4914 src/getcert.c:4962 src/getcert.c:5019 #: src/getcert.c:5040 src/getcert.c:5060 msgid " -i NAME\tnickname for tracking request\n" msgstr "" #: src/getcert.c:4910 #, c-format msgid "Usage: %s resubmit [options]\n" msgstr "用法:%s resubmit [選項]\n" #: src/getcert.c:4920 src/getcert.c:4968 src/getcert.c:5046 msgid " -f FILE\tPEM file for certificate\n" msgstr " -f 檔案\t憑證的 PEM 檔案\n" #: src/getcert.c:4926 src/getcert.c:4974 msgid "* New parameter values for the signing request:\n" msgstr "" #: src/getcert.c:4939 src/getcert.c:4987 msgid " -I NAME\tnew nickname to give to tracking request\n" msgstr "" #: src/getcert.c:4941 src/getcert.c:4989 msgid " -c CA\t\tuse the specified CA rather than the current one\n" msgstr "" #: src/getcert.c:4958 #, c-format msgid "Usage: %s rekey [options]\n" msgstr "" #: src/getcert.c:4993 msgid " -G TYPE\ttype of new key to be generated\n" msgstr "" #: src/getcert.c:4994 msgid " -g SIZE\tsize of new key to be generated\n" msgstr "" #: src/getcert.c:5008 #, c-format msgid "Usage: %s list [options]\n" msgstr "用法:%s list [選項]\n" #: src/getcert.c:5011 src/getcert.c:5035 src/getcert.c:5078 src/getcert.c:5093 #: src/getcert.c:5109 src/getcert.c:5123 src/getcert.c:5142 src/getcert.c:5156 msgid "* General options:\n" msgstr "* 一般選項:\n" #: src/getcert.c:5013 msgid " -c CA\tlist only requests and certs associated with this CA\n" msgstr " -c CA\t只列出與此 CA 有關的請求與憑證\n" #: src/getcert.c:5015 msgid " -r\tlist only information about outstanding requests\n" msgstr "" #: src/getcert.c:5016 msgid " -t\tlist only information about tracked certificates\n" msgstr "" #: src/getcert.c:5017 msgid " -u\tdisplay times in UTC instead of local time\n" msgstr "" #: src/getcert.c:5018 msgid "* If selecting a specific request:\n" msgstr "" #: src/getcert.c:5021 msgid " -d DIR\tonly list requests and certs which use this NSS database\n" msgstr " -d 目錄\t只列出使用此 NSS 資料庫的請求及憑證\n" #: src/getcert.c:5022 msgid " -n NAME\tonly list requests and certs which use this nickname\n" msgstr " -n 名稱\t只列出使用此暱稱的請求及憑證\n" #: src/getcert.c:5024 msgid " -f FILE\tonly list requests and certs stored in this PEM file\n" msgstr " -f 檔案\t只列出儲存於此 PEM 檔案的請求及憑證\n" #: src/getcert.c:5026 src/getcert.c:5067 src/getcert.c:5082 src/getcert.c:5098 #: src/getcert.c:5113 src/getcert.c:5132 src/getcert.c:5146 src/getcert.c:5159 msgid " -S\tconnect to the certmonger service on the system bus\n" msgstr "" #: src/getcert.c:5027 src/getcert.c:5068 src/getcert.c:5083 src/getcert.c:5099 #: src/getcert.c:5114 src/getcert.c:5133 src/getcert.c:5147 src/getcert.c:5160 msgid " -s\tconnect to the certmonger service on the session bus\n" msgstr "" #: src/getcert.c:5033 #, c-format msgid "Usage: %s refresh [options]\n" msgstr "" #: src/getcert.c:5036 msgid " -a\trefresh information about all outstanding requests\n" msgstr "" #: src/getcert.c:5056 #, c-format msgid "Usage: %s status [options]\n" msgstr "" #: src/getcert.c:5059 msgid "* Selecting a specific request:\n" msgstr "" #: src/getcert.c:5061 msgid "* When using an NSS database for storage:\n" msgstr "" #: src/getcert.c:5062 msgid " -d DIR\treturn status for the request in this NSS database\n" msgstr "" #: src/getcert.c:5063 msgid " -n NAME\treturn status for cert which uses this nickname\n" msgstr "" #: src/getcert.c:5064 msgid "* When using files for storage:\n" msgstr "" #: src/getcert.c:5065 msgid " -f FILE\treturn status for cert stored in this PEM file\n" msgstr "" #: src/getcert.c:5074 #, c-format msgid "Usage: %s list-cas [options]\n" msgstr "用法:%s list-cas [選項]\n" #: src/getcert.c:5079 msgid " -c CA\tlist only information about the CA with this name\n" msgstr "" #: src/getcert.c:5089 #, c-format msgid "Usage: %s refresh-ca [options]\n" msgstr "" #: src/getcert.c:5094 msgid " -c CA\trefresh information about the CA with this name\n" msgstr "" #: src/getcert.c:5095 msgid " -a\trefresh information about all known CAs\n" msgstr "" #: src/getcert.c:5106 #, c-format msgid "Usage: %s add-ca [options]\n" msgstr "" #: src/getcert.c:5110 src/getcert.c:5124 msgid " -c CA\t\tnickname to give to the new CA configuration\n" msgstr "" #: src/getcert.c:5111 msgid " -e CMD\thelper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5120 #, c-format msgid "Usage: %s add-scep-ca [options]\n" msgstr "" #: src/getcert.c:5125 msgid " -u URL\tlocation of SCEP server\n" msgstr "" #: src/getcert.c:5126 msgid " -i ID\t\tCA identifier\n" msgstr "" #: src/getcert.c:5127 msgid " -R FILE\tfile containing CA's certificate\n" msgstr "" #: src/getcert.c:5128 msgid " -r FILE\tfile containing RA's certificate\n" msgstr "" #: src/getcert.c:5129 msgid " -I FILE\tfile containing certificates in RA's certifying chain\n" msgstr "" #: src/getcert.c:5130 msgid " -n\tprefer not to use the SCEP Renewal feature\n" msgstr "" #: src/getcert.c:5139 #, c-format msgid "Usage: %s modify-ca [options]\n" msgstr "" #: src/getcert.c:5143 msgid " -c CA\t\tnickname of the CA configuration\n" msgstr "" #: src/getcert.c:5144 msgid " -e CMD\tupdated helper command to run to communicate with CA\n" msgstr "" #: src/getcert.c:5153 #, c-format msgid "Usage: %s remove-ca [options]\n" msgstr "" #: src/getcert.c:5157 msgid " -c CA\tnickname of CA configuration to remove\n" msgstr "" #: src/getcert.c:5172 #, c-format msgid "Usage: %s command [options]\n" msgstr "" #: src/getcert.c:5174 msgid "request a new certificate from a CA\n" msgstr "" #: src/getcert.c:5176 msgid "begin monitoring an already-issued certificate\n" msgstr "" #: src/getcert.c:5178 msgid "stop monitoring a certificate\n" msgstr "" #: src/getcert.c:5180 msgid "resubmit an in-progress enrollment request, or start a new one\n" msgstr "" #: src/getcert.c:5182 msgid "generate a new private key and replace a certificate\n" msgstr "" #: src/getcert.c:5184 msgid "check on the status of an in-progress enrollment request\n" msgstr "" #: src/getcert.c:5186 msgid "list certificates being monitored and requested\n" msgstr "" #: src/getcert.c:5188 msgid "check the status of a certificate being monitored or requested\n" msgstr "" #: src/getcert.c:5191 msgid "add a CA configuration\n" msgstr "" #: src/getcert.c:5193 msgid "add an SCEP CA configuration\n" msgstr "" #: src/getcert.c:5196 msgid "list known CA configurations\n" msgstr "" #: src/getcert.c:5199 msgid "modify a CA configuration\n" msgstr "" #: src/getcert.c:5202 msgid "refresh cache of all information obtained from a CA\n" msgstr "" #: src/getcert.c:5205 msgid "remove a CA configuration\n" msgstr "" #: src/getcert.c:5273 #, c-format msgid "%s: unrecognized command\n" msgstr "%s:指令無法辨識\n" #: src/ipa.c:144 #, c-format msgid "Unable to determine location of IPA LDAP server.\n" msgstr "" #: src/ipa.c:149 #, c-format msgid "Unable to contact an IPA LDAP server.\n" msgstr "" #: src/ipa.c:233 src/ipa.c:533 #, c-format msgid "Unable to determine base DN of domain information on IPA server.\n" msgstr "" #: src/ipa.c:369 #, c-format msgid "Error setting up for XMLRPC on the client.\n" msgstr "" #: src/ipa.c:658 #, c-format msgid "The -t option can not be used with the -K option.\n" msgstr "選項 -t 不能與 -K 一起使用。\n" #: src/ipa.c:667 #, c-format msgid "The -k option can not be used with the -K option.\n" msgstr "選項 -k 不能與 -K 一起使用。\n" #: src/ipa.c:676 #, c-format msgid "The -K option can not be used with either the -k or the -t option.\n" msgstr "選項 -K 不能與 -k 或 -t 一起使用。\n" #: src/ipa.c:758 #, c-format msgid "Unable to determine principal name for signing request.\n" msgstr "" #: src/ipa.c:831 #, c-format msgid "No IPA domain configured, and none specified.\n" msgstr "" #: src/ipa.c:868 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using default keytab: " "%s.\n" msgstr "" #: src/ipa.c:872 #, c-format msgid "" "Error setting up ccache for \"%s\" on client using default keytab: %s.\n" msgstr "" #: src/ipa.c:879 #, c-format msgid "" "Error setting up ccache for \"host\" service on client using keytab \"%s\": " "%s.\n" msgstr "" #: src/ipa.c:883 #, c-format msgid "Error setting up ccache for \"%s\" on client using keytab \"%s\": %s.\n" msgstr "" #: src/local.c:556 #, c-format msgid "Unable to read signing request.\n" msgstr "無法讀取簽署請求。\n" #: src/main.c:74 msgid "use session bus" msgstr "" #: src/main.c:75 msgid "use system bus" msgstr "" #: src/main.c:76 msgid "start a dedicated listening socket" msgstr "" #: src/main.c:77 msgid "only use a dedicated listening socket" msgstr "" #: src/main.c:78 msgid "specify the dedicated listening socket" msgstr "" #: src/main.c:78 msgid "PATHNAME" msgstr "" #: src/main.c:79 msgid "don't become a daemon" msgstr "" #: src/main.c:80 msgid "do become a daemon" msgstr "" #: src/main.c:81 msgid "bus-activated, idle timeout" msgstr "" #: src/main.c:81 msgid "SECONDS" msgstr "" #: src/main.c:82 msgid "don't use an idle timeout" msgstr "" #: src/main.c:83 msgid "set debugging level (implies -n)" msgstr "" #: src/main.c:83 msgid "NUMBER" msgstr "" #: src/main.c:84 src/main.c:86 msgid "start COMMAND and exit when it does" msgstr "" #: src/main.c:87 msgid "write service PID to file" msgstr "" #: src/main.c:88 msgid "force NSS into FIPS mode" msgstr "" #: src/main.c:90 msgid "print version information" msgstr "" #: src/main.c:174 #, c-format msgid "Usage: %s [-s|-S] [-n|-f] [-d LEVEL] [-p FILE] [-F] [-v]\n" msgstr "" #: src/main.c:177 msgid "\t-s use session bus\n" msgstr "" #: src/main.c:178 msgid "\t-S use system bus\n" msgstr "\t-S 使用系統匯流排\n" #: src/main.c:179 msgid "\t-l start a dedicated listening socket\n" msgstr "" #: src/main.c:180 msgid "\t-L only use a dedicated listening socket\n" msgstr "" #: src/main.c:181 msgid "\t-P PATH specify the dedicated listening socket\n" msgstr "" #: src/main.c:182 msgid "\t-n don't become a daemon\n" msgstr "" #: src/main.c:183 msgid "\t-f do become a daemon\n" msgstr "" #: src/main.c:184 msgid "\t-b TIMEOUT bus-activated, idle timeout\n" msgstr "" #: src/main.c:185 msgid "\t-B don't use an idle timeout\n" msgstr "" #: src/main.c:186 msgid "\t-d LEVEL set debugging level (implies -n)\n" msgstr "\t-d 等級 設定除錯等級 (等於同時指定 -n)\n" #: src/main.c:187 msgid "\t-c COMMAND start COMMAND and exit when it does\n" msgstr "" #: src/main.c:188 msgid "\t-p FILE write service PID to file\n" msgstr "" #: src/main.c:189 msgid "\t-F force NSS into FIPS mode\n" msgstr "" #: src/main.c:190 msgid "\t-v print version information and exit\n" msgstr "" #: src/scep.c:352 #, c-format msgid "No SCEP URL (-u) given, and no default known.\n" msgstr "" #: src/scep.c:356 #, c-format msgid "No SCEP operation (-c/-C/-g/-p) given, and no default known.\n" msgstr "" #: src/scep.c:376 src/scep.c:395 #, c-format msgid "No RA certificate (-r) given, and no default known.\n" msgstr "" #: src/scep.c:386 src/scep.c:540 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a GetInitialCert " "pkiMessage, got nothing.\n" msgstr "" #: src/scep.c:405 src/scep.c:565 #, c-format msgid "" "Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, " "got nothing.\n" msgstr "" #: src/scep.c:433 src/scep.c:459 #, c-format msgid "Warning: request is neither a PKCSReq nor a GetInitialCert request.\n" msgstr "" #: src/scep.c:437 src/scep.c:463 #, c-format msgid "" "Warning: request type \"%s\"is neither a PKCSReq nor a GetInitialCert " "request.\n" msgstr "" #: src/scep.c:470 #, c-format msgid "Warning: request is missing transactionId.\n" msgstr "" #: src/scep.c:474 #, c-format msgid "Warning: request is missing senderNonce.\n" msgstr "" #: src/scep.c:637 #, fuzzy, c-format msgid "Got response code %d from %s, not 200.\n" msgstr "沒有從 %s 服務接收到回應。\n" #: src/scep.c:685 src/scep.c:1121 #, c-format msgid "Server reply was of unexpected MIME type \"%s\".\n" msgstr "" #: src/scep.c:930 #, fuzzy, c-format msgid "Error: failed to verify signature on server response.\n" msgstr "解析伺服器回應時發生錯誤。\n" #: src/scep.c:946 #, c-format msgid "Error: reply was not a CertRep (%s).\n" msgstr "" #: src/scep.c:951 #, c-format msgid "Error: reply is missing transactionId.\n" msgstr "" #: src/scep.c:956 #, c-format msgid "Error: reply contains a different transactionId.\n" msgstr "" #: src/scep.c:962 #, c-format msgid "Error: reply is missing pkiStatus.\n" msgstr "" #: src/scep.c:966 #, c-format msgid "Error: reply is missing recipientNonce.\n" msgstr "" #: src/scep.c:972 #, c-format msgid "Error: reply nonce doesn't match request.\n" msgstr "" #: src/scep.c:976 #, fuzzy, c-format msgid "Error: reply is missing senderNonce.\n" msgstr "解析伺服器回應時發生錯誤。\n" #: src/scep.c:994 #, c-format msgid "Unspecified failure at server.\n" msgstr "" #: src/scep.c:997 #, c-format msgid "Unrecognized or unsupported algorithm identifier in client request.\n" msgstr "" #: src/scep.c:1000 #, c-format msgid "Integrity check of client request failed at server.\n" msgstr "" #: src/scep.c:1003 #, c-format msgid "Transaction either is not permitted or is not supported by server.\n" msgstr "" #: src/scep.c:1006 #, c-format msgid "Clock skew too great.\n" msgstr "" #: src/scep.c:1009 #, c-format msgid "Unsupported extension.\n" msgstr "" #: src/scep.c:1012 #, c-format msgid "Must archive keys.\n" msgstr "" #: src/scep.c:1015 #, c-format msgid "Bad identity.\n" msgstr "" #: src/scep.c:1018 #, c-format msgid "Proof of possession required.\n" msgstr "" #: src/scep.c:1021 #, c-format msgid "Proof of possession failed.\n" msgstr "" #: src/scep.c:1024 #, c-format msgid "No key reuse.\n" msgstr "" #: src/scep.c:1027 #, fuzzy, c-format msgid "Internal CA error.\n" msgstr "伺服器錯誤。\n" #: src/scep.c:1030 #, c-format msgid "Try later.\n" msgstr "" #: src/scep.c:1032 #, c-format msgid "Server returned failure code \"%s\".\n" msgstr "" #: src/scep.c:1044 #, c-format msgid "Error: couldn't parse signed-data.\n" msgstr "" #: src/scep.c:1059 src/scep.c:1074 #, c-format msgid "Error: signed-data payload is not enveloped-data.\n" msgstr "" #: src/scep.c:1092 #, c-format msgid "Error: enveloped-data payload is not data.\n" msgstr "" #: src/scep.c:1116 #, c-format msgid "Error: pkiStatus \"%s\" not recognized.\n" msgstr "" #: src/tdbush.c:119 src/tdbush.c:1944 src/tdbush.c:2351 msgid "An internal error has occurred." msgstr "發生內部錯誤。" #: src/tdbush.c:183 msgid "No matching entry found.\n" msgstr "" #: src/tdbush.c:345 #, c-format msgid "There is already a CA with the nickname \"%s\"." msgstr "已有暱稱為 \"%s\" 的 CA。" #: src/tdbush.c:439 msgid "Certificate storage type not specified." msgstr "未指定憑證儲存類型。" #: src/tdbush.c:452 #, c-format msgid "Certificate storage type \"%s\" not supported." msgstr "不支援憑證儲存類型 \"%s\"。" #: src/tdbush.c:489 src/tdbush.c:522 src/tdbush.c:581 src/tdbush.c:766 #: src/tdbush.c:825 src/tdbush.c:928 src/tdbush.c:973 src/tdbush.c:1028 #: src/tdbush.c:1073 src/tdbush.c:1128 src/tdbush.c:1173 src/tdbush.c:1592 #: src/tdbush.c:3230 src/tdbush.c:3382 #, c-format msgid "The location \"%s\" must be an absolute path." msgstr "\"%s\" 位置須為絕對路徑。" #: src/tdbush.c:516 src/tdbush.c:575 src/tdbush.c:644 msgid "Certificate storage location not specified." msgstr "未指定憑證儲存位置。" #: src/tdbush.c:534 src/tdbush.c:778 src/tdbush.c:985 src/tdbush.c:1085 #: src/tdbush.c:1185 #, c-format msgid "" "The parent of location \"%s\" could not be accessed due to insufficient " "permissions." msgstr "" #: src/tdbush.c:542 src/tdbush.c:786 src/tdbush.c:993 src/tdbush.c:1093 #: src/tdbush.c:1193 #, c-format msgid "The parent of location \"%s\" must be a valid directory." msgstr "\"%s\" 的上層須為有效目錄。" #: src/tdbush.c:553 src/tdbush.c:797 src/tdbush.c:1004 src/tdbush.c:1104 #: src/tdbush.c:1204 #, c-format msgid "The location \"%s\" must be a file." msgstr "\"%s\" 位置須為檔案。" #: src/tdbush.c:593 src/tdbush.c:940 src/tdbush.c:1040 src/tdbush.c:1140 #, c-format msgid "" "The location \"%s\" could not be accessed due to insufficient permissions." msgstr "" #: src/tdbush.c:601 src/tdbush.c:834 src/tdbush.c:948 src/tdbush.c:1048 #: src/tdbush.c:1148 #, c-format msgid "The location \"%s\" must be a directory." msgstr "\"%s\" 位置須為目錄。" #: src/tdbush.c:622 msgid "Certificate nickname not specified." msgstr "未指定憑證暱稱。" #: src/tdbush.c:665 src/tdbush.c:3055 #, c-format msgid "There is already a request with the nickname \"%s\"." msgstr "已有暱稱為 \"%s\" 的請求。" #: src/tdbush.c:701 #, c-format msgid "" "Certificate at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:734 #, c-format msgid "Key storage type \"%s\" not supported." msgstr "不支援金鑰儲存類型 \"%s\"。" #: src/tdbush.c:760 src/tdbush.c:819 msgid "Key storage location not specified." msgstr "未指定金鑰儲存位置。" #: src/tdbush.c:853 msgid "Key nickname not specified." msgstr "未指定金鑰暱稱。" #: src/tdbush.c:909 #, c-format msgid "Key at same location is already used by request with nickname \"%s\"." msgstr "" #: src/tdbush.c:1313 src/tdbush.c:3102 #, c-format msgid "No support for key type \"%s\"." msgstr "" #: src/tdbush.c:1400 msgid "No such CA." msgstr "沒有這樣的 CA。" #: src/tdbush.c:3073 #, c-format msgid "Certificate authority \"%s\" not known." msgstr "未知的憑證授權機構「%s」。" #: src/tdbush.c:3518 msgid "Unrecognized parameter or wrong value type." msgstr "無法辨識的參數或錯誤的值類型。" #: src/tdbush.c:5070 msgid "Error parsing arguments." msgstr "" #: src/tdbush.c:5124 msgid "Unrecognized property name." msgstr "" #: src/tdbusm.c:2156 msgid "Insufficient access. Please retry operation as root.\n" msgstr "" #: src/tdbusm.c:2160 msgid "Please verify that the certmonger service has been started.\n" msgstr "" #: src/tdbusm.c:2163 msgid "Please verify that the certmonger service is still running.\n" msgstr "" certmonger-0.79.19/src/0000755000175000017500000000000014511314133014221 5ustar gitgit00000000000000certmonger-0.79.19/src/Makefile.am0000644000175000017500000002172214511314133016261 0ustar gitgit00000000000000AM_CFLAGS = $(TALLOC_CFLAGS) $(TEVENT_CFLAGS) $(DBUS_CFLAGS) $(KRB5_CFLAGS) \ $(XMLRPC_CFLAGS) $(IDN_CFLAGS) $(UUID_CFLAGS) $(LDAP_CFLAGS) \ $(POPT_CFLAGS) if PIE CFLAGS += -fPIC LDFLAGS += -fPIC -pie endif if NOW LDFLAGS += -Wl,-z,relro,-z,now endif man_MANS = certmonger.8 getcert.1 getcert-request.1 getcert-list.1 \ getcert-list-cas.1 getcert-start-tracking.1 getcert-stop-tracking.1 \ selfsign-getcert.1 ipa-getcert.1 \ getcert-resubmit.1 certmonger-ipa-submit.8 \ certmonger-dogtag-ipa-renew-agent-submit.8 certmonger.conf.5 \ getcert-refresh.1 getcert-refresh-ca.1 local-getcert.1 \ certmonger-local-submit.8 getcert-status.1 \ certmonger-dogtag-submit.8 certmonger-scep-submit.8 \ getcert-add-ca.1 getcert-add-scep-ca.1 getcert-modify-ca.1 \ getcert-remove-ca.1 getcert-rekey.1 if WITH_XMLRPC man_MANS += certmaster-getcert.1 certmonger-certmaster-submit.8 endif pkgsysconfdir = $(sysconfdir)/$(PACKAGE) pkgsysconf_DATA = certmonger.conf EXTRA_PROGRAMS = install-data-hook:: chmod go-rwx $(DESTDIR)$(pkgsysconfdir)/certmonger.conf mkdir -m 700 -p $(DESTDIR)@CM_STORE_CAS_DIRECTORY@ mkdir -m 700 -p $(DESTDIR)@CM_STORE_REQUESTS_DIRECTORY@ mkdir -m 700 -p $(DESTDIR)@CM_STORE_LOCAL_CA_DIRECTORY@ noinst_LIBRARIES = libcm.a libcm-o.a libcm_a_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) libcm_a_SOURCES = \ cadata.c \ cadata.h \ casave.c \ casave.h \ canalyze.c \ canalyze.h \ certext.c \ certext.h \ certext-n.h \ certread.c \ certread.h \ certread-int.h \ certread-n.c \ certsave.c \ certsave.h \ certsave-int.h \ certsave-n.c \ cm.c \ cm.h \ csrgen.c \ csrgen.h \ csrgen-int.h \ csrgen-n.c \ env.h \ env-shared.c \ hook.c \ hook.h \ iterate.c \ iterate.h \ json.c \ json.h \ keygen.c \ keygen.h \ keygen-int.h \ keygen-n.c \ keyiread.c \ keyiread.h \ keyiread-int.h \ keyiread-n.c \ keyiread-n.h \ kudict.c \ kudict.h \ log.c \ log.h \ netlink.c \ netlink.h \ notify.c \ notify.h \ oiddict.c \ oiddict.h \ pin.c \ pin.h \ prefs.c \ prefs.h \ prefs-n.c \ prefs-n.h \ scep.h \ scepgen.c \ scepgen.h \ scepgen-int.h \ scepgen-n.c \ store-files.c \ store-gen.c \ store.h \ store-int.h \ submit.c \ submit-e.c \ submit-e.h \ submit.h \ submit-int.h \ submit-n.c \ submit-sn.c \ submit-u.c \ submit-u.h \ subproc.c \ subproc.h \ tdbus.c \ tdbus.h \ tdbush.c \ tdbush.h \ tdbusm.c \ tdbusm.h \ util.c \ util.h \ util-m.c \ util-m.h \ util-n.c \ util-n.h if WITH_XMLRPC libcm_a_SOURCES += \ submit-x.c \ submit-x.h endif libcm_o_a_SOURCES = if HAVE_OPENSSL libcm_o_a_SOURCES += \ certread-o.c \ certsave-o.c \ csrgen-o.c \ keygen-o.c \ keyiread-o.c \ pkcs7.c \ pkcs7.h \ prefs-o.c \ prefs-o.h \ scep-o.c \ scep-o.h \ scepgen-o.c \ submit-so.c \ submit-o.c \ submit-o.h \ util-o.c \ util-o.h endif libcm_o_a_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) $(OPENSSL_CFLAGS) libcm_a_LIBADD = $(libcm_o_a_OBJECTS) bin_PROGRAMS = getcert pkglibexec_PROGRAMS = certmonger-session pkglibexecdir = $(libexecdir)/$(PACKAGE) getcert_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) $(UUID_CFLAGS) getcert_SOURCES = getcert.c tm.c tm.h getcert_LDADD = libcm.a $(GETCERT_LIBS) $(KRB5_LIBS) $(NSS_LIBS) $(UUID_LIBS) \ $(POPT_LIBS) $(LTLIBICONV) $(LDAP_LIBS) $(OPENSSL_LIBS) if WITH_IPA bin_PROGRAMS += ipa-getcert ipa_getcert_CFLAGS = $(getcert_CFLAGS) ipa_getcert_SOURCES = ipa-getcert.c tm.c tm.h ipa_getcert_LDADD = $(getcert_LDADD) endif if WITH_IPA if WITH_XMLRPC bin_PROGRAMS += certmaster-getcert certmaster_getcert_CFLAGS = $(getcert_CFLAGS) certmaster_getcert_SOURCES = certmaster-getcert.c tm.c tm.h certmaster_getcert_LDADD = $(getcert_LDADD) endif endif bin_PROGRAMS += selfsign-getcert selfsign_getcert_CFLAGS = $(getcert_CFLAGS) selfsign_getcert_SOURCES = selfsign-getcert.c tm.c tm.h selfsign_getcert_LDADD = $(getcert_LDADD) bin_PROGRAMS += local-getcert local_getcert_CFLAGS = $(getcert_CFLAGS) local_getcert_SOURCES = local-getcert.c tm.c tm.h local_getcert_LDADD = $(getcert_LDADD) sbin_PROGRAMS = certmonger certmonger_getcert_CFLAGS = $(getcert_CFLAGS) certmonger_SOURCES = main.c env-system.c tm.c tm.h certmonger_LDADD = libcm.a \ $(OPENSSL_LIBS) $(CERTMONGER_LIBS) $(KRB5_LIBS) $(IDN_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(POPT_LIBS) $(LTLIBICONV) $(LDAP_LIBS) certmonger_session_SOURCES = main.c env-session.c tm.c tm.h certmonger_session_LDADD = libcm.a \ $(OPENSSL_LIBS) $(CERTMONGER_LIBS) $(KRB5_LIBS) $(IDN_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(POPT_LIBS) $(LTLIBICONV) $(LDAP_LIBS) noinst_PROGRAMS = tdbusm-check serial-check nl-check toklist if WITH_XMLRPC noinst_PROGRAMS += submit-x endif tdbusm_check_SOURCES = tdbusm-check.c tm.c tm.h tdbusm_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(POPT_LIBS) $(LDAP_LIBS) serial_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(LTLIBICONV) $(LDAP_LIBS) nl_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(LDAP_LIBS) if WITH_XMLRPC submit_x_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) -DCM_SUBMIT_X_MAIN submit_x_SOURCES = submit-x.c submit-x.h submit-u.c submit-u.h log.c log.h \ tm.c tm.h submit_x_LDADD = $(XMLRPC_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(POPT_LIBS) endif toklist_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) toklist_LDADD = $(NSS_LIBS) $(POPT_LIBS) if WITH_CERTMASTER if WITH_XMLRPC pkglibexec_PROGRAMS += certmaster-submit endif endif if WITH_IPA pkglibexec_PROGRAMS += ipa-submit endif pkglibexec_PROGRAMS += dogtag-ipa-renew-agent-submit dogtag-submit if HAVE_OPENSSL pkglibexec_PROGRAMS += local-submit pkglibexec_PROGRAMS += scep-submit endif noinst_PROGRAMS += submit-h submit-d ipa_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) $(CURL_CFLAGS) $(JANSSON_CFLAGS) ipa_submit_SOURCES = ipa.c srvloc.c srvloc.h store.h store-gen.c \ submit-h.c submit-h.h submit-u.c submit-u.h \ submit-e.h util.c util.h log.c log.h tm.c tm.h ipa_submit_LDADD = $(XMLRPC_LIBS) $(LDAP_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(IDN_LIBS) $(OPENSSL_LIBS) $(UUID_LIBS) \ $(RESOLV_LIBS) $(LTLIBICONV) $(POPT_LIBS) $(CURL_LIBS) \ $(JANSSON_LIBS) if WITH_XMLRPC certmaster_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) certmaster_submit_SOURCES = certmaster.c submit-x.c submit-x.h \ submit-e.h submit-u.c submit-u.h util.c util.h log.c log.h \ tm.c tm.h certmaster_submit_LDADD = $(XMLRPC_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) $(POPT_LIBS) endif dogtag_ipa_renew_agent_submit_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) \ $(NSS_CFLAGS) $(CURL_CFLAGS) \ -DDOGTAG_IPA_RENEW_AGENT=1 dogtag_ipa_renew_agent_submit_SOURCES = dogtag.c submit-d.c submit-d.h \ submit-h.c submit-h.h util-m.c util-m.h util-n.c util-n.h \ submit-u.c submit-u.h submit-e.h util.c util.h log.c log.h \ store.h store-gen.c tm.c tm.h prefs.c prefs.h \ dogtag-ipa.c dogtag-ipa.h env.h env-system.c dogtag_ipa_renew_agent_submit_LDADD = $(CURL_LIBS) $(XML_LIBS) $(NSS_LIBS) \ $(OPENSSL_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) \ $(POPT_LIBS) dogtag_submit_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(NSS_CFLAGS) $(CURL_CFLAGS) dogtag_submit_SOURCES = dogtag.c submit-d.c submit-d.h \ submit-h.c submit-h.h util-m.c util-m.h util-n.c util-n.h \ submit-u.c submit-u.h submit-e.h util.c util.h log.c log.h \ store.h store-gen.c tm.c tm.h prefs.c prefs.h \ env.h env-system.c dogtag_submit_LDADD = $(CURL_LIBS) $(XML_LIBS) $(NSS_LIBS) \ $(OPENSSL_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) \ $(POPT_LIBS) scep_submit_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(NSS_CFLAGS) $(CURL_CFLAGS) scep_submit_SOURCES = scep.c scep.h \ submit-h.c submit-h.h util-m.c util-m.h util-o.c util-o.h \ submit-u.c submit-u.h submit-e.h util.c util.h log.c log.h \ pkcs7.c pkcs7.h store.h store-gen.c tm.c tm.h prefs.c prefs.h \ prefs-o.c prefs-o.h scep-o.c scep-o.h env.h env-system.c scep_submit_LDADD = $(CURL_LIBS) $(XML_LIBS) $(NSS_LIBS) \ $(OPENSSL_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) $(POPT_LIBS) local_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) local_submit_SOURCES = local.c env.h store.h store-gen.c submit-o.c submit-o.h \ submit-u.c submit-u.h env-system.c env-shared.c log.c \ log.h prefs.c prefs.h prefs-o.c prefs-o.h tm.c tm.h \ util.c util.h util-o.c util-o.h pin.c pin.h local_submit_LDADD = $(NSS_LIBS) $(OPENSSL_LIBS) $(TALLOC_LIBS) $(UUID_LIBS) \ $(POPT_LIBS) submit_d_CFLAGS = $(AM_CFLAGS) $(CURL_CFLAGS) $(XML_CFLAGS) -DCM_SUBMIT_D_MAIN submit_d_SOURCES = submit-d.c submit-d.h submit-h.c submit-h.h \ submit-u.c submit-u.h log.c log.h tm.c tm.h util-m.c util-m.h submit_d_LDADD = libcm-o.a $(CURL_LIBS) $(OPENSSL_LIBS) $(XML_LIBS) \ $(TALLOC_LIBS) $(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) \ $(POPT_LIBS) submit_h_CFLAGS = $(AM_CFLAGS) $(CURL_CFLAGS) $(XML_CFLAGS) -DCM_SUBMIT_H_MAIN submit_h_SOURCES = submit-h.c submit-h.h log.c log.h tm.c tm.h submit_h_LDADD = $(CURL_LIBS) $(XML_LIBS) $(TALLOC_LIBS) $(LTLIBICONV) \ $(POPT_LIBS) .PHONY: manlint manlint: $(man_MANS) for page in $(MANS); do \ mandoc -T lint $${page}; \ done certmonger-0.79.19/src/cadata.c0000644000175000017500000006107614511314133015614 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include "cadata.h" #include "env.h" #include "json.h" #include "log.h" #include "store-int.h" #include "submit-e.h" #include "subproc.h" #include "tdbus.h" #define CM_CADATA_ROOTS "roots" #define CM_CADATA_OTHER_ROOTS "other-roots" #define CM_CADATA_OTHERS "other" #define CM_CADATA_CERTIFICATE "certificate" #define CM_CADATA_NICKNAME "nickname" const char *attribute_map[] = { CM_SUBMIT_REQ_SUBJECT_ENV, CM_DBUS_PROP_TEMPLATE_SUBJECT, CM_SUBMIT_REQ_HOSTNAME_ENV, CM_DBUS_PROP_TEMPLATE_HOSTNAME, CM_SUBMIT_REQ_PRINCIPAL_ENV, CM_DBUS_PROP_TEMPLATE_PRINCIPAL, CM_SUBMIT_REQ_EMAIL_ENV, CM_DBUS_PROP_TEMPLATE_EMAIL, CM_SUBMIT_REQ_IP_ADDRESS_ENV, CM_DBUS_PROP_TEMPLATE_IP_ADDRESS, CM_SUBMIT_PROFILE_ENV, CM_DBUS_PROP_TEMPLATE_PROFILE, CM_SUBMIT_ISSUER_ENV, CM_DBUS_PROP_TEMPLATE_ISSUER, NULL, }; struct cm_cadata_state { enum cm_submit_external_phase { parsing, postprocessing, } phase; struct cm_store_ca *ca; struct cm_subproc_state *subproc; int (*parse)(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg); int (*second_sub)(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data); int (*postprocess)(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg); const char *op; char *intermediate; int error_fd, delay; unsigned int modified: 1; }; /* Callback that just runs the helper to gather the specified data. */ static int fetch(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *data) { struct cm_cadata_state *state = data; char **argv; const char *error; unsigned char u; setenv(CM_SUBMIT_OPERATION_ENV, state->op, 1); if ((ca->cm_nickname != NULL) && (strlen(ca->cm_nickname) > 0)) { setenv(CM_SUBMIT_CA_NICKNAME_ENV, ca->cm_nickname, 1); } if (dup2(fd, STDOUT_FILENO) == -1) { u = errno; cm_log(1, "Error redirecting standard out for " "enrollment helper: %s.\n", strerror(errno)); if (write(state->error_fd, &u, 1) != 1) { cm_log(1, "Error sending error result to parent.\n"); } return u; } error = NULL; argv = cm_subproc_parse_args(ca, ca->cm_ca_external_helper, &error); if (argv == NULL) { if (error != NULL) { cm_log(0, "Error parsing \"%s\": %s.\n", ca->cm_ca_external_helper, error); } else { cm_log(0, "Error parsing \"%s\".\n", ca->cm_ca_external_helper); } return -1; } cm_subproc_mark_most_cloexec(STDOUT_FILENO, STDERR_FILENO, -1); cm_log(1, "Running enrollment/cadata helper \"%s\".\n", argv[0]); execvp(argv[0], argv); u = errno; if (write(state->error_fd, &u, 1) != 1) { cm_log(1, "Error sending error result to parent.\n"); } return u; } /* Parse IDENTIFY output. It's just an arbitrary string. */ static int parse_identification(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { const char *p, *q; char *old_aka; old_aka = ca->cm_ca_aka; p = msg; q = p + strcspn(p, "\r\n"); if (p != q) { ca->cm_ca_aka = talloc_strndup(ca, p, q - p); } else { ca->cm_ca_aka = NULL; } if (state != NULL) { if ((old_aka == NULL) && (ca->cm_ca_aka == NULL)) { state->modified = 0; } else if ((old_aka != NULL) && (ca->cm_ca_aka != NULL)) { state->modified = (strcmp(old_aka, ca->cm_ca_aka) != 0); } else { state->modified = 1; } } talloc_free(old_aka); return 0; } /* Compare two lists of nickname+certificate pairs. */ static int nickcertlistcmp(struct cm_nickcert **a, struct cm_nickcert **b) { int i, j; if ((a == NULL) && (b == NULL)) { return 0; } else if ((a == NULL) && (b != NULL)) { return 1; } else if ((a != NULL) && (b == NULL)) { return 1; } else { for (i = 0; a[i] != NULL; i++) { for (j = 0; b[j] != NULL; j++) { if ((strcmp(a[i]->cm_nickname, b[j]->cm_nickname) == 0) && (strcmp(a[i]->cm_cert, b[j]->cm_cert) == 0)) { break; } } if (b[j] == NULL) { return 1; } } for (i = 0; b[i] != NULL; i++) { for (j = 0; a[j] != NULL; j++) { if ((strcmp(b[i]->cm_nickname, a[j]->cm_nickname) == 0) && (strcmp(b[i]->cm_cert, a[j]->cm_cert) == 0)) { break; } } if (a[j] == NULL) { return 1; } } return 0; } } /* Parse a list of nickname+certificate pairs. */ static const char * parse_old_cert_list(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg, struct cm_nickcert ***list) { struct cm_nickcert **certs = NULL, **tmp, *nc; const char *p, *q; char *s; int i = 0; p = msg; q = p + strcspn(p, "\r\n"); while (p != q) { nc = talloc_ptrtype(NULL, nc); if (nc == NULL) { talloc_free(certs); return NULL; } memset(nc, 0, sizeof(*nc)); tmp = talloc_realloc(ca, certs, struct cm_nickcert *, i + 2); if (tmp == NULL) { talloc_free(certs); return NULL; } certs = tmp; certs[i++] = nc; certs[i] = NULL; talloc_steal(certs, nc); nc->cm_nickname = talloc_strndup(nc, p, q - p); p = q + strspn(q, "\r\n"); if (strncmp(p, "-----BEGIN", 10) != 0) { talloc_free(certs); return NULL; } q = strstr(p, "-----END"); if (q == NULL) { talloc_free(certs); return NULL; } q += strcspn(q, "\r\n"); nc->cm_cert = talloc_asprintf(nc, "%.*s\n", (int) (q - p), p); if ((nc->cm_nickname == NULL) || (nc->cm_cert == NULL)) { talloc_free(certs); return NULL; } while ((s = strstr(nc->cm_cert, "\r\n")) != NULL) { memmove(s, s + 1, strlen(s)); } if ((strncmp(q, "\n\n", 2) == 0) || (strncmp(q, "\r\n\r\n", 4) == 0)) { *list = certs; return q + strspn(q, "\r\n"); } else { p = q + strspn(q, "\r\n"); q = p + strcspn(p, "\r\n"); } } *list = certs; return p; } /* Build a nickcert list out of the keys and values in a JSON object. */ struct cm_nickcert ** parse_json_cert_list(void *parent, struct cm_json *nickcerts) { struct cm_nickcert **ret, *c; struct cm_json *cert, *val; int i, j; const char *nickname, *pem; i = cm_json_array_size(nickcerts); if (i > 0) { ret = talloc_array_ptrtype(parent, ret, i + 1); if (ret != NULL) { for (i = 0, j = 0; i < cm_json_array_size(nickcerts); i++) { c = talloc_ptrtype(ret, c); if (c != NULL) { memset(c, 0, sizeof(*c)); cert = cm_json_n(nickcerts, i); if (cm_json_type(cert) != cm_json_type_object) { continue; } val = cm_json_get(cert, CM_CADATA_NICKNAME); if (cm_json_type(val) != cm_json_type_string) { continue; } nickname = cm_json_string(val, NULL); c->cm_nickname = talloc_strdup(c, nickname); val = cm_json_get(cert, CM_CADATA_CERTIFICATE); if (cm_json_type(val) != cm_json_type_string) { continue; } pem = cm_json_string(val, NULL); c->cm_cert = talloc_strdup(c, pem); if ((c->cm_nickname != NULL) && (c->cm_cert != NULL)) { ret[j++] = c; } } } ret[j] = NULL; if (j > 0) { return ret; } else { return NULL; } } } return NULL; } /* Parse three lists of nickname+certificate pairs, or a JSON document that * makes them all members of objects named "root", "other-roots", and "others", * members of an unnamed top-level object. */ static int parse_certs(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { struct cm_nickcert **certs; struct cm_json *json = NULL, *sub, *cert, *val; const char *p, *eom; int i; state->modified = 0; if (cm_json_decode(state, msg, -1, &json, &eom) != 0) { json = cm_json_new_object(state); /* Take the older-format data and build a JSON object out of * it. */ certs = NULL; p = parse_old_cert_list(ca, state, msg, &certs); if (p != NULL) { sub = cm_json_new_array(json); for (i = 0; (certs != NULL) && (certs[i] != NULL); i++) { cert = cm_json_new_object(sub); val = cm_json_new_string(cert, certs[i]->cm_nickname, -1); cm_json_set(cert, CM_CADATA_NICKNAME, val); val = cm_json_new_string(cert, certs[i]->cm_cert, -1); cm_json_set(cert, CM_CADATA_CERTIFICATE, val); cm_json_append(sub, cert); } if (cm_json_array_size(sub) > 0) { cm_json_set(json, CM_CADATA_ROOTS, sub); } certs = NULL; p = parse_old_cert_list(ca, state, p, &certs); if (p != NULL) { sub = cm_json_new_array(json); for (i = 0; (certs != NULL) && (certs[i] != NULL); i++) { cert = cm_json_new_object(sub); val = cm_json_new_string(cert, certs[i]->cm_nickname, -1); cm_json_set(cert, CM_CADATA_NICKNAME, val); val = cm_json_new_string(cert, certs[i]->cm_cert, -1); cm_json_set(cert, CM_CADATA_CERTIFICATE, val); cm_json_append(sub, cert); } if (cm_json_array_size(sub) > 0) { cm_json_set(json, CM_CADATA_OTHER_ROOTS, sub); } certs = NULL; p = parse_old_cert_list(ca, state, p, &certs); if (p != NULL) { sub = cm_json_new_array(json); for (i = 0; (certs != NULL) && (certs[i] != NULL); i++) { cert = cm_json_new_object(sub); val = cm_json_new_string(cert, certs[i]->cm_nickname, -1); cm_json_set(cert, CM_CADATA_NICKNAME, val); val = cm_json_new_string(cert, certs[i]->cm_cert, -1); cm_json_set(cert, CM_CADATA_CERTIFICATE, val); cm_json_append(sub, cert); } if (cm_json_array_size(sub) > 0) { cm_json_set(json, CM_CADATA_OTHERS, sub); } } } } } /* Save the JSON document for postprocessing. */ state->intermediate = cm_json_encode(state, json); return 0; } static int postprocess_certs_sub(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { struct cm_cadata_state *state = data; FILE *status; status = fdopen(fd, "w"); if (status == NULL) { cm_log(1, "Internal error.\n"); _exit(errno); } fprintf(status, "%s\n", state->intermediate); fflush(status); fclose(status); _exit(0); } static int postprocess_certs(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { struct cm_nickcert **roots, **other_roots, **others; struct cm_json *json; const char *eom; if (cm_json_decode(state, msg, -1, &json, &eom) != 0) { cm_log(1, "Error parsing JSON root certificate object.\n"); return 0; } roots = parse_json_cert_list(ca, cm_json_get(json, CM_CADATA_ROOTS)); other_roots = parse_json_cert_list(ca, cm_json_get(json, CM_CADATA_OTHER_ROOTS)); others = parse_json_cert_list(ca, cm_json_get(json, CM_CADATA_OTHERS)); if ((nickcertlistcmp(roots, ca->cm_ca_root_certs) != 0) || (nickcertlistcmp(other_roots, ca->cm_ca_other_root_certs) != 0) || (nickcertlistcmp(others, ca->cm_ca_other_certs) != 0)) { state->modified = 1; } talloc_free(ca->cm_ca_root_certs); talloc_free(ca->cm_ca_other_root_certs); talloc_free(ca->cm_ca_other_certs); ca->cm_ca_root_certs = roots; ca->cm_ca_other_root_certs = other_roots; ca->cm_ca_other_certs = others; return 0; } /* Parse a list of comma or newline-separated items. This handles both SCEP * capability lists and our lists of required attributes. */ static int parse_list(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg, const char **dict, char ***list) { const char *p, *q; char **reqs = NULL, **tmp; int i = 0, j = 0, len; p = msg; q = p + strcspn(p, ",\r\n"); while (p != q) { tmp = talloc_realloc(ca, reqs, char *, i + 2); if (tmp == NULL) { break; } reqs = tmp; if (dict == NULL) { /* Save every item. */ reqs[i] = talloc_strndup(reqs, p, q - p); if ((reqs[i] != NULL) && (strlen(reqs[i]) > 0)) { i++; } reqs[i] = NULL; } else { /* Save only dictionary items that can be mapped from * items in the list. */ for (j = 0; dict[j] != NULL; j += 2) { len = strlen(dict[j]); if ((q - p == len) && (strncasecmp(dict[j], p, len) == 0)) { reqs[i] = talloc_strdup(reqs, dict[j + 1]); if ((reqs[i] != NULL) && (strlen(reqs[i]) > 0)) { i++; } break; } } reqs[i] = NULL; } p = q + strspn(q, ",\r\n"); q = p + strcspn(p, ",\r\n"); } if (i == 0) { talloc_free(reqs); reqs = NULL; } if (state != NULL) { if ((*list == NULL) && (reqs == NULL)) { state->modified = 0; } else if ((*list == NULL) && (reqs != NULL)) { state->modified = 1; } else if ((*list != NULL) && (reqs == NULL)) { state->modified = 1; } else { state->modified = 0; for (i = 0; (*list)[i] != NULL; i++) { for (j = 0; reqs[j] != NULL; j++) { if (strcmp((*list)[i], reqs[j]) == 0) { break; } } if (reqs[j] == NULL) { state->modified = 1; break; } } for (i = 0; reqs[i] != NULL; i++) { for (j = 0; (*list)[j] != NULL; j++) { if (strcmp(reqs[i], (*list)[j]) == 0) { break; } } if ((*list)[j] == NULL) { state->modified = 1; break; } } } } talloc_free(*list); *list = reqs; return 0; } /* Parse a list of known profiles. */ static int parse_profiles(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { parse_list(ca, state, msg, NULL, &ca->cm_ca_profiles); return 0; } /* Parse a single profile name that we'll advertise as a default. */ static int parse_default_profile(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { const char *p, *q; char *old_dp; old_dp = ca->cm_ca_default_profile; p = msg; q = p + strcspn(p, "\r\n"); if (p != q) { ca->cm_ca_default_profile = talloc_strndup(ca, p, q - p); } else { ca->cm_ca_default_profile = NULL; } if (state != NULL) { if ((old_dp == NULL) && (ca->cm_ca_default_profile == NULL)) { state->modified = 0; } else if ((old_dp == NULL) && (ca->cm_ca_default_profile != NULL)) { state->modified = 1; } else if ((old_dp != NULL) && (ca->cm_ca_default_profile == NULL)) { state->modified = 1; } else { state->modified = (strcmp(old_dp, ca->cm_ca_default_profile) != 0); } } talloc_free(old_dp); return 0; } /* Parse a list of properties that the helper expects us to have set for new * enrollment requests. */ static int parse_enroll_reqs(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { parse_list(ca, state, msg, attribute_map, &ca->cm_ca_required_enroll_attributes); return 0; } /* Parse a list of properties that the helper expects us to have set for * renewal requests. */ static int parse_renew_reqs(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { parse_list(ca, state, msg, attribute_map, &ca->cm_ca_required_renewal_attributes); return 0; } /* Parse a list of SCEP capabilities. */ static int parse_capabilities(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { parse_list(ca, state, msg, NULL, &ca->cm_ca_capabilities); return 0; } /* Compare two strings, treating NULL and empty as the same. */ static dbus_bool_t strings_differ(const char *a, const char *b) { if (a == NULL) { a = ""; } if (b == NULL) { b = ""; } return (strcmp(a, b) != 0); } /* Parse SCEP encryption certificate data, which is a series of concatenated * X.509 certificates. The first is for the SCEP server. The second, if there * is one, is for the CA. Any additional certificates are assumed to be * intermediates. */ static int parse_encryption_certs(struct cm_store_ca *ca, struct cm_cadata_state *state, const char *msg) { const char *olde, *oldei, *oldep; char *p; olde = ca->cm_ca_encryption_cert; oldei = ca->cm_ca_encryption_issuer_cert; oldep = ca->cm_ca_encryption_cert_pool; ca->cm_ca_encryption_cert = talloc_strdup(ca, msg); ca->cm_ca_encryption_issuer_cert = NULL; ca->cm_ca_encryption_cert_pool = NULL; p = strstr(ca->cm_ca_encryption_cert, "-----END CERTIFICATE-----"); if (p != NULL) { p += strcspn(p, "\r\n"); p += strspn(p, "\r\n"); if (strstr(p, "-----END CERTIFICATE-----") != NULL) { ca->cm_ca_encryption_issuer_cert = talloc_strdup(ca, p); *p = '\0'; } } if (ca->cm_ca_encryption_issuer_cert != NULL) { p = strstr(ca->cm_ca_encryption_issuer_cert, "-----END CERTIFICATE-----"); if (p != NULL) { p += strcspn(p, "\r\n"); p += strspn(p, "\r\n"); if (strstr(p, "-----END CERTIFICATE-----") != NULL) { ca->cm_ca_encryption_cert_pool = talloc_strdup(ca, p); } *p = '\0'; } } if (ca->cm_ca_encryption_cert != NULL) { if (strspn(ca->cm_ca_encryption_cert, "\r\n \t") == strlen(ca->cm_ca_encryption_cert)) { ca->cm_ca_encryption_cert = NULL; } } if (ca->cm_ca_encryption_issuer_cert != NULL) { if (strspn(ca->cm_ca_encryption_issuer_cert, "\r\n \t") == strlen(ca->cm_ca_encryption_issuer_cert)) { ca->cm_ca_encryption_issuer_cert = NULL; } } if (ca->cm_ca_encryption_cert_pool != NULL) { if (strspn(ca->cm_ca_encryption_cert_pool, "\r\n \t") == strlen(ca->cm_ca_encryption_cert_pool)) { ca->cm_ca_encryption_cert_pool = NULL; } } state->modified = strings_differ(olde, ca->cm_ca_encryption_cert) || strings_differ(oldei, ca->cm_ca_encryption_issuer_cert) || strings_differ(oldep, ca->cm_ca_encryption_cert_pool); return 0; } /* Start the helper with the right $CERTMONGER_OPERATION, and feed the output * to the right parser callback. */ static struct cm_cadata_state * cm_cadata_start_generic(struct cm_store_ca *ca, const char *op, int (*parse)(struct cm_store_ca *, struct cm_cadata_state *, const char *), int (*second_sub)(int fd, struct cm_store_ca *, struct cm_store_entry *, void *), int (*postprocess)(struct cm_store_ca *, struct cm_cadata_state *, const char *)) { struct cm_cadata_state *ret; int error_fd[2]; unsigned char u; switch (ca->cm_ca_type) { case cm_ca_internal_self: if (strcasecmp(op, CM_OP_IDENTIFY) == 0) { ca->cm_ca_aka = talloc_asprintf(ca, CM_SELF_SIGN_CA_NAME " (%s %s)", PACKAGE_NAME, PACKAGE_VERSION); } else if (strcasecmp(op, CM_OP_FETCH_ROOTS) == 0) { } else if (strcasecmp(op, CM_OP_FETCH_PROFILES) == 0) { } else if (strcasecmp(op, CM_OP_FETCH_DEFAULT_PROFILE) == 0) { } else if (strcasecmp(op, CM_OP_FETCH_ENROLL_REQUIREMENTS) == 0) { parse_list(ca, NULL, CM_SUBMIT_REQ_SUBJECT_ENV, attribute_map, &ca->cm_ca_required_enroll_attributes); } else if (strcasecmp(op, CM_OP_FETCH_RENEWAL_REQUIREMENTS) == 0) { parse_list(ca, NULL, CM_SUBMIT_REQ_SUBJECT_ENV, attribute_map, &ca->cm_ca_required_renewal_attributes); } return NULL; break; case cm_ca_external: break; } if (pipe(error_fd) != 0) { cm_log(1, "Error creating pipe for reporting " "errors: %s.\n", strerror(errno)); return NULL; } ret = talloc_ptrtype(ca, ret); if (ret == NULL) { return NULL; } memset(ret, 0, sizeof(*ret)); ret->phase = parsing; ret->ca = ca; ret->error_fd = error_fd[1]; ret->delay = -1; ret->op = op; ret->modified = 0; ret->subproc = cm_subproc_start(fetch, ret, ca, NULL, ret); if (ret->subproc == NULL) { close(error_fd[0]); close(error_fd[1]); talloc_free(ret); return NULL; } close(error_fd[1]); ret->error_fd = -1; ret->parse = parse; ret->second_sub = second_sub; ret->postprocess = postprocess; if (read(error_fd[0], &u, 1) == 1) { cm_log(1, "Error running enrollment helper \"%s\": %s.\n", ca->cm_ca_external_helper, strerror(u)); /* return the state so the process can be reaped */ } close(error_fd[0]); return ret; } struct cm_cadata_state * cm_cadata_start_identify(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_IDENTIFY, parse_identification, NULL, NULL); } struct cm_cadata_state * cm_cadata_start_certs(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_ROOTS, parse_certs, postprocess_certs_sub, postprocess_certs); } struct cm_cadata_state * cm_cadata_start_profiles(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_PROFILES, parse_profiles, NULL, NULL); } struct cm_cadata_state * cm_cadata_start_default_profile(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_DEFAULT_PROFILE, parse_default_profile, NULL, NULL); } struct cm_cadata_state * cm_cadata_start_enroll_reqs(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_ENROLL_REQUIREMENTS, parse_enroll_reqs, NULL, NULL); } struct cm_cadata_state * cm_cadata_start_renew_reqs(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_RENEWAL_REQUIREMENTS, parse_renew_reqs, NULL, NULL); } struct cm_cadata_state * cm_cadata_start_capabilities(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_SCEP_CA_CAPS, parse_capabilities, NULL, NULL); } struct cm_cadata_state * cm_cadata_start_encryption_certs(struct cm_store_ca *ca) { return cm_cadata_start_generic(ca, CM_OP_FETCH_SCEP_CA_CERTS, parse_encryption_certs, NULL, NULL); } int cm_cadata_ready(struct cm_cadata_state *state) { struct cm_subproc_state *subproc; int ready, status, length; const char *msg = NULL; char *p = NULL; long delay = -1; ready = cm_subproc_ready(state->subproc); if (ready == 0) { status = cm_subproc_get_exitstatus(state->subproc); msg = cm_subproc_get_msg(state->subproc, &length); if (WIFEXITED(status)) { switch (WEXITSTATUS(status)) { case CM_SUBMIT_STATUS_ISSUED: switch (state->phase) { case parsing: ready = (*(state->parse))(state->ca, state, msg); if ((ready == 0) && (state->second_sub != NULL) && (state->postprocess != NULL)) { subproc = cm_subproc_start(state->second_sub, state, state->ca, NULL, state); if (subproc != NULL) { cm_subproc_done(state->subproc); state->subproc = subproc; state->phase = postprocessing; ready = -1; } else { cm_log(1, "Error running second helper.\n"); } } break; case postprocessing: ready = (*(state->postprocess))(state->ca, state, msg); break; } break; case CM_SUBMIT_STATUS_WAIT_WITH_DELAY: if (length > 0) { delay = strtol(msg, &p, 10); if ((p != NULL) && ((*p == '\0') || (strchr("\r\n", *p) != NULL))) { state->delay = delay; } } break; default: break; } } } return ready; } int cm_cadata_get_fd(struct cm_cadata_state *state) { return cm_subproc_get_fd(state->subproc); } int cm_cadata_modified(struct cm_cadata_state *state) { return state->modified ? 0 : -1; } int cm_cadata_rejected(struct cm_cadata_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_REJECTED)) { return 0; } return -1; } int cm_cadata_unsupported(struct cm_cadata_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED)) { return 0; } return -1; } int cm_cadata_needs_retry(struct cm_cadata_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && ((WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT) || (WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT_WITH_DELAY))) { return 0; } return -1; } int cm_cadata_specified_delay(struct cm_cadata_state *state) { return state->delay; } int cm_cadata_unreachable(struct cm_cadata_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_UNREACHABLE)) { return 0; } return -1; } int cm_cadata_unconfigured(struct cm_cadata_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_UNCONFIGURED)) { return 0; } return -1; } void cm_cadata_done(struct cm_cadata_state *state) { cm_subproc_done(state->subproc); talloc_free(state); } certmonger-0.79.19/src/cadata.h0000644000175000017500000000464014511314133015613 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcadata_h #define cmcadata_h struct cm_cadata_state; struct cm_store_ca; /* Start fetching information from the CA. */ struct cm_cadata_state *cm_cadata_start_identify(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_certs(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_profiles(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_default_profile(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_enroll_reqs(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_renew_reqs(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_capabilities(struct cm_store_ca *ca); struct cm_cadata_state *cm_cadata_start_encryption_certs(struct cm_store_ca *ca); /* Check if the data has been retrieved. */ int cm_cadata_ready(struct cm_cadata_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_cadata_get_fd(struct cm_cadata_state *state); /* Check if the CA data was modified. */ int cm_cadata_modified(struct cm_cadata_state *state); /* Check if we need to retry. */ int cm_cadata_needs_retry(struct cm_cadata_state *state); /* Check when we need to retry. */ int cm_cadata_specified_delay(struct cm_cadata_state *state); /* Check if the CA was unreachable. */ int cm_cadata_unreachable(struct cm_cadata_state *state); /* Check if we're missing some configuration. */ int cm_cadata_unconfigured(struct cm_cadata_state *state); /* Check if the server didn't support that. */ int cm_cadata_rejected(struct cm_cadata_state *state); /* Check if the helper didn't support that. */ int cm_cadata_unsupported(struct cm_cadata_state *state); /* Clean up after retrieving data. */ void cm_cadata_done(struct cm_cadata_state *state); #endif certmonger-0.79.19/src/canalyze.c0000644000175000017500000001665614511314133016211 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "canalyze.h" #include "log.h" #include "store-int.h" #include "store.h" #include "submit-e.h" #include "subproc.h" struct cm_ca_analyze_state { struct cm_subproc_state *subproc; long delay; }; static PRTime not_valid_after(PLArenaPool *arena, struct cm_nickcert *nc) { CERTCertificate cert; CERTSignedData sdata; PRTime nvb, nva; const char *p, *q; char *pem; int length; p = strstr(nc->cm_cert, "-----BEGIN"); if (p != NULL) { p += strcspn(p, "\r\n"); p += strspn(p, "\r\n"); q = strstr(p, "-----END"); } else { p = nc->cm_cert; q = p + strlen(p); } pem = cm_store_base64_as_bin(nc, p, q - p, &length); if (pem != NULL) { memset(&sdata, 0, sizeof(sdata)); memset(&cert, 0, sizeof(cert)); if ((SEC_ASN1Decode(arena, &sdata, SEC_ASN1_GET(CERT_SignedDataTemplate), pem, length) != SECSuccess) || (SEC_ASN1Decode(arena, &cert, SEC_ASN1_GET(CERT_CertificateTemplate), (const char *) sdata.data.data, sdata.data.len) != SECSuccess)) { cm_log(0, "Decoding error on \"%.*s\" " "(%d bytes)!\n", (int) (q - p), p, length); _exit(1); } if (CERT_GetCertTimes(&cert, &nvb, &nva) != SECSuccess) { cm_log(0, "Parsing error on \"%.*s\"!\n", (int) (q - p), p); _exit(1); } if (nva < PR_Now()) { cm_log(1, "Certificate \"%s\" no longer valid.\n", nc->cm_nickname); return 0; } else { cm_log(1, "Certificate \"%s\" valid for %llds.\n", nc->cm_nickname, (long long) ((nva - PR_Now()) / PR_USEC_PER_SEC)); return nva; } } return 0; } static int cm_ca_analyze_certs_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { PLArenaPool *arena; char *p; int i; PRTime result = 0, now, tmp; /* Walk the list of certificates we've retrieved, and print a number * approximating the midpoint of time between now and the first of * their not-valid-after dates. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(0, "Out of memory.\n"); return 1; } for (i = 0; (ca->cm_ca_root_certs != NULL) && (ca->cm_ca_root_certs[i] != NULL); i++) { tmp = not_valid_after(arena, ca->cm_ca_root_certs[i]); result = result ? (tmp ? ((result < tmp) ? result : tmp) : result) : tmp; cm_log(3, "Running result is %lld.\n", (long long) result); } for (i = 0; (ca->cm_ca_other_root_certs != NULL) && (ca->cm_ca_other_root_certs[i] != NULL); i++) { tmp = not_valid_after(arena, ca->cm_ca_other_root_certs[i]); result = result ? (tmp ? ((result < tmp) ? result : tmp) : result) : tmp; cm_log(3, "Running result is %lld.\n", (long long) result); } for (i = 0; (ca->cm_ca_other_certs != NULL) && (ca->cm_ca_other_certs[i] != NULL); i++) { tmp = not_valid_after(arena, ca->cm_ca_other_certs[i]); result = result ? (tmp ? ((result < tmp) ? result : tmp) : result) : tmp; cm_log(3, "Running result is %lld.\n", (long long) result); } cm_log(3, "Final result is %lld.\n", (long long) result); now = PR_Now(); if ((result != 0) && (result > now)) { result = (result - now) / PR_USEC_PER_SEC / 2; } p = talloc_asprintf(ca, "%lld", (long long) result); i = strlen(p); if (write(fd, p, strlen(p)) != i) { cm_log(0, "Error writing \"%s\" to pipe: %s.\n", p, strerror(errno)); } cm_log(3, "Time until refresh: %s.\n", p); talloc_free(p); PORT_FreeArena(arena, PR_TRUE); _exit(0); } static int cm_ca_analyze_encryption_certs_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { PLArenaPool *arena; char *p; int i; PRTime result = 0, now, ratime, catime; struct cm_nickcert *racert, *cacert; if (ca->cm_ca_encryption_issuer_cert == NULL) { cacert = NULL; } else { cacert = talloc_ptrtype(ca, racert); cacert->cm_nickname = talloc_strdup(cacert, "CA certificate"); cacert->cm_cert = ca->cm_ca_encryption_issuer_cert; } if (ca->cm_ca_encryption_cert == NULL) { racert = NULL; } else { racert = talloc_ptrtype(ca, racert); racert->cm_nickname = talloc_strdup(racert, cacert ? "RA certificate" : "CA certificate"); racert->cm_cert = ca->cm_ca_encryption_cert; } /* Look at the RA and CA certificates, and print a number approximating * the midpoint of time between now and the first of their * not-valid-after dates. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(0, "Out of memory.\n"); return 1; } now = PR_Now(); ratime = CM_DELAY_CA_POLL_MAXIMUM; ratime *= PR_USEC_PER_SEC; ratime += now; if (racert != NULL) { ratime = not_valid_after(arena, racert); } catime = ratime; if (cacert != NULL) { catime = not_valid_after(arena, cacert); } if (ratime < catime) { result = ratime; } else { result = catime; } cm_log(3, "Result is %lld.\n", (long long) result); if ((result != 0) && (result > now)) { result = (result - now) / PR_USEC_PER_SEC / 2; } p = talloc_asprintf(ca, "%lld", (long long) result); i = strlen(p); if (write(fd, p, strlen(p)) != i) { cm_log(0, "Error writing \"%s\" to pipe: %s.\n", p, strerror(errno)); } talloc_free(p); PORT_FreeArena(arena, PR_TRUE); _exit(0); } struct cm_ca_analyze_state * cm_ca_analyze_start_certs(struct cm_store_ca *ca) { struct cm_ca_analyze_state *ret; ret = talloc_ptrtype(ca, ret); if (ret != NULL) { memset(ret, 0, sizeof(*ret)); ret->subproc = cm_subproc_start(&cm_ca_analyze_certs_main, ret, ca, NULL, ret); } return ret; } struct cm_ca_analyze_state * cm_ca_analyze_start_encryption_certs(struct cm_store_ca *ca) { struct cm_ca_analyze_state *ret; ret = talloc_ptrtype(ca, ret); if (ret != NULL) { memset(ret, 0, sizeof(*ret)); ret->subproc = cm_subproc_start(&cm_ca_analyze_encryption_certs_main, ret, ca, NULL, ret); } return ret; } int cm_ca_analyze_ready(struct cm_ca_analyze_state *state) { int ready, length; const char *p; ready = cm_subproc_ready(state->subproc); if ((ready == 0) && (cm_subproc_get_exitstatus(state->subproc) == 0)) { p = cm_subproc_get_msg(state->subproc, &length); if (length > 0) { state->delay = atol(p); } } return ready; } long cm_ca_analyze_get_delay(struct cm_ca_analyze_state *state) { return state->delay; } int cm_ca_analyze_get_fd(struct cm_ca_analyze_state *state) { return cm_subproc_get_fd(state->subproc); } void cm_ca_analyze_done(struct cm_ca_analyze_state *state) { cm_subproc_done(state->subproc); talloc_free(state); } certmonger-0.79.19/src/canalyze.h0000644000175000017500000000274514511314133016210 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcanalyze_h #define cmcanalyze_h struct cm_store_ca; struct cm_ca_analyze_state; /* Start computing information about the CA. */ struct cm_ca_analyze_state *cm_ca_analyze_start_certs(struct cm_store_ca *ca); /* Start computing information about the encryption certs. */ struct cm_ca_analyze_state *cm_ca_analyze_start_encryption_certs(struct cm_store_ca *ca); /* Check if the data has been retrieved. */ int cm_ca_analyze_ready(struct cm_ca_analyze_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_ca_analyze_get_fd(struct cm_ca_analyze_state *state); /* Clean up after retrieving data. */ void cm_ca_analyze_done(struct cm_ca_analyze_state *state); /* Get the refresh delay. */ long cm_ca_analyze_get_delay(struct cm_ca_analyze_state *state); #endif certmonger-0.79.19/src/casave.c0000644000175000017500000006547714511314133015652 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include struct cm_context; struct cm_certsave_state; #include "casave.h" #include "certsave-int.h" #include "cm.h" #include "iterate.h" #include "log.h" #include "prefs.h" #include "store-int.h" #include "submit-e.h" #include "subproc.h" #include "tdbus.h" #include "util.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif struct cm_casave_state { void *parent; struct cm_store_ca *ca; struct cm_subproc_state *subproc; struct cm_context *context; struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int); int (*get_n_cas)(struct cm_context *); struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int); int (*get_n_entries)(struct cm_context *); const char *file, *nssdb; struct cm_savecert { enum cert_level { root, other_root, other } level; char *nickname; char *cert; } **certs; }; /* Save the list of certificates to the database. */ static int cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { struct cm_casave_state *state = data; FILE *fp; NSSInitContext *ctx; SECStatus err; CERTCertificate *decoded, *found; CERTCertTrust trust; CERTCertDBHandle *certdb; PK11SlotInfo *slot = NULL; PRUint32 flags; const char *es, *ttrust; char *package, *p; int i, ec; fp = fdopen(fd, "w"); if (fp == NULL) { return CM_CERTSAVE_STATUS_INTERNAL_ERROR; } if (state->certs != NULL) { ctx = NSS_InitContext(state->nssdb, NULL, NULL, NULL, NULL, 0); ec = PORT_GetError(); if (ctx == NULL) { if (ec == SEC_ERROR_BAD_DATABASE) { switch (errno) { case EACCES: case EPERM: ec = PR_NO_ACCESS_RIGHTS_ERROR; break; default: flags = NSS_INIT_READONLY | NSS_INIT_NOROOTINIT; /* Sigh. Not a lot of detail. Check * if we succeed in read-only mode, * which we'll interpret as lack of * write permissions. */ ctx = NSS_InitContext(state->nssdb, NULL, NULL, NULL, NULL, flags); if (ctx != NULL) { err = NSS_ShutdownContext(ctx); if (err != SECSuccess) { cm_log(1, "Error " "shutting down " "NSS.\n"); } ctx = NULL; ec = PR_NO_ACCESS_RIGHTS_ERROR; } break; } } if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Unable to open NSS database '%s': " "%s.\n", state->nssdb, es); } else { cm_log(1, "Unable to open NSS database '%s'.\n", state->nssdb); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ fclose(fp); return CM_CERTSAVE_STATUS_PERMS; break; default: fclose(fp); return CM_CERTSAVE_STATUS_INTERNAL_ERROR; break; } } certdb = CERT_GetDefaultCertDB(); slot = PK11_GetInternalKeySlot(); if (PK11_NeedUserInit(slot)) { /* If no PIN is set at all on the database set an empty one * in case we are the creator. */ PK11_InitPin(slot, NULL, ""); } if (PK11_NeedLogin(slot)) { fclose(fp); cm_log(0, "NSS database %s requires login\n", state->nssdb); return CM_CERTSAVE_STATUS_INTERNAL_ERROR; } for (i = 0; state->certs[i] != NULL; i++) { package = state->certs[i]->cert; decoded = CERT_DecodeCertFromPackage(package, strlen(package)); p = state->certs[i]->nickname; switch (state->certs[i]->level) { case root: case other_root: ttrust = cm_prefs_nss_ca_trust(); if (ttrust == NULL) { ttrust = "CT,C,C"; } break; case other: ttrust = cm_prefs_nss_other_trust(); if (ttrust == NULL) { ttrust = ",,"; } break; default: ttrust = ",,"; break; } memset(&trust, 0, sizeof(trust)); CERT_DecodeTrustString(&trust, ttrust); if (decoded != NULL) { found = CERT_FindCertByDERCert(certdb, &decoded->derCert); if (found != NULL) { if (PK11_ImportCert(slot, found, CK_INVALID_HANDLE, p, PR_FALSE) != SECSuccess) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error " "importing '%s':" " %s.\n", p, es); } else { cm_log(1, "Error " "importing '%s'" ".\n", p); } break; } else { cm_log(3, "Wrote '%s' to " "database '%s'.\n", p, state->nssdb); if (CERT_ChangeCertTrust(certdb, found, &trust) != SECSuccess) { if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { cm_log(0, "Unable to set trust. " "Token not logged in.\n"); } } } CERT_DestroyCertificate(found); } else{ cm_log(3, "Temporary certificate '%s' " "not found in '%s'.\n", p, state->nssdb); } CERT_DestroyCertificate(decoded); } else{ cm_log(3, "Error decoding certificate '%s'.\n", p); } } PK11_FreeSlot(slot); err = NSS_ShutdownContext(ctx); if (err != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); fclose(fp); return CM_CERTSAVE_STATUS_INTERNAL_ERROR; } } fclose(fp); return 0; } /* Save the list of certificates to the file. */ static int cm_casave_main_o(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { struct cm_casave_state *state = data; FILE *fp, *bundle; int i; fp = fdopen(fd, "w"); if (fp == NULL) { return CM_CERTSAVE_STATUS_INTERNAL_ERROR; } if (state->certs != NULL) { bundle = fopen(state->file, "w"); if (bundle == NULL) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Permissions error opening \"%s\".\n", state->file); fclose(fp); return CM_CERTSAVE_STATUS_PERMS; break; default: cm_log(1, "Error opening \"%s\": %s.\n", state->file, strerror(errno)); fclose(fp); return CM_CERTSAVE_STATUS_INTERNAL_ERROR; break; } } for (i = 0; state->certs[i] != NULL; i++) { fprintf(bundle, "%s", state->certs[i]->cert); cm_log(3, "Wrote '%s' to file '%s'.\n", state->certs[i]->nickname, state->file); } fclose(bundle); } fclose(fp); return 0; } static struct cm_store_ca * ca_for_entry(struct cm_store_entry *e, struct cm_casave_state *state) { struct cm_store_ca *ca; int i; if (e->cm_ca_nickname != NULL) { for (i = 0; i < (*state->get_n_cas)(state->context); i++) { ca = (*state->get_ca_by_index)(state->context, i); if (strcmp(e->cm_ca_nickname, ca->cm_nickname) == 0) { return ca; } } } return NULL; } static void add_string(void *parent, char ***dest, const char *value) { char **tmp; int i; for (i = 0; ((*dest) != NULL) && ((*dest)[i] != NULL); i++) { if (strcmp((*dest)[i], value) == 0) { return; } } tmp = talloc_array_ptrtype(parent, tmp, i + 2); if (tmp == NULL) { printf(_("Out of memory.\n")); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } if (i > 0) { memcpy(tmp, *dest, sizeof(tmp[0]) * i); } tmp[i++] = talloc_strdup(tmp, value); tmp[i] = NULL; *dest = tmp; } static dbus_bool_t has_string(char **list, const char *value) { int i; for (i = 0; (list != NULL) && (list[i] != NULL); i++) { if (strcmp(list[i], value) == 0) { return TRUE; } } return FALSE; } static void add_cert(void *parent, struct cm_savecert ***dest, enum cert_level level, const char *nickname, const char *cert) { struct cm_savecert **tmp; int i; for (i = 0; ((*dest) != NULL) && ((*dest)[i] != NULL); i++) { if ((strcmp((*dest)[i]->nickname, nickname) == 0) && (strcmp((*dest)[i]->cert, cert) == 0)) { return; } } tmp = talloc_array_ptrtype(parent, tmp, i + 2); if (tmp == NULL) { printf(_("Out of memory.\n")); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } if (i > 0) { memcpy(tmp, *dest, sizeof(tmp[0]) * i); } tmp[i] = talloc_ptrtype(tmp, tmp[i]); if (tmp[i] != NULL) { memset(tmp[i], 0, sizeof(*(tmp[i]))); tmp[i]->level = level; tmp[i]->nickname = talloc_strdup(tmp, nickname); tmp[i]->cert = talloc_strdup(tmp, cert); i++; } tmp[i] = NULL; *dest = tmp; } static void add_nickcerts(void *parent, struct cm_savecert ***dest, enum cert_level level, struct cm_nickcert **certs) { int i; for (i = 0; ((certs != NULL) && (certs[i] != NULL)); i++) { add_cert(parent, dest, level, certs[i]->cm_nickname, certs[i]->cm_cert); } } /* Build the full list of locations where we'll be saving things. If we're * passed an entry, that's the locations in the entry and the entry's CA. If * we're passed a CA, that's the locations in the CA and the locations in all * of the entries which refer to the CA. */ static void build_locations_lists(void *parent, struct cm_casave_state *state, struct cm_store_ca *ca, struct cm_store_entry *e, char ***files, char ***dbs) { struct cm_store_entry *cae = NULL; struct cm_store_ca *eca = NULL; char *dest; int i, j; if (ca != NULL) { /* Collect the list of applicable locations from the CA. */ if (ca->cm_ca_root_cert_store_files != NULL) { for (i = 0; ca->cm_ca_root_cert_store_files[i] != NULL; i++) { dest = ca->cm_ca_root_cert_store_files[i]; add_string(state, files, dest); } } if (ca->cm_ca_other_root_cert_store_files != NULL) { for (i = 0; ca->cm_ca_other_root_cert_store_files[i] != NULL; i++) { dest = ca->cm_ca_other_root_cert_store_files[i]; add_string(state, files, dest); } } if (ca->cm_ca_other_cert_store_files != NULL) { for (i = 0; ca->cm_ca_other_cert_store_files[i] != NULL; i++) { dest = ca->cm_ca_other_cert_store_files[i]; add_string(state, files, dest); } } if (ca->cm_ca_root_cert_store_nssdbs != NULL) { for (i = 0; ca->cm_ca_root_cert_store_nssdbs[i] != NULL; i++) { dest = ca->cm_ca_root_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } if (ca->cm_ca_other_root_cert_store_nssdbs != NULL) { for (i = 0; ca->cm_ca_other_root_cert_store_nssdbs[i] != NULL; i++) { dest = ca->cm_ca_other_root_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } if (ca->cm_ca_other_cert_store_nssdbs != NULL) { for (i = 0; ca->cm_ca_other_cert_store_nssdbs[i] != NULL; i++) { dest = ca->cm_ca_other_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } } /* If we were passed a CA, look for entries that reference the CA. */ for (j = 0; (ca != NULL) && (j < (*state->get_n_entries)(state->context)); j++) { /* If this entry uses the passed-in CA, collect the list of * applicable locations from the entry. */ cae = (*state->get_entry_by_index)(state->context, j); if ((cae == NULL) || (cae == e)) { continue; } if (cae->cm_ca_nickname == NULL) { continue; } if (strcmp(cae->cm_ca_nickname, ca->cm_nickname) != 0) { continue; } /* Collect the list of applicable locations from the entry. */ if (cae->cm_root_cert_store_files != NULL) { for (i = 0; cae->cm_root_cert_store_files[i] != NULL; i++) { dest = cae->cm_root_cert_store_files[i]; add_string(state, files, dest); } } if (cae->cm_other_root_cert_store_files != NULL) { for (i = 0; cae->cm_other_root_cert_store_files[i] != NULL; i++) { dest = cae->cm_other_root_cert_store_files[i]; add_string(state, files, dest); } } if (cae->cm_other_cert_store_files != NULL) { for (i = 0; cae->cm_other_cert_store_files[i] != NULL; i++) { add_string(state, files, cae->cm_other_cert_store_files[i]); } } if (cae->cm_root_cert_store_nssdbs != NULL) { for (i = 0; cae->cm_root_cert_store_nssdbs[i] != NULL; i++) { add_string(state, dbs, cae->cm_root_cert_store_nssdbs[i]); } } if (cae->cm_other_root_cert_store_nssdbs != NULL) { for (i = 0; cae->cm_other_root_cert_store_nssdbs[i] != NULL; i++) { dest = cae->cm_other_root_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } if (cae->cm_other_cert_store_nssdbs != NULL) { for (i = 0; cae->cm_other_cert_store_nssdbs[i] != NULL; i++) { add_string(state, dbs, cae->cm_other_cert_store_nssdbs[i]); } } } if (e != NULL) { /* Collect the list of applicable locations from the entry. */ if (e->cm_root_cert_store_files != NULL) { for (i = 0; e->cm_root_cert_store_files[i] != NULL; i++) { dest = e->cm_root_cert_store_files[i]; add_string(state, files, dest); } } if (e->cm_other_root_cert_store_files != NULL) { for (i = 0; e->cm_other_root_cert_store_files[i] != NULL; i++) { dest = e->cm_other_root_cert_store_files[i]; add_string(state, files, dest); } } if (e->cm_other_cert_store_files != NULL) { for (i = 0; e->cm_other_cert_store_files[i] != NULL; i++) { add_string(state, files, e->cm_other_cert_store_files[i]); } } if (e->cm_root_cert_store_nssdbs != NULL) { for (i = 0; e->cm_root_cert_store_nssdbs[i] != NULL; i++) { add_string(state, dbs, e->cm_root_cert_store_nssdbs[i]); } } if (e->cm_other_root_cert_store_nssdbs != NULL) { for (i = 0; e->cm_other_root_cert_store_nssdbs[i] != NULL; i++) { dest = e->cm_other_root_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } if (e->cm_other_cert_store_nssdbs != NULL) { for (i = 0; e->cm_other_cert_store_nssdbs[i] != NULL; i++) { add_string(state, dbs, e->cm_other_cert_store_nssdbs[i]); } } } /* If we were passed a CA, look for entries that reference the CA. */ for (j = 0; (e != NULL) && (e->cm_ca_nickname != NULL) && (j < (*state->get_n_cas)(state->context)); j++) { /* If this CA is the entry's CA, collect the list of applicable * locations from the CA. */ eca = (*state->get_ca_by_index)(state->context, j); if ((eca == NULL) || (eca == ca)) { continue; } if (eca->cm_nickname == NULL) { continue; } if (strcmp(e->cm_ca_nickname, eca->cm_nickname) != 0) { continue; } /* Collect the list of applicable locations from the CA. */ if (eca->cm_ca_root_cert_store_files != NULL) { for (i = 0; eca->cm_ca_root_cert_store_files[i] != NULL; i++) { dest = eca->cm_ca_root_cert_store_files[i]; add_string(state, files, dest); } } if (eca->cm_ca_other_root_cert_store_files != NULL) { for (i = 0; eca->cm_ca_other_root_cert_store_files[i] != NULL; i++) { dest = eca->cm_ca_other_root_cert_store_files[i]; add_string(state, files, dest); } } if (eca->cm_ca_other_cert_store_files != NULL) { for (i = 0; eca->cm_ca_other_cert_store_files[i] != NULL; i++) { dest = eca->cm_ca_other_cert_store_files[i]; add_string(state, files, dest); } } if (eca->cm_ca_root_cert_store_nssdbs != NULL) { for (i = 0; eca->cm_ca_root_cert_store_nssdbs[i] != NULL; i++) { dest = eca->cm_ca_root_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } if (eca->cm_ca_other_root_cert_store_nssdbs != NULL) { for (i = 0; eca->cm_ca_other_root_cert_store_nssdbs[i] != NULL; i++) { dest = eca->cm_ca_other_root_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } if (eca->cm_ca_other_cert_store_nssdbs != NULL) { for (i = 0; eca->cm_ca_other_cert_store_nssdbs[i] != NULL; i++) { dest = eca->cm_ca_other_cert_store_nssdbs[i]; add_string(state, dbs, dest); } } } } /* Build the list of certificates that belong in this file. That's the * certificates of any CA which lists the file as a storage location, and of * any CA referenced by entries which list the file as a storage location, and * any certificates held directly in entries which list the file as a storage * location. */ static struct cm_savecert ** build_file_savecerts_list(struct cm_casave_state *state, const char *filename) { struct cm_savecert **ret = NULL; struct cm_store_ca *ca; struct cm_store_entry *entry; int i, j; dbus_bool_t have_root, have_other_root, have_other; for (i = 0; i < (*state->get_n_cas)(state->context); i++) { ca = (*state->get_ca_by_index)(state->context, i); have_root = FALSE; have_other_root = FALSE; have_other = FALSE; if (has_string(ca->cm_ca_root_cert_store_files, filename)) { add_nickcerts(state, &ret, root, ca->cm_ca_root_certs); have_root = TRUE; } if (has_string(ca->cm_ca_other_root_cert_store_files, filename)) { add_nickcerts(state, &ret, other_root, ca->cm_ca_other_root_certs); have_other_root = TRUE; } if (has_string(ca->cm_ca_other_cert_store_files, filename)) { add_nickcerts(state, &ret, other, ca->cm_ca_other_certs); have_other = TRUE; } for (j = 0; j < (*state->get_n_entries)(state->context); j++) { entry = (*state->get_entry_by_index)(state->context, j); if (entry->cm_ca_nickname == NULL) { continue; } if (strcmp(entry->cm_ca_nickname, ca->cm_nickname) != 0) { continue; } if (!have_root && has_string(entry->cm_root_cert_store_files, filename)) { add_nickcerts(state, &ret, root, ca->cm_ca_root_certs); have_root = TRUE; } if (!have_other_root && has_string(entry->cm_other_root_cert_store_files, filename)) { add_nickcerts(state, &ret, other_root, ca->cm_ca_other_root_certs); have_other_root = TRUE; } if (!have_other && has_string(entry->cm_other_cert_store_files, filename)) { add_nickcerts(state, &ret, other, ca->cm_ca_other_certs); have_other = TRUE; } if (have_root && have_other_root && have_other) { break; } } } for (j = 0; j < (*state->get_n_entries)(state->context); j++) { entry = (*state->get_entry_by_index)(state->context, j); if (has_string(entry->cm_root_cert_store_files, filename)) { add_nickcerts(state, &ret, root, entry->cm_cert_roots); } if (has_string(entry->cm_other_cert_store_files, filename)) { add_nickcerts(state, &ret, other, entry->cm_cert_chain); } } return ret; } /* Build the list of certificates which we need to store in this database. * That's the certificates of the CA, of the entry, and of the entry's CA. We * don't walk the list of CAs because we don't prune databases, and we're not * rewriting the database from scratch every time we write to it, so we don't * need to. */ static struct cm_savecert ** build_nssdb_savecerts_list(struct cm_casave_state *state, struct cm_store_ca *ca, struct cm_store_entry *entry, const char *nssdb) { struct cm_savecert **ret = NULL; if (ca != NULL) { if (has_string(ca->cm_ca_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, root, ca->cm_ca_root_certs); } if (has_string(ca->cm_ca_other_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other_root, ca->cm_ca_other_root_certs); } if (has_string(ca->cm_ca_other_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other, ca->cm_ca_other_certs); } } if (entry != NULL) { if (has_string(entry->cm_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, root, entry->cm_cert_roots); } if (has_string(entry->cm_other_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other, entry->cm_cert_chain); } ca = ca_for_entry(entry, state); if (ca != NULL) { if (has_string(entry->cm_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, root, ca->cm_ca_root_certs); add_nickcerts(state, &ret, root, entry->cm_cert_roots); } else if (has_string(ca->cm_ca_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, root, ca->cm_ca_root_certs); add_nickcerts(state, &ret, root, entry->cm_cert_roots); } if (has_string(entry->cm_other_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other_root, ca->cm_ca_other_root_certs); } else if (has_string(ca->cm_ca_other_root_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other_root, ca->cm_ca_other_root_certs); } if (has_string(entry->cm_other_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other, ca->cm_ca_other_certs); add_nickcerts(state, &ret, other, entry->cm_cert_chain); } else if (has_string(ca->cm_ca_other_cert_store_nssdbs, nssdb)) { add_nickcerts(state, &ret, other, ca->cm_ca_other_certs); add_nickcerts(state, &ret, other, entry->cm_cert_chain); } } } return ret; } static int cm_casave_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { struct cm_casave_state *state = data; struct cm_subproc_state *subproc; FILE *fp; int i, status, length; char **files = NULL, **dbs = NULL; const char *msg; fp = fdopen(fd, "w"); if (fp == NULL) { return CM_CERTSAVE_STATUS_INTERNAL_ERROR; } /* Build a list of the locations to which we're going to be writing. */ build_locations_lists(data, state, ca, e, &files, &dbs); /* For each file, work out all of the certificates that need to be * saved to it, and save them. */ for (i = 0; (files != NULL) && (files[i] != NULL); i++) { state->file = files[i]; state->nssdb = NULL; state->certs = build_file_savecerts_list(state, state->file); subproc = cm_subproc_start(cm_casave_main_o, state, ca, e, state); if (subproc == NULL) { fprintf(fp, "Error starting to save to file \"%s\".\n", state->file); fclose(fp); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } while (cm_subproc_ready(subproc) != 0) { fd = cm_subproc_get_fd(subproc); cm_waitfor_readable_fd(fd, CM_DELAY_SOON); } msg = cm_subproc_get_msg(subproc, &length); status = cm_subproc_get_exitstatus(subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) != 0)) { if (length > 0) { fprintf(fp, "%.*s", length, msg); } } cm_subproc_done(subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) != 0)) { fclose(fp); _exit(WEXITSTATUS(status)); } } /* For each database, work out all of the certificates that need to be * saved to it, and save them. */ for (i = 0; (dbs != NULL) && (dbs[i] != NULL); i++) { state->file = NULL; state->nssdb = dbs[i]; state->certs = build_nssdb_savecerts_list(state, ca, e, state->nssdb); subproc = cm_subproc_start(cm_casave_main_n, state, ca, e, state); if (subproc == NULL) { fprintf(fp, "Error starting to save to database \"%s\".\n", state->nssdb); fclose(fp); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } while (cm_subproc_ready(subproc) != 0) { fd = cm_subproc_get_fd(subproc); cm_waitfor_readable_fd(fd, CM_DELAY_SOON); } msg = cm_subproc_get_msg(subproc, &length); status = cm_subproc_get_exitstatus(subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) != 0)) { if (length > 0) { fprintf(fp, "%.*s", length, msg); } } cm_subproc_done(subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) != 0)) { fclose(fp); _exit(WEXITSTATUS(status)); } } fclose(fp); _exit(CM_CERTSAVE_STATUS_SAVED); } struct cm_casave_state * cm_casave_start(struct cm_store_entry *entry, struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_e_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)) { struct cm_casave_state *ret; void *parent; if (entry != NULL) { parent = entry; } else { parent = ca; } ret = talloc_ptrtype(parent, ret); if (ret != NULL) { memset(ret, 0, sizeof(*ret)); ret->parent = parent; ret->ca = ca; ret->context = context; ret->get_ca_by_index = get_ca_by_index; ret->get_n_cas = get_n_cas; ret->get_entry_by_index = get_e_by_index; ret->get_n_entries = get_n_entries; ret->subproc = cm_subproc_start(cm_casave_main, ret, ca, entry, ret); if (ret->subproc == NULL) { talloc_free(ret); return NULL; } } return ret; } int cm_casave_ready(struct cm_casave_state *state) { int ready, length; const char *msg; char *p; ready = cm_subproc_ready(state->subproc); if (ready == 0) { msg = cm_subproc_get_msg(state->subproc, &length); if (msg != NULL) { if (state->ca != NULL) { talloc_free(state->ca->cm_ca_error); p = talloc_strndup(state->ca, msg, length); state->ca->cm_ca_error = p; } } else { state->ca->cm_ca_error = NULL; } } return ready; } int cm_casave_get_fd(struct cm_casave_state *state) { return cm_subproc_get_fd(state->subproc); } int cm_casave_saved(struct cm_casave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_CERTSAVE_STATUS_SAVED)) { return 0; } return -1; } int cm_casave_conflict_subject(struct cm_casave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_CERTSAVE_STATUS_SUBJECT_CONFLICT)) { return 0; } return -1; } int cm_casave_conflict_nickname(struct cm_casave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_CERTSAVE_STATUS_NICKNAME_CONFLICT)) { return 0; } return -1; } int cm_casave_permissions_error(struct cm_casave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_CERTSAVE_STATUS_PERMS)) { return 0; } return -1; } void cm_casave_done(struct cm_casave_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } certmonger-0.79.19/src/casave.h0000644000175000017500000000400514511314133015633 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcasave_h #define cmcasave_h struct cm_context; struct cm_store_entry; struct cm_store_ca; struct cm_casave_state; /* Start saving the certificates of the entry's CA. */ struct cm_casave_state *cm_casave_start(struct cm_store_entry *entry, struct cm_store_ca *ca, struct cm_context *cm, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)); /* Check if something changed, for example we finished saving certs. */ int cm_casave_ready(struct cm_casave_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_casave_get_fd(struct cm_casave_state *state); /* Check if we saved the certificate. */ int cm_casave_saved(struct cm_casave_state *state); /* Check if we failed due to a subject name conflict. */ int cm_casave_conflict_subject(struct cm_casave_state *state); /* Check if we failed due to a nickname conflict. */ int cm_casave_conflict_nickname(struct cm_casave_state *state); /* Check if we failed due to a permissions error. */ int cm_casave_permissions_error(struct cm_casave_state *state); /* Clean up after saving the certificate. */ void cm_casave_done(struct cm_casave_state *state); #endif certmonger-0.79.19/src/certext-n.h0000644000175000017500000000202114511314133016276 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcertext_n_h #define cmcertext_n_h struct cm_store_entry; extern const SEC_ASN1Template cm_certext_cert_extension_template[]; extern const SEC_ASN1Template cm_certext_sequence_of_cert_extension_template[]; void cm_certext_read_extensions(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension **extensions); #endif certmonger-0.79.19/src/certext.c0000644000175000017500000017162414511314133016056 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef CM_USE_IDN #include #endif #include "certext.h" #include "certext-n.h" #include "log.h" #include "oiddict.h" #include "store.h" #include "store-int.h" #include "util-n.h" /* Structures and templates for creating and parsing principal name otherName * values. */ struct realm { SECItem name; }; struct principal_name { SECItem name_type; SECItem **name_string; }; struct kerberos_principal_name { struct realm realm; struct principal_name principal_name; }; struct ms_template { SECItem id; SECItem major; SECItem minor; }; /* KerberosString: RFC 4120, 5.2.1 */ static const SEC_ASN1Template cm_kerberos_string_template[] = { { .kind = SEC_ASN1_GENERAL_STRING, .offset = 0, .sub = NULL, .size = sizeof(SECItem), }, }; /* Realm == KerberosString: RFC 4120, 5.2.2 */ static const SEC_ASN1Template cm_realm_template[] = { { .kind = SEC_ASN1_GENERAL_STRING, .offset = 0, .sub = NULL, .size = sizeof(SECItem), }, }; static const SEC_ASN1Template cm_sequence_of_kerberos_string_template[] = { { .kind = SEC_ASN1_SEQUENCE_OF, .offset = 0, .sub = &cm_kerberos_string_template, .size = 0, }, }; /* PrincipalName: RFC 4120, 5.2.2 */ static const SEC_ASN1Template cm_principal_name_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(struct principal_name), }, { .kind = SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT, .offset = offsetof(struct principal_name, name_type), .sub = &SEC_IntegerTemplate, .size = sizeof(SECItem), }, { .kind = SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT, .offset = offsetof(struct principal_name, name_string), .sub = cm_sequence_of_kerberos_string_template, .size = sizeof(struct SECItem**), }, {0, 0, NULL, 0}, }; /* KRB5PrincipalName: RFC 4556, 3.2.2 */ const SEC_ASN1Template cm_kerberos_principal_name_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(struct kerberos_principal_name), }, { .kind = SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT, .offset = offsetof(struct kerberos_principal_name, realm), .sub = &cm_realm_template, .size = sizeof(struct realm), }, { .kind = SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT, .offset = offsetof(struct kerberos_principal_name, principal_name), .sub = &cm_principal_name_template, .size = sizeof(struct principal_name), }, {0, 0, NULL, 0}, }; /* V1 templates, identified by name. */ static SEC_ASN1Template cm_ms_upn_name_template[] = { { .kind = SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED, .offset = 0, .sub = SEC_UTF8StringTemplate, .size = sizeof(SECItem), }, }; /* A guess at what V2 template identifiers look like. */ const SEC_ASN1Template cm_ms_template_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(struct ms_template), }, { .kind = SEC_ASN1_OBJECT_ID, .offset = offsetof(struct ms_template, id), .sub = SEC_ObjectIDTemplate, .size = sizeof(SECItem), }, { .kind = SEC_ASN1_INTEGER, .offset = offsetof(struct ms_template, major), .sub = SEC_IntegerTemplate, .size = sizeof(SECItem), }, { .kind = SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, .offset = offsetof(struct ms_template, minor), .sub = SEC_IntegerTemplate, .size = sizeof(SECItem), }, {0, 0, NULL, 0}, }; /* Windows 2000-style UPN */ static unsigned char oid_ms_upn_name_bytes[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03}; static const SECOidData oid_ms_upn_name = { .oid = { .data = oid_ms_upn_name_bytes, .len = 10, }, .offset = 0, .desc = "Microsoft Windows User Principal Name", .mechanism = 0, .supportedExtension = UNSUPPORTED_CERT_EXTENSION, }; /* pkinit-SAN 1.3.6.1.5.2.2 */ static unsigned char oid_pkinit_san_bytes[] = {0x2b, 0x06, 0x01, 0x05, 0x02, 0x02}; static const SECOidData oid_pkinit_san = { .oid = { .data = oid_pkinit_san_bytes, .len = 6, }, .offset = 0, .desc = "PKINIT Subject Alternate Name", .mechanism = 0, .supportedExtension = UNSUPPORTED_CERT_EXTENSION, }; /* XCN_OID_ENROLL_CERTTYPE_EXTENSION 1.3.6.1.4.1.311.20.2 */ static unsigned char oid_microsoft_certtype_bytes[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02}; static const SECOidData oid_microsoft_certtype = { .oid = { .data = oid_microsoft_certtype_bytes, .len = 9, }, .offset = 0, .desc = "Microsoft Certificate Template Name", .mechanism = 0, .supportedExtension = UNSUPPORTED_CERT_EXTENSION, }; /* XCN_OID_CERTIFICATE_TEMPLATE 1.3.6.1.4.1.311.21.7 */ static unsigned char oid_microsoft_certificate_template_bytes[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x07}; static const SECOidData oid_microsoft_certificate_template = { .oid = { .data = oid_microsoft_certificate_template_bytes, .len = 9, }, .offset = 0, .desc = "Microsoft Certificate Template", .mechanism = 0, .supportedExtension = UNSUPPORTED_CERT_EXTENSION, }; /* Read the keyUsage extension and store it as a string in the entry, with each * bit being represented by either a "1" or a "0", most significant bit first. * */ static void cm_certext_read_ku(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ku_ext) { SECItem item; unsigned int i, bit; if (SEC_ASN1DecodeItem(arena, &item, SEC_BitStringTemplate, &ku_ext->value) == SECSuccess) { talloc_free(entry->cm_cert_ku); /* A bitString decodes with length == number of bits, not * bytes, which is what we want anyway. */ entry->cm_cert_ku = talloc_zero_size(entry, item.len + 1); for (i = 0; i < item.len; i++) { bit = (item.data[i / 8] & (0x80 >> (i % 8))) ? 1 : 0; sprintf(entry->cm_cert_ku + i, "%.*u", 1, bit); } } } /* Build a BitString extension value from a string, with each bit being * represented by either a "1" or a "0", most significant bit first. */ static SECItem * cm_certext_build_bitstring(struct cm_store_entry *entry, PLArenaPool *arena, const char *bitstring) { SECItem *ret, encoded, *bits; unsigned int i, used, val, len; if ((bitstring == NULL) || (strlen(bitstring) == 0)) { /* Nothing to encode, so don't include this extension. */ return NULL; } len = strlen(bitstring) + 1; bits = SECITEM_AllocItem(arena, NULL, len); memset(bits->data, '\0', len); for (i = 0, used = 0; (bitstring != NULL) && (bitstring[i] != '\0'); i++) { val = ((bitstring[i] == '1') ? 0x80 : 0x00) >> (i % 8); bits->data[i / 8] |= val; if (val != 0) { used = i + 1; } } /* A bitString encodes with length == number of bits, not bytes, but * luckily we have that information. */ bits->len = used; memset(&encoded, 0, sizeof(encoded)); if (SEC_ASN1EncodeItem(arena, &encoded, bits, SEC_BitStringTemplate) != &encoded) { ret = NULL; } else { ret = SECITEM_ArenaDupItem(arena, &encoded); } return ret; } /* Build a keyUsage extension value from a string, with each bit being * represented by either a "1" or a "0", most significant bit first. */ static SECItem * cm_certext_build_ku(struct cm_store_entry *entry, PLArenaPool *arena, const char *ku_value) { return cm_certext_build_bitstring(entry, arena, ku_value); } /* Convert an OID to a printable string. For now, we're limited to components * that will fit into a "long". */ static char * oid_to_string(void *parent, SECItem *oid) { char *s, *t; unsigned char *p; unsigned long l; unsigned int n; s = NULL; l = 0; n = 0; for (p = oid->data; p < oid->data + oid->len; p++) { /* Add seven more bits. */ l <<= 7; l |= (*p & 0x7f); n++; /* Check for overflow. */ if ((n * 7) > sizeof(l) * 8) { return NULL; } /* If this is the last byte, save it. */ if ((*p & 0x80) == 0) { if (s != NULL) { /* Directly. */ t = talloc_asprintf(parent, "%s.%lu", s, l); talloc_free(s); s = t; } else { /* The first two items are in the first byte. */ s = talloc_asprintf(parent, "%lu.%lu", l / 40, l % 40); } l = 0; n = 0; } } return s; } /* Convert an OID from a printable string into binary form. For now, we're * limited to components that will fit into a "long". */ SECItem * oid_from_string(const char *oid, int n, PLArenaPool *arena) { unsigned long *l, val; int i, more; char *p, *endptr; unsigned char *up, u; SECItem *ret; if (n == -1) { n = strlen(oid); } p = PORT_ArenaZAlloc(arena, n + 1); l = PORT_ArenaZAlloc(arena, (n + 1) * sizeof(*l)); if ((p == NULL) || (l == NULL)) { return NULL; } /* Make sure we've got a NUL-terminator. */ memcpy(p, oid, n); p[n] = '\0'; n = 0; endptr = p; /* Parse the values as longs into an array. */ while ((*endptr != '\0') && (*p != '.')) { l[n] = strtoul(p, &endptr, 10); if (endptr == NULL) { return NULL; } switch (*endptr) { case '.': n++; p = endptr + 1; break; case '\0': n++; break; default: return NULL; break; } } /* Merge the first two values, if we have at least two. */ if (n >= 2) { l[0] = l[0] * 40 + l[1]; memmove(l + 1, l + 2, sizeof(unsigned long) * (n - 2)); n--; } ret = SECITEM_AllocItem(arena, NULL, (n + 1) * howmany(sizeof(unsigned long) * 8, 7)); if (ret == NULL) { return NULL; } /* Spool the list of values out, last section last, in LSB * order. */ up = ret->data; for (i = n - 1; i >= 0; i--) { val = l[i]; more = 0; do { *up = val & 0x7f; if (more) { *up |= 0x80; } val >>= 7; more = 1; up++; } while (val != 0); } /* Reverse the order of bytes in the buffer. */ ret->len = (up - ret->data); for (i = 0; i < (int) (ret->len / 2); i++) { u = ret->data[i]; ret->data[i] = ret->data[ret->len - 1 - i]; ret->data[ret->len - 1 - i] = u; } return ret; } /* Read an extendedKeyUsage value, convert it into a comma-separated list of * string-formatted OIDs, and store it in the entry. */ static void cm_certext_read_eku(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *eku_ext) { SECItem **oids; unsigned int i; char *s, *p; if (SEC_ASN1DecodeItem(arena, &oids, SEC_SequenceOfObjectIDTemplate, &eku_ext->value) == SECSuccess) { talloc_free(entry->cm_cert_eku); entry->cm_cert_eku = NULL; for (i = 0; oids[i] != NULL; i++) { if (entry->cm_cert_eku != NULL) { p = oid_to_string(entry, oids[i]); #if 1 /* Yeah, gotta sanity-check myself here. XXX */ if (strcmp(oid_to_string(entry, oid_from_string(p, -1, arena)), p) != 0) { cm_log(1, "Internal error: converting " "string to binary OID to string " "didn't produce the expected " "result.\n"); } #endif s = talloc_asprintf(entry, "%s,%s", entry->cm_cert_eku, p); talloc_free(entry->cm_cert_eku); entry->cm_cert_eku = s; } else { s = oid_to_string(entry, oids[i]); talloc_free(entry->cm_cert_eku); entry->cm_cert_eku = s; } } } } /* Build an extendedKeyUsage value from the comma-separated list stored in the * entry. */ static SECItem * cm_certext_build_eku(struct cm_store_entry *entry, PLArenaPool *arena, const char *eku_value) { int i; const char *p, *q; char *numeric, *symbolic; void *tctx; SECItem **oids = NULL, **tmp, encoded, *ret; if ((eku_value == NULL) || (strlen(eku_value) == 0)) { return NULL; } p = eku_value; i = 0; tctx = talloc_new(NULL); while ((p != NULL) && (*p != '\0')) { /* Find the first (or next) value. */ q = p + strcspn(p, ","); /* Make a copy and convert it to binary form. */ tmp = PORT_ArenaZAlloc(arena, sizeof(SECItem *) * (i + 2)); if (tmp != NULL) { if (i > 0) { memcpy(tmp, oids, sizeof(SECItem *) * i); } symbolic = talloc_strndup(tctx, p, q - p); numeric = cm_oid_from_name(tctx, symbolic); if (numeric != NULL) { tmp[i] = oid_from_string(numeric, -1, arena); i++; } else { cm_log(1, "Couldn't parse OID \"%.*s\", " "ignoring.\n", (int) (q - p), p); } oids = tmp; } /* Do we have any more? */ if (*q == ',') { p = q + 1; } else { p = q; } } talloc_free(tctx); /* Encode the sequence of OIDs. */ memset(&encoded, 0, sizeof(encoded)); if (SEC_ASN1EncodeItem(arena, &encoded, &oids, SEC_SequenceOfObjectIDTemplate) != &encoded) { ret = NULL; } else { ret = SECITEM_ArenaDupItem(arena, &encoded); } return ret; } /* Pull the nth component out of a principal name structure. Treat numbers * less than zero as a request for the realm name. */ static unsigned char * cm_certext_princ_data(krb5_context ctx, krb5_principal princ, int i) { if (i < 0) { #if HAVE_DECL_KRB5_PRINC_COMPONENT return (unsigned char *) (krb5_princ_realm(ctx, princ))->data; #else return (unsigned char *) princ->realm; #endif } else { #if HAVE_DECL_KRB5_PRINC_COMPONENT return (unsigned char *) (krb5_princ_component(ctx, princ, i))->data; #else return (unsigned char *) princ->name.name_string.val[i]; #endif } } /* Return the length of the data that cm_certext_princ_data() will return for a * given index. */ static int cm_certext_princ_len(krb5_context ctx, krb5_principal princ, int i) { if (i < 0) { #if HAVE_DECL_KRB5_PRINC_COMPONENT return (krb5_princ_realm(ctx, princ))->length; #else return strlen(princ->realm); #endif } else { #if HAVE_DECL_KRB5_PRINC_COMPONENT return (krb5_princ_component(ctx, princ, i))->length; #else return strlen(princ->name.name_string.val[i]); #endif } } /* Return a the name-type from a principal name structure. */ static int cm_certext_princ_get_type(krb5_context ctx, krb5_principal princ) { #if HAVE_DECL_KRB5_PRINC_TYPE return krb5_princ_type(ctx, princ); #else return princ->name.name_type; #endif } /* Set the name-type in a principal name structure. */ static void cm_certext_princ_set_type(krb5_context ctx, krb5_principal princ, int nt) { #if HAVE_DECL_KRB5_PRINC_TYPE krb5_princ_type(ctx, princ) = nt; #else princ->name.name_type = nt; #endif } /* Free an unparsed principal name. */ static void cm_certext_free_unparsed_name(krb5_context ctx, char *name) { #ifdef HAVE_KRB5_FREE_UNPARSED_NAME krb5_free_unparsed_name(ctx, name); #else free(name); #endif } /* Check how many components are in a principal name. */ static int cm_certext_princ_get_length(krb5_context ctx, krb5_principal princ) { #if HAVE_DECL_KRB5_PRINC_SIZE return krb5_princ_size(ctx, princ); #else return princ->name.name_string.len; #endif } /* Set how many components are in a principal name. */ static void cm_certext_princ_set_length(krb5_context ctx, krb5_principal princ, int length) { #if HAVE_DECL_KRB5_PRINC_SIZE krb5_princ_size(ctx, princ) = length; #else princ->name.name_string.len = length; #endif } /* Set a realm name in a principal name to point to a copy of the passed-in * name owned by "parent". */ static void cm_certext_princ_set_realm(krb5_context ctx, void *parent, krb5_principal princ, int length, char *name) { #if HAVE_DECL_KRB5_PRINC_SET_REALM_LENGTH char *p; p = talloc_zero_size(parent, length); if (p != NULL) { krb5_princ_set_realm_length(ctx, princ, length); krb5_princ_set_realm_data(ctx, princ, p); memcpy(p, name, length); } #else princ->realm = talloc_strndup(parent, name, length); #endif } /* Append a component to a principal name, using storage owned by "parent" to * hold a copy of the passed-in component value. */ static void cm_certext_princ_append_comp(krb5_context ctx, void *parent, krb5_principal princ, char *name, int length) { #if HAVE_DECL_KRB5_PRINC_NAME krb5_data *comps; int i; i = cm_certext_princ_get_length(ctx, princ); comps = talloc_zero_array(parent, krb5_data, i + 1); if (i > 0) { memcpy(comps, krb5_princ_name(ctx, princ), sizeof(krb5_data) * i); } comps[i].data = talloc_zero_size(parent, length); if (comps[i].data != NULL) { memcpy(comps[i].data, name, length); comps[i].length = length; krb5_princ_name(ctx, princ) = comps; cm_certext_princ_set_length(ctx, princ, i + 1); } #else int i; char **comps; i = cm_certext_princ_get_length(ctx, princ); comps = talloc_zero_array(parent, char *, i + 1); if (comps != NULL) { memcpy(comps, princ->name.name_string.val, sizeof(char *) * i); comps[i] = talloc_strndup(parent, name, length); if (comps[i] != NULL) { princ->name.name_string.val = comps; cm_certext_princ_set_length(ctx, princ, i + 1); } } #endif } /* Convert a principal name structure into a string. */ static char * cm_certext_parse_principal(void *parent, struct kerberos_principal_name *p) { SECItem **comps; krb5_error_code err; krb5_context ctx; krb5_principal_data princ; char *unparsed, *ret; int i, j; unsigned long name_type; void *tctx; ret = NULL; ctx = NULL; tctx = talloc_new(parent); if ((err = krb5_init_context(&ctx)) == 0) { memset(&princ, 0, sizeof(princ)); /* Copy the realm over. */ cm_certext_princ_set_realm(ctx, tctx, &princ, (int) p->realm.name.len, (char *) p->realm.name.data); /* Count the number of name components. */ comps = p->principal_name.name_string; for (i = 0; (comps != NULL) && (comps[i] != NULL); i++) { continue; } /* Set the number of name components. */ cm_certext_princ_set_length(ctx, &princ, 0); /* Allocate and populate the name components. */ for (j = 0; j < i; j++) { cm_certext_princ_append_comp(ctx, tctx, &princ, (char *) comps[j]->data, (int) comps[j]->len); } /* Try to decode the name type. */ if (SEC_ASN1DecodeInteger(&p->principal_name.name_type, &name_type) != SECSuccess) { /* Try to decode the name type. */ name_type = KRB5_NT_UNKNOWN; } cm_certext_princ_set_type(ctx, &princ, name_type); /* Convert that into a string. Use the library function so * that it can take care of escaping. */ if (krb5_unparse_name(ctx, &princ, &unparsed) == 0) { ret = talloc_strdup(parent, unparsed); cm_certext_free_unparsed_name(ctx, unparsed); } talloc_free(tctx); krb5_free_context(ctx); } else { cm_log(1, "Error %ld initializing Kerberos.\n", (long) err); } return ret; } static void cm_certext_remove_duplicates(char **p) { int n, i, j; for (n = 0; (p != NULL) && (p[n] != NULL); n++) { continue; } i = 0; while (i < n) { j = i + 1; while (j < n) { if (strcmp(p[i], p[j]) == 0) { memmove(&p[j], &p[j + 1], sizeof(p[j]) * (n - j)); n--; } else { j++; } } i++; } } /* Read an otherName, which might be either a Kerberos principal name or just * an NT principal name. */ static void cm_certext_read_other_name(struct cm_store_entry *entry, PLArenaPool *arena, CERTGeneralName *name) { SECItem *item, upn; struct kerberos_principal_name p; char **names; int i; item = &name->name.OthName.name; /* The Kerberos principal name case. */ if (SECITEM_ItemsAreEqual(&name->name.OthName.oid, &oid_pkinit_san.oid)) { memset(&p, 0, sizeof(p)); if (SEC_ASN1DecodeItem(arena, &p, cm_kerberos_principal_name_template, item) == SECSuccess) { /* Add it to the array. */ for (i = 0; (entry->cm_cert_principal != NULL) && (entry->cm_cert_principal[i] != NULL); i++) { continue; } names = talloc_zero_array(entry, char *, i + 2); if (i > 0) { memcpy(names, entry->cm_cert_principal, sizeof(char *) * i); } names[i] = cm_certext_parse_principal(entry, &p); entry->cm_cert_principal = names; } } /* The NT principal name case. */ if (SECITEM_ItemsAreEqual(&name->name.OthName.oid, &oid_ms_upn_name.oid)) { memset(&upn, 0, sizeof(upn)); if (SEC_ASN1DecodeItem(arena, &upn, cm_ms_upn_name_template, item) == SECSuccess) { /* Add it to the array. */ for (i = 0; (entry->cm_cert_principal != NULL) && (entry->cm_cert_principal[i] != NULL); i++) { continue; } names = talloc_zero_array(entry, char *, i + 2); if (i > 0) { memcpy(names, entry->cm_cert_principal, sizeof(char *) * i); } names[i] = talloc_strndup(entry, (char *) upn.data, upn.len); entry->cm_cert_principal = names; } else if (SEC_ASN1DecodeItem(arena, &upn, SEC_UTF8StringTemplate, item) == SECSuccess) { /* Add it to the array. */ for (i = 0; (entry->cm_cert_principal != NULL) && (entry->cm_cert_principal[i] != NULL); i++) { continue; } names = talloc_zero_array(entry, char *, i + 2); if (i > 0) { memcpy(names, entry->cm_cert_principal, sizeof(char *) * i); } names[i] = talloc_strndup(entry, (char *) upn.data, upn.len); entry->cm_cert_principal = names; } } /* Prune duplicates. We don't distinguish between the two cases, and * we throw the name_type away, so there's no point in listing any * value more than once. */ cm_certext_remove_duplicates(entry->cm_cert_principal); } /* Extract applicable subjectAltName values. */ static void cm_certext_read_san(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *san_ext) { CERTGeneralName *name, *san; unsigned int i, j; char **s, abuf[64]; name = CERT_DecodeAltNameExtension(arena, &san_ext->value); san = name; i = 0; talloc_free(entry->cm_cert_hostname); entry->cm_cert_hostname = NULL; talloc_free(entry->cm_cert_email); entry->cm_cert_email = NULL; talloc_free(entry->cm_cert_principal); entry->cm_cert_principal = NULL; while (san != NULL) { switch (san->type) { case certDNSName: /* A dnsName is just a string. */ for (j = 0; (entry->cm_cert_hostname != NULL) && (entry->cm_cert_hostname[j] != NULL); j++) { continue; } s = talloc_zero_array(entry, char *, j + 2); if (j > 0) { memcpy(s, entry->cm_cert_hostname, sizeof(char *) * j); } s[j] = talloc_strndup(entry, (char *) san->name.other.data, san->name.other.len); entry->cm_cert_hostname = s; cm_certext_remove_duplicates(entry->cm_cert_hostname); break; case certIPAddress: /* An IPv4 or IPv6 address. */ if (!((san->name.other.len == 16) && (inet_ntop(AF_INET6, san->name.other.data, abuf, sizeof(abuf)) != NULL)) && !((san->name.other.len == 4) && (inet_ntop(AF_INET, san->name.other.data, abuf, sizeof(abuf)) != NULL))) { continue; } for (j = 0; (entry->cm_cert_ipaddress != NULL) && (entry->cm_cert_ipaddress[j] != NULL); j++) { continue; } s = talloc_zero_array(entry, char *, j + 2); if (j > 0) { memcpy(s, entry->cm_cert_ipaddress, sizeof(char *) * j); } s[j] = talloc_strdup(entry, abuf); entry->cm_cert_ipaddress = s; cm_certext_remove_duplicates(entry->cm_cert_ipaddress); break; case certRFC822Name: /* An email address is just a string. */ for (j = 0; (entry->cm_cert_email != NULL) && (entry->cm_cert_email[j] != NULL); j++) { continue; } s = talloc_zero_array(entry, char *, j + 2); if (j > 0) { memcpy(s, entry->cm_cert_email, sizeof(char *) * j); } s[j] = talloc_strndup(entry, (char *) san->name.other.data, san->name.other.len); entry->cm_cert_email = s; cm_certext_remove_duplicates(entry->cm_cert_email); break; case certOtherName: /* need to parse these to recover principal names */ cm_certext_read_other_name(entry, arena, san); break; case certURI: case certDirectoryName: case certRegisterID: case certEDIPartyName: case certX400Address: /* we currently don't support these */ break; } san = CERT_GetNextGeneralName(san); if (san == name) { break; } i++; } } /* Build an NT principal name binary value. */ static SECItem * cm_certext_build_upn(struct cm_store_entry *entry, PLArenaPool *arena, const char *principal) { SECItem upn, princ; if ((principal == NULL) || (strlen(principal) == 0)) { return NULL; } memset(&upn, 0, sizeof(upn)); memset(&princ, 0, sizeof(princ)); princ.len = strlen(principal); princ.data = (unsigned char *) principal; if (SEC_ASN1EncodeItem(arena, &upn, &princ, SEC_UTF8StringTemplate /* cm_ms_upn_name_template */) != &upn) { return NULL; } return SECITEM_ArenaDupItem(arena, &upn); } /* Build a Kerberos principal name binary value. */ static SECItem * cm_certext_build_principal(struct cm_store_entry *entry, PLArenaPool *arena, const char *principal) { SECItem *comp, **comps, encoded; struct kerberos_principal_name p; krb5_error_code err; krb5_context ctx; krb5_principal princ; int i; if ((principal == NULL) || (strlen(principal) == 0)) { return NULL; } ctx = NULL; if ((err = krb5_init_context(&ctx)) != 0) { cm_log(1, "Error %ld initializing Kerberos.\n", (long) err); return NULL; } princ = NULL; /* Use the library routine to let it handle escaping for us. */ if (krb5_parse_name(ctx, principal, &princ) != 0) { krb5_free_context(ctx); return NULL; } /* Now stuff the values into a structure we can encode. */ memset(&p, 0, sizeof(p)); /* realm */ p.realm.name.data = cm_certext_princ_data(ctx, princ, -1); p.realm.name.len = cm_certext_princ_len(ctx, princ, -1); /* name type */ if (SEC_ASN1EncodeInteger(arena, &p.principal_name.name_type, cm_certext_princ_get_type(ctx, princ)) != &p.principal_name.name_type) { memset(&p.principal_name.name_type, 0, sizeof(p.principal_name.name_type)); } /* the component names */ i = cm_certext_princ_get_length(ctx, princ); comp = PORT_ArenaZAlloc(arena, sizeof(SECItem) * (i + 1)); comps = PORT_ArenaZAlloc(arena, sizeof(SECItem *) * (i + 1)); if (comp != NULL) { for (i = 0; i < cm_certext_princ_get_length(ctx, princ); i++) { comp[i].len = cm_certext_princ_len(ctx, princ, i); comp[i].data = cm_certext_princ_data(ctx, princ, i); comps[i] = &comp[i]; } p.principal_name.name_string = comps; } else { p.principal_name.name_string = NULL; } /* encode */ if (SEC_ASN1EncodeItem(arena, &encoded, &p, cm_kerberos_principal_name_template) != &encoded) { krb5_free_principal(ctx, princ); krb5_free_context(ctx); return NULL; } krb5_free_principal(ctx, princ); krb5_free_context(ctx); return SECITEM_ArenaDupItem(arena, &encoded); } /* Build up a subjectAltName extension value using information for the entry. */ static SECItem * cm_certext_build_san(struct cm_store_entry *entry, PLArenaPool *arena, char **hostname, char **email, char **principal, char **ipaddress) { CERTGeneralName *name, *next; SECItem encoded, *item; int i, j; struct in_addr ip; struct in6_addr ip6; char *p; /* Anything to do? */ if ((hostname == NULL) && (email == NULL) && (principal == NULL) && (ipaddress == NULL)) { return NULL; } name = NULL; /* Build a list of dnsName values. */ for (i = 0; (hostname != NULL) && (hostname[i] != NULL); i++) { if (strlen(hostname[i]) == 0) { continue; } next = PORT_ArenaZAlloc(arena, sizeof(*next)); if (next != NULL) { next->type = certDNSName; p = hostname[i]; #ifdef CM_USE_IDN if (idna_to_ascii_lz(p, &p, 0) != IDNA_SUCCESS) { cm_log(1, "Unable to convert hostname \"%s\" " "to an ASCII-compatible name.\n", hostname[i]); continue; } #endif next->name.other.data = (unsigned char *) PORT_ArenaStrdup(arena, p); next->name.other.len = strlen(p); if (p != hostname[i]) { free(p); } if (name == NULL) { name = next; PR_INIT_CLIST(&name->l); } else { PR_APPEND_LINK(&next->l, &name->l); } } } /* Build a list of email address values. */ for (i = 0; (email != NULL) && (email[i] != NULL); i++) { if (strlen(email[i]) == 0) { continue; } next = PORT_ArenaZAlloc(arena, sizeof(*next)); if (next != NULL) { next->type = certRFC822Name; next->name.other.len = strlen(email[i]); next->name.other.data = (unsigned char *) email[i]; if (name == NULL) { name = next; PR_INIT_CLIST(&name->l); } else { PR_APPEND_LINK(&next->l, &name->l); } } } /* Build a list of otherName values. Encode every principal name in two * forms. */ for (i = 0; (principal != NULL) && (principal[i] != NULL); i++) { if (strlen(principal[i]) == 0) { continue; } for (j = 0; (j < i) && (principal[j] != NULL); j++) { if (strcmp(principal[i], principal[j]) == 0) { /* We've already seen [i]; skip it. */ break; } } if (j != i) { continue; } item = cm_certext_build_upn(entry, arena, principal[i]); if (item != NULL) { next = PORT_ArenaZAlloc(arena, sizeof(*next)); if (next != NULL) { next->type = certOtherName; next->name.OthName.name = *item; next->name.OthName.oid = oid_ms_upn_name.oid; if (name == NULL) { name = next; PR_INIT_CLIST(&name->l); } else { PR_APPEND_LINK(&next->l, &name->l); } } } item = cm_certext_build_principal(entry, arena, principal[i]); if (item != NULL) { next = PORT_ArenaZAlloc(arena, sizeof(*next)); if (next != NULL) { next->type = certOtherName; next->name.OthName.name = *item; next->name.OthName.oid = oid_pkinit_san.oid; if (name == NULL) { name = next; PR_INIT_CLIST(&name->l); } else { PR_APPEND_LINK(&next->l, &name->l); } } } } /* Build a list of IP address values. */ for (i = 0; (ipaddress != NULL) && (ipaddress[i] != NULL); i++) { if (strlen(ipaddress[i]) == 0) { continue; } next = PORT_ArenaZAlloc(arena, sizeof(*next)); if (next != NULL) { next->type = certIPAddress; memset(&encoded, 0, sizeof(encoded)); if (inet_pton(AF_INET6, ipaddress[i], &ip6) == 1) { encoded.len = 16; encoded.data = (unsigned char *) &ip6; } else if (inet_pton(AF_INET, ipaddress[i], &ip) == 1) { encoded.len = 4; encoded.data = (unsigned char *) &ip; } else { cm_log(1, "Internal error: unable to parse " "\"%s\" as an IP address, ignoring.\n", ipaddress[i]); continue; } item = SECITEM_ArenaDupItem(arena, &encoded); if (item == NULL) { continue; } next->name.other = *item; if (name == NULL) { name = next; PR_INIT_CLIST(&name->l); } else { PR_APPEND_LINK(&next->l, &name->l); } } } /* Encode all of the values. */ memset(&encoded, 0, sizeof(encoded)); if ((name != NULL) && (CERT_EncodeAltNameExtension(arena, name, &encoded) == SECSuccess)) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } /* Build a basicConstraints extension value. */ static SECItem * cm_certext_build_basic(struct cm_store_entry *entry, PLArenaPool *arena, int is_ca, int path_length) { CERTBasicConstraints value; SECItem encoded, *item; memset(&value, 0, sizeof(value)); value.isCA = (is_ca != 0); value.pathLenConstraint = value.isCA ? path_length : -1; memset(&encoded, 0, sizeof(encoded)); if (CERT_EncodeBasicConstraintValue(arena, &value, &encoded) == SECSuccess) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } /* Build an authorityKeyIdentifier extension value that points to our key. */ static SECItem * cm_certext_build_self_akid(struct cm_store_entry *entry, PLArenaPool *arena) { CERTAuthKeyID value; CERTSubjectPublicKeyInfo *spki; SECItem pubkeyinfo, pubkey, encoded, *item; unsigned char digest[CM_DIGEST_MAX]; const char *pubkey_info; size_t len; memset(&pubkey, 0, sizeof(pubkey)); if (entry->cm_key_pubkey != NULL) { pubkey.len = strlen(entry->cm_key_pubkey) / 2; pubkey.data = PORT_ArenaZAlloc(arena, pubkey.len); if (pubkey.data != NULL) { pubkey.len = cm_store_hex_to_bin(entry->cm_key_pubkey, pubkey.data, pubkey.len); } } if (pubkey.data == NULL) { if (entry->cm_key_pubkey_info != NULL) { pubkey_info = entry->cm_key_pubkey_info; } else { pubkey_info = entry->cm_cert_spki; } if (pubkey_info != NULL) { memset(&pubkeyinfo, 0, sizeof(pubkeyinfo)); pubkeyinfo.len = strlen(pubkey_info) / 2; pubkeyinfo.data = PORT_ArenaZAlloc(arena, pubkeyinfo.len); spki = NULL; if (pubkeyinfo.data != NULL) { len = cm_store_hex_to_bin(pubkey_info, pubkeyinfo.data, pubkeyinfo.len); pubkeyinfo.len = len; spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&pubkeyinfo); } if (spki != NULL) { pubkey.len = howmany(spki->subjectPublicKey.len, 8); pubkey.data = PORT_ArenaZAlloc(arena, pubkey.len); if (pubkey.data != NULL) { memcpy(pubkey.data, spki->subjectPublicKey.data, pubkey.len); } SECKEY_DestroySubjectPublicKeyInfo(spki); } } } if (pubkey.data != NULL) { if (PK11_HashBuf(SEC_OID_SHA1, digest, pubkey.data, pubkey.len) != SECSuccess) { return NULL; } memset(&value, 0, sizeof(value)); value.keyID.data = digest; value.keyID.len = 20; memset(&encoded, 0, sizeof(encoded)); if (CERT_EncodeAuthKeyID(arena, &value, &encoded) == SECSuccess) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } return NULL; } /* Build a subjectKeyIdentifier extension value. */ static SECItem * cm_certext_build_skid(struct cm_store_entry *entry, PLArenaPool *arena) { CERTSubjectPublicKeyInfo *spki; SECItem pubkeyinfo, pubkey, value, encoded, *item; unsigned char digest[CM_DIGEST_MAX]; const char *pubkey_info; size_t len; memset(&pubkey, 0, sizeof(pubkey)); if (entry->cm_key_pubkey != NULL) { pubkey.len = strlen(entry->cm_key_pubkey) / 2; pubkey.data = PORT_ArenaZAlloc(arena, pubkey.len); if (pubkey.data != NULL) { len = cm_store_hex_to_bin(entry->cm_key_pubkey, pubkey.data, pubkey.len); pubkey.len = len; } } if (pubkey.data == NULL) { if (entry->cm_key_pubkey_info != NULL) { pubkey_info = entry->cm_key_pubkey_info; } else { pubkey_info = entry->cm_cert_spki; } if (pubkey_info != NULL) { memset(&pubkeyinfo, 0, sizeof(pubkeyinfo)); pubkeyinfo.len = strlen(pubkey_info) / 2; pubkeyinfo.data = PORT_ArenaZAlloc(arena, pubkeyinfo.len); spki = NULL; if (pubkeyinfo.data != NULL) { len = cm_store_hex_to_bin(pubkey_info, pubkeyinfo.data, pubkeyinfo.len); pubkeyinfo.len = len; spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&pubkeyinfo); } if (spki != NULL) { pubkey.len = howmany(spki->subjectPublicKey.len, 8); pubkey.data = PORT_ArenaZAlloc(arena, pubkey.len); if (pubkey.data != NULL) { memcpy(pubkey.data, spki->subjectPublicKey.data, pubkey.len); } SECKEY_DestroySubjectPublicKeyInfo(spki); } } } if (pubkey.data != NULL) { if (PK11_HashBuf(SEC_OID_SHA1, digest, pubkey.data, pubkey.len) != SECSuccess) { return NULL; } memset(&value, 0, sizeof(value)); value.data = digest; value.len = 20; memset(&encoded, 0, sizeof(encoded)); if (CERT_EncodeSubjectKeyID(arena, &value, &encoded) == SECSuccess) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } return NULL; } /* Build an authorityInformationAccess extension value. */ static SECItem * cm_certext_build_aia(struct cm_store_entry *entry, PLArenaPool *arena, char **ocsp_location) { CERTAuthInfoAccess *value, **values; CERTGeneralName *location; SECItem encoded, *item; SECOidData *oid; unsigned char *tmp; unsigned int i, j, n; oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP); if (oid == NULL) { return NULL; } for (n = 0; (ocsp_location != NULL) && (ocsp_location[n] != NULL); n++) { continue; } if (n == 0) { return NULL; } location = PORT_ArenaZAlloc(arena, sizeof(*location) * n); if (location == NULL) { return NULL; } value = PORT_ArenaZAlloc(arena, sizeof(*value) * n); if (value == NULL) { return NULL; } values = PORT_ArenaZAlloc(arena, sizeof(*values) * (n + 1)); if (values == NULL) { return NULL; } for (i = 0, j = 0; i < n; i++) { if (strlen(ocsp_location[i]) == 0) { continue; } location[j].type = certURI; tmp = (unsigned char *) ocsp_location[i]; location[j].name.other.data = tmp; location[j].name.other.len = strlen(ocsp_location[i]); value[j].method = oid->oid; value[j].location = &location[j]; values[j] = &value[j]; j++; } memset(&encoded, 0, sizeof(encoded)); if (CERT_EncodeInfoAccessExtension(arena, values, &encoded) == SECSuccess) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } /* Build a CRL distribution points or freshest CRL extension value. */ static SECItem * cm_certext_build_crldp(struct cm_store_entry *entry, PLArenaPool *arena, char **crldp) { CERTCrlDistributionPoints decoded; CRLDistributionPoint *value, **values; CERTGeneralName *location; SECItem encoded, *item; unsigned int i, j, n; for (n = 0; (crldp != NULL) && (crldp[n] != NULL); n++) { continue; } if (n == 0) { return NULL; } location = PORT_ArenaZAlloc(arena, sizeof(*location) * n); if (location == NULL) { return NULL; } value = PORT_ArenaZAlloc(arena, sizeof(*value) * n); if (value == NULL) { return NULL; } values = PORT_ArenaZAlloc(arena, sizeof(*values) * (n + 1)); if (values == NULL) { return NULL; } for (i = 0, j = 0; i < n; i++) { if (strlen(crldp[i]) == 0) { continue; } location[j].type = certURI; location[j].name.other.data = (unsigned char *) crldp[i]; location[j].name.other.len = strlen(crldp[i]); location[j].l.next = &location[j].l; value[j].distPointType = generalName; value[j].distPoint.fullName = &location[j]; values[j] = &value[j]; j++; } decoded.distPoints = values; memset(&encoded, 0, sizeof(encoded)); if (CERT_EncodeCRLDistributionPoints(arena, &decoded, &encoded) == SECSuccess) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } /* Build a Netscape comment extension value. */ static SECItem * cm_certext_build_ns_comment(struct cm_store_entry *entry, PLArenaPool *arena, char *comment) { SECItem value, encoded, *item; if (strlen(comment) == 0) { return NULL; } memset(&value, 0, sizeof(value)); value.data = (unsigned char *) comment; value.len = strlen(comment); memset(&encoded, 0, sizeof(encoded)); if (SEC_ASN1EncodeItem(arena, &encoded, &value, SEC_IA5StringTemplate) == &encoded) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } /* Build a no-ocsp-checking extension value. */ static SECItem * cm_certext_build_ocsp_no_check(struct cm_store_entry *entry, PLArenaPool *arena) { SECItem value, encoded, *item; memset(&value, 0, sizeof(value)); value.data = NULL; value.len = 0; memset(&encoded, 0, sizeof(encoded)); if (SEC_ASN1EncodeItem(arena, &encoded, &value, SEC_NullTemplate) == &encoded) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } return item; } /* Build a Microsoft certtype extension value. */ static SECItem * cm_certext_build_profile(struct cm_store_entry *entry, PLArenaPool *arena, char *profile) { SECItem value, encoded, *item; unsigned int len = 0; if (strlen(profile) == 0) { return NULL; } memset(&value, 0, sizeof(value)); memset(&encoded, 0, sizeof(encoded)); if (cm_store_utf8_to_bmp_string(profile, &value.data, &len) != -1) { value.len = len; if (SEC_ASN1EncodeItem(arena, &encoded, &value, SEC_BMPStringTemplate) == &encoded) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { item = NULL; } free(value.data); } else { item = NULL; } return item; } /* Build a Microsoft certificate template extension value. */ static SECItem * cm_certext_build_certificate_template( PLArenaPool *arena, char *template_spec) { struct ms_template template_data; memset(&template_data, 0, sizeof(struct ms_template)); if (NULL == template_spec || *template_spec == '\0') return NULL; /* strtok overwrites delimiters with null bytes; * therefore duplicate the input string */ char *template_spec_dup = PORT_ArenaStrdup(arena, template_spec); if (NULL == template_spec_dup) return NULL; int i = 0; char *saveptr, *endptr, *part; for ( part = strtok_r(template_spec_dup, ":", &saveptr); part != NULL; part = strtok_r(NULL, ":", &saveptr) ) { if (i == 0) { // parse OID if (SECSuccess != SEC_StringToOID(arena, &template_data.id, part, 0)) return NULL; } else if (i == 1) { // parse major version long x = strtol(part, &endptr, 10); if (*part == '\0' || *endptr != '\0') { // string was empty or contained non-digits return NULL; } if (SEC_ASN1EncodeInteger(arena, &template_data.major, x) != &template_data.major) return NULL; } else if (i == 2) { // parse minor version long x = strtol(part, &endptr, 10); if (*part == '\0' || *endptr != '\0') { // string was empty or contained non-digits return NULL; } if (SEC_ASN1EncodeInteger(arena, &template_data.minor, x) != &template_data.minor) return NULL; } else { // there are too many parts! return NULL; } i++; } if (i < 2) { // there are too few parts! (OID and major version are required) return NULL; } SECItem encoded; if (SEC_ASN1EncodeItem(arena, &encoded, &template_data, cm_ms_template_template) != &encoded) return NULL; return SECITEM_ArenaDupItem(arena, &encoded); } /* Validate a V2 template spec */ PRBool cm_ms_template_valid(char *template_spec) { PLArenaPool *arena = PORT_NewArena(sizeof(double)); if (arena == NULL) return PR_FALSE; SECItem *result = cm_certext_build_certificate_template(arena, template_spec); PORT_FreeArena(arena, PR_FALSE); // *result has been freed, but we don't read it; // we only need to know whether the parse succeeded return result != NULL; } /* Build a Netscape certtype extension value. */ static SECItem * cm_certext_build_ns_certtype(struct cm_store_entry *entry, PLArenaPool *arena, char *certtype) { char bitstring[] = "00000000"; char *p, *q; int len = 0; if (strlen(certtype) == 0) { return NULL; } p = certtype; while (*p != '\0') { q = p + strcspn(p, ","); if (strncasecmp(p, "client", q - p) == 0) { bitstring[0] = '1'; } else if (strncasecmp(p, "server", q - p) == 0) { bitstring[1] = '1'; } else if (strncasecmp(p, "email", q - p) == 0) { bitstring[2] = '1'; } else if (strncasecmp(p, "objsign", q - p) == 0) { bitstring[3] = '1'; } else if (strncasecmp(p, "reserved", q - p) == 0) { bitstring[4] = '1'; } else if (strncasecmp(p, "sslca", q - p) == 0) { bitstring[5] = '1'; } else if (strncasecmp(p, "emailca", q - p) == 0) { bitstring[6] = '1'; } else if (strncasecmp(p, "objca", q - p) == 0) { bitstring[7] = '1'; } p = q + strspn(q, ","); } if (strchr(bitstring, '1') != NULL) { len = strrchr(bitstring, '1') - bitstring; p[len + 1] = '\0'; return cm_certext_build_bitstring(entry, arena, bitstring); } else { return NULL; } } /* Build a requestedExtensions attribute. */ void cm_certext_build_csr_extensions(struct cm_store_entry *entry, NSSInitContext *ctx, unsigned char **extensions, size_t *length) { PLArenaPool *arena; CERTCertExtension ext[13], *exts[14], **exts_ptr; SECOidData *oid; SECItem *item, encoded; /* X509v3 extension's critical element has an implicit default, * see https://pagure.io/certmonger/issue/223 */ SECItem der_false = { .len = 0, .data = NULL, }; SECItem der_true = { .len = 1, .data = (unsigned char *) "\377", }; int i; char **tmp, *comment; const char *reason; NSSInitContext *local_ctx = NULL; const SEC_ASN1Template *template; *extensions = NULL; *length = 0; arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { return; } memset(&ext, 0, sizeof(ext)); memset(&exts, 0, sizeof(exts)); if (ctx == NULL) { local_ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOROOTINIT); if (local_ctx == NULL) { cm_log(1, "Error initializing NSS.\n"); return; } reason = util_n_fips_hook(); if (reason != NULL) { cm_log(1, "Error putting NSS into FIPS mode: %s\n", reason); return; } } /* Build the extensions. */ i = 0; item = cm_certext_build_ku(entry, arena, entry->cm_template_ku); if (item != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_KEY_USAGE); if (oid != NULL) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } item = cm_certext_build_san(entry, arena, entry->cm_template_hostname, entry->cm_template_email, entry->cm_template_principal, entry->cm_template_ipaddress); if (item != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_SUBJECT_ALT_NAME); if (oid != NULL) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } item = cm_certext_build_eku(entry, arena, entry->cm_template_eku); if (item != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_EXT_KEY_USAGE); if (oid != NULL) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } item = cm_certext_build_basic(entry, arena, entry->cm_template_is_ca, entry->cm_template_ca_path_length); if (item != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_BASIC_CONSTRAINTS); if (oid != NULL) { ext[i].id = oid->oid; ext[i].critical = der_true; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_is_ca) { oid = SECOID_FindOIDByTag(SEC_OID_X509_AUTH_KEY_ID); item = cm_certext_build_self_akid(entry, arena); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } item = cm_certext_build_skid(entry, arena); if (item != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_SUBJECT_KEY_ID); if (oid != NULL) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_ocsp_location != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_AUTH_INFO_ACCESS); item = cm_certext_build_aia(entry, arena, entry->cm_template_ocsp_location); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_crl_distribution_point != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_CRL_DIST_POINTS); tmp = entry->cm_template_crl_distribution_point; item = cm_certext_build_crldp(entry, arena, tmp); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_freshest_crl != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_X509_FRESHEST_CRL); tmp = entry->cm_template_freshest_crl; item = cm_certext_build_crldp(entry, arena, tmp); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_ns_comment != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_NS_CERT_EXT_COMMENT); comment = entry->cm_template_ns_comment; item = cm_certext_build_ns_comment(entry, arena, comment); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_no_ocsp_check) { oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP_NO_CHECK); item = cm_certext_build_ocsp_no_check(entry, arena); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_profile != NULL) { oid = (SECOidData *) &oid_microsoft_certtype; item = cm_certext_build_profile(entry, arena, entry->cm_template_profile); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_certificate_template != NULL) { oid = (SECOidData *) &oid_microsoft_certificate_template; item = cm_certext_build_certificate_template( arena, entry->cm_template_certificate_template); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } if (entry->cm_template_ns_certtype != NULL) { oid = SECOID_FindOIDByTag(SEC_OID_NS_CERT_EXT_CERT_TYPE); item = cm_certext_build_ns_certtype(entry, arena, entry->cm_template_ns_certtype); if ((item != NULL) && (oid != NULL)) { ext[i].id = oid->oid; ext[i].critical = der_false; ext[i].value = *item; exts[i] = &ext[i]; i++; } } exts[i++] = NULL; exts_ptr = exts; /* Encode the sequence. */ memset(&encoded, 0, sizeof(encoded)); if (i > 1) { template = CERT_SequenceOfCertExtensionTemplate; if (SEC_ASN1EncodeItem(arena, &encoded, &exts_ptr, template) == &encoded) { *extensions = talloc_memdup(entry, encoded.data, encoded.len); if (*extensions != NULL) { *length = encoded.len; } } } else { *extensions = NULL; *length = 0; } if (ctx == NULL) { if (NSS_ShutdownContext(local_ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } } PORT_FreeArena(arena, PR_TRUE); } /* Read a basicConstraints extension. */ static void cm_certext_read_basic(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { CERTBasicConstraints basic; if (CERT_DecodeBasicConstraintValue(&basic, &ext->value) != SECSuccess) { return; } entry->cm_cert_is_ca = (basic.isCA != PR_FALSE); if (entry->cm_cert_is_ca) { entry->cm_cert_ca_path_length = basic.pathLenConstraint; } else { entry->cm_cert_ca_path_length = -1; } } /* Read a Netscape comment extension. */ static void cm_certext_read_nsc(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { SECItem comment; char *tmp; if (SEC_ASN1DecodeItem(arena, &comment, SEC_IA5StringTemplate, &ext->value) != SECSuccess) { return; } talloc_free(entry->cm_cert_ns_comment); if (comment.len > 0) { tmp = (char *) comment.data; entry->cm_cert_ns_comment = talloc_strndup(entry, tmp, comment.len); } else { entry->cm_cert_ns_comment = NULL; } } /* Read an authorityInformationAccess extension, and keep track of any OCSP * responders that we find in it. */ static void cm_certext_read_aia(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { CERTAuthInfoAccess **aia; SECOidData *oid; SECItem uri; char *tmp; unsigned i, n; aia = CERT_DecodeAuthInfoAccessExtension(arena, &ext->value); if ((aia == NULL) || (aia[0] == NULL)) { return; } oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP); if (oid == NULL) { return; } for (i = 0, n = 0; aia[i] != NULL; i++) { if (SECITEM_ItemsAreEqual(&aia[i]->method, &oid->oid) && (aia[i]->location != NULL) && (aia[i]->location->type == certURI) && (aia[i]->location->name.other.len > 0)) { n++; } } talloc_free(entry->cm_cert_ocsp_location); entry->cm_cert_ocsp_location = talloc_zero_array(entry, char *, n + 1); if (entry->cm_cert_ocsp_location == NULL) { return; } for (i = 0, n = 0; aia[i] != NULL; i++) { if (SECITEM_ItemsAreEqual(&aia[i]->method, &oid->oid) && (aia[i]->location != NULL) && (aia[i]->location->type == certURI) && (aia[i]->location->name.other.len > 0)) { uri = aia[i]->location->name.other; tmp = talloc_strndup(entry->cm_cert_ocsp_location, (char *) uri.data, uri.len); entry->cm_cert_ocsp_location[n++] = tmp; } } } /* Read a CRL distribution points or freshest CRL extension, and return any * locations that we find in it. */ static void cm_certext_read_crlext(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext, char ***dest) { CERTCrlDistributionPoints *crldp; CERTGeneralName *name; SECItem uri; void *parent; char *tmp, **list = *dest; unsigned i, n; crldp = CERT_DecodeCRLDistributionPoints(arena, &ext->value); if ((crldp == NULL) || (crldp->distPoints == NULL)) { return; } for (i = 0, n = 0; crldp->distPoints[i] != NULL; i++) { if ((crldp->distPoints[i]->distPointType == generalName) && (crldp->distPoints[i]->distPoint.fullName != NULL)) { name = crldp->distPoints[i]->distPoint.fullName; if (name->type == certURI) { n++; } } } talloc_free(list); list = talloc_zero_array(entry, char *, n + 1); if (list == NULL) { *dest = list; return; } for (i = 0, n = 0; crldp->distPoints[i] != NULL; i++) { if ((crldp->distPoints[i]->distPointType == generalName) && (crldp->distPoints[i]->distPoint.fullName != NULL)) { name = crldp->distPoints[i]->distPoint.fullName; if (name->type == certURI) { uri = name->name.other; parent = list; tmp = talloc_strndup(parent, (char *) uri.data, uri.len); list[n++] = tmp; } } } *dest = list; } /* Read the list of CRL distribution points. */ static void cm_certext_read_crldp(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { cm_certext_read_crlext(entry, arena, ext, &entry->cm_cert_crl_distribution_point); } /* Read the list of locations where we can find the freshest CRL. */ static void cm_certext_read_freshest_crl(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { cm_certext_read_crlext(entry, arena, ext, &entry->cm_cert_freshest_crl); } /* Parse the data from a Microsoft certificate type extension. */ static void cm_certext_read_profile(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { SECItem profile; char *tmp; memset(&profile, 0, sizeof(profile)); if (SEC_ASN1DecodeItem(arena, &profile, SEC_BMPStringTemplate, &ext->value) != SECSuccess) { return; } talloc_free(entry->cm_cert_profile); entry->cm_cert_profile = NULL; if (profile.len > 0) { tmp = cm_store_utf8_from_bmp_string(profile.data, profile.len); if (tmp != NULL) { entry->cm_cert_profile = talloc_strdup(entry, tmp); free(tmp); } } } /* Parse the data from a Netscape certificate type extension. */ static void cm_certext_read_ns_certtype(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension *ext) { SECItem item; unsigned int i, bit; char *tmp = NULL, *t = NULL; if (SEC_ASN1DecodeItem(arena, &item, SEC_BitStringTemplate, &ext->value) == SECSuccess) { /* A bitString decodes with length == number of bits, not * bytes, which is what we want anyway. */ tmp = talloc_zero_size(entry, item.len + 1); for (i = 0; i < item.len; i++) { bit = (item.data[i / 8] & (0x80 >> (i % 8))) ? 1 : 0; sprintf(tmp + i, "%.*u", 1, bit); } } talloc_free(entry->cm_cert_ns_certtype); entry->cm_cert_ns_certtype = NULL; if (tmp == NULL) { return; } t = talloc_strdup(entry, ""); if ((tmp != NULL) && (strlen(tmp) > 0)) { if (tmp[0] == '1') { t = talloc_strdup_append(t, ",client"); } } if ((tmp != NULL) && (strlen(tmp) > 1)) { if (tmp[1] == '1') { t = talloc_strdup_append(t, ",server"); } } if ((tmp != NULL) && (strlen(tmp) > 2)) { if (tmp[2] == '1') { t = talloc_strdup_append(t, ",email"); } } if ((tmp != NULL) && (strlen(tmp) > 3)) { if (tmp[3] == '1') { t = talloc_strdup_append(t, ",objsign"); } } if ((tmp != NULL) && (strlen(tmp) > 4)) { if (tmp[4] == '1') { t = talloc_strdup_append(t, ",reserved"); } } if ((tmp != NULL) && (strlen(tmp) > 5)) { if (tmp[5] == '1') { t = talloc_strdup_append(t, ",sslCA"); } } if ((tmp != NULL) && (strlen(tmp) > 6)) { if (tmp[6] == '1') { t = talloc_strdup_append(t, ",emailCA"); } } if ((tmp != NULL) && (strlen(tmp) > 7)) { if (tmp[7] == '1') { t = talloc_strdup_append(t, ",objCA"); } } if (strlen(t) > 0) { entry->cm_cert_ns_certtype = talloc_strdup(entry, t + 1); } talloc_free(t); } /* Read the extensions from a certificate. */ void cm_certext_read_extensions(struct cm_store_entry *entry, PLArenaPool *arena, CERTCertExtension **extensions) { int i; PLArenaPool *local_arena; SECOidData *ku_oid, *eku_oid, *san_oid, *freshest_crl_oid; SECOidData *basic_oid, *nsc_oid, *aia_oid, *crldp_oid, *profile_oid; SECOidData *no_ocsp_check_oid, *ns_certtype_oid; if (extensions == NULL) { return; } if (arena == NULL) { local_arena = PORT_NewArena(sizeof(double)); arena = local_arena; } else { local_arena = NULL; } ku_oid = SECOID_FindOIDByTag(SEC_OID_X509_KEY_USAGE); if (ku_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate key usage extension.\n"); return; } eku_oid = SECOID_FindOIDByTag(SEC_OID_X509_EXT_KEY_USAGE); if (eku_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate extended key usage extension.\n"); return; } san_oid = SECOID_FindOIDByTag(SEC_OID_X509_SUBJECT_ALT_NAME); if (san_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate subject alternative name extension.\n"); return; } basic_oid = SECOID_FindOIDByTag(SEC_OID_X509_BASIC_CONSTRAINTS); if (basic_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate basic constraints extension.\n"); return; } nsc_oid = SECOID_FindOIDByTag(SEC_OID_NS_CERT_EXT_COMMENT); if (nsc_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate netscape comment extension.\n"); return; } aia_oid = SECOID_FindOIDByTag(SEC_OID_X509_AUTH_INFO_ACCESS); if (aia_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate authority information access extension.\n"); return; } crldp_oid = SECOID_FindOIDByTag(SEC_OID_X509_CRL_DIST_POINTS); if (crldp_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "certificate revocation list distribution points " "extension.\n"); return; } freshest_crl_oid = SECOID_FindOIDByTag(SEC_OID_X509_FRESHEST_CRL); if (freshest_crl_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "freshest certificate revocation list extension.\n"); return; } no_ocsp_check_oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP_NO_CHECK); if (no_ocsp_check_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "no-OCSP-check extension.\n"); return; } profile_oid = (SECOidData *) &oid_microsoft_certtype; ns_certtype_oid = SECOID_FindOIDByTag(SEC_OID_NS_CERT_EXT_CERT_TYPE); if (ns_certtype_oid == NULL) { cm_log(1, "Internal library error: unable to look up OID for " "nsCertType extension.\n"); return; } entry->cm_cert_no_ocsp_check = FALSE; for (i = 0; extensions[i] != NULL; i++) { if (SECITEM_ItemsAreEqual(&ku_oid->oid, &extensions[i]->id)) { cm_certext_read_ku(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&eku_oid->oid, &extensions[i]->id)) { cm_certext_read_eku(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&san_oid->oid, &extensions[i]->id)) { cm_certext_read_san(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&basic_oid->oid, &extensions[i]->id)) { cm_certext_read_basic(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&nsc_oid->oid, &extensions[i]->id)) { cm_certext_read_nsc(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&aia_oid->oid, &extensions[i]->id)) { cm_certext_read_aia(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&crldp_oid->oid, &extensions[i]->id)) { cm_certext_read_crldp(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&freshest_crl_oid->oid, &extensions[i]->id)) { cm_certext_read_freshest_crl(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&profile_oid->oid, &extensions[i]->id)) { cm_certext_read_profile(entry, arena, extensions[i]); } if (SECITEM_ItemsAreEqual(&no_ocsp_check_oid->oid, &extensions[i]->id)) { entry->cm_cert_no_ocsp_check = TRUE; } if (SECITEM_ItemsAreEqual(&ns_certtype_oid->oid, &extensions[i]->id)) { cm_certext_read_ns_certtype(entry, arena, extensions[i]); } } if (arena == local_arena) { PORT_FreeArena(local_arena, PR_TRUE); } } certmonger-0.79.19/src/certext.h0000644000175000017500000000204214511314133016046 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include #ifndef cmcertext_h #define cmcertext_h struct NSSInitContextStr; struct cm_store_entry; void cm_certext_build_csr_extensions(struct cm_store_entry *entry, struct NSSInitContextStr *ctx, unsigned char **encoded, size_t *length); /* Validate a V2 template spec */ PRBool cm_ms_template_valid(char *template_spec); #endif certmonger-0.79.19/src/certmaster-getcert.1.in0000644000175000017500000000442314511314133020517 0ustar gitgit00000000000000.TH CERTMONGER 1 "November 23, 2009" "certmonger Manual" .SH NAME certmaster\-getcert .SH SYNOPSIS certmaster\-getcert request [options] certmaster\-getcert resubmit [options] certmaster\-getcert start\-tracking [options] certmaster\-getcert status [options] certmaster\-getcert stop\-tracking [options] certmaster\-getcert list [options] certmaster\-getcert list\-cas [options] certmaster\-getcert refresh\-cas [options] .SH DESCRIPTION The \fIcertmaster\-getcert\fR tool issues requests to a @CM_DBUS_NAME@ service on behalf of the invoking user. It can ask the service to begin enrollment, optionally generating a key pair to use, it can ask the service to begin monitoring a certificate in a specified location for expiration, and optionally to refresh it when expiration nears, it can list the set of certificates that the service is already monitoring, or it can list the set of CAs that the service is capable of using. If no command is given as the first command\-line argument, \fIcertmaster\-getcert\fR will print short usage information for each of its functions. The \fIcertmaster\-getcert\fR tool behaves identically to the generic \fIgetcert\fR tool when it is used with the \fB\-c \fI@CM_CERTMASTER_CA_NAME@\fR option. There is no standard authenticated method for obtaining the root certificate from certmaster CAs, so \fBcertmonger\fR does not support retrieving trust information from them. While the \fB\-F\fR and \fB\-a\fR options will still be recognized, they will effectively be ignored. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmaster-getcert.c0000644000175000017500000000012014511314133020162 0ustar gitgit00000000000000#include "config.h" #define FORCE_CA CM_CERTMASTER_CA_NAME #include "getcert.c" certmonger-0.79.19/src/certmaster.c0000644000175000017500000001370214511314133016541 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2013,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "submit-e.h" #include "submit-u.h" #include "submit-x.h" #include "util.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif int main(int argc, const char **argv) { int i, c, verbose = 0; const char *host = NULL, *port = NULL, *cainfo = NULL, *capath = NULL; char *csr, *p, uri[LINE_MAX], *s1, *s2, *config; struct cm_submit_x_context *ctx; struct stat st; const char *mode = CM_OP_SUBMIT, *csrfile; poptContext pctx; const struct poptOption popts[] = { {"server-host", 'h', POPT_ARG_STRING, &host, 0, NULL, "HOSTNAME"}, {"capath", 'C', POPT_ARG_STRING, &capath, 0, NULL, "DIRECTORY"}, {"cafile", 'c', POPT_ARG_STRING, &cainfo, 0, NULL, "FILENAME"}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; if (getenv(CM_SUBMIT_OPERATION_ENV) != NULL) { mode = getenv(CM_SUBMIT_OPERATION_ENV); } if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0)) { /* fall through */ } else if (strcasecmp(mode, CM_OP_IDENTIFY) == 0) { printf("certmaster (%s %s)\n", PACKAGE_NAME, PACKAGE_VERSION); return 0; } else { /* unsupported request */ return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); #endif if (isatty(STDERR_FILENO)) cm_log_set_method(cm_log_stderr); else cm_log_set_method(cm_log_syslog); pctx = poptGetContext(argv[0], argc, argv, popts, 0); if (pctx == NULL) { return CM_SUBMIT_STATUS_UNCONFIGURED; } poptSetOtherOptionHelp(pctx, "[options...] [csrfile]"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'v': verbose++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } umask(S_IRWXG | S_IRWXO); cm_log_set_method(cm_log_stderr); cm_log_set_level(verbose); if (host == NULL) { /* Okay, we have to figure out what the master name is. Hope * the minion is configured. */ config = read_config_file("/etc/certmaster/" "minion.conf"); if (config != NULL) { host = get_config_entry(config, "main", "certmaster"); port = get_config_entry(config, "main", "certmaster_port"); } else { if (stat("/var/run/certmaster.pid", &st) == 0) { /* Guess that it's us if we have the service * running. */ config = read_config_file("/etc/certmaster/" "certmaster.conf"); host = "localhost"; if (config != NULL) { port = get_config_entry(config, "main", "listen_port"); } } } } if (host == NULL) { printf(_("Unable to determine hostname of CA.\n")); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Read the CSR from the environment, or from the command-line. */ csrfile = poptGetArg(pctx); if (csrfile != NULL) { csr = cm_submit_u_from_file(csrfile); } else { csr = getenv(CM_SUBMIT_CSR_ENV); if (csr != NULL) { csr = strdup(csr); } } if ((csr == NULL) || (strlen(csr) == 0)) { if (csrfile != NULL) { printf(_("Unable to read signing request from file \"%s\".\n"), csrfile); } else { printf(_("Unable to read signing request from environment variable \"%s\".\n"), CM_SUBMIT_CSR_ENV); } poptPrintUsage(pctx, stdout, 0); free(csr); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Clean up the CSR -- make sure it's not a "NEW" request. certmaster * rewrites the incoming request to cache previously-received * requests, and in doing so uses a different PEM header than the one * we default to using. So turn any "NEW CERTIFICATE REQUEST" notes * into "CERTIFICATE REQUEST" before sending them. */ while ((p = strstr(csr, "NEW CERTIFICATE REQUEST")) != NULL) { memmove(p, p + 4, strlen(p + 4) + 1); } /* Initialize for XML-RPC. */ snprintf(uri, sizeof(uri), "http%s://%s%s%s/", ((cainfo != NULL) || (capath != NULL)) ? "s" : "", host, ((port != NULL) && (strlen(port) > 0)) ? ":" : "", port ? port : ""); ctx = cm_submit_x_init(NULL, uri, "wait_for_cert", cainfo, capath, NULL, NULL, cm_submit_x_negotiate_off, cm_submit_x_delegate_off); if (ctx == NULL) { fprintf(stderr, "Error setting up for XMLRPC.\n"); printf(_("Error setting up for XMLRPC.\n")); free(csr); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Add the CSR as the sole argument. */ cm_submit_x_add_arg_s(ctx, csr); free(csr); /* Submit the request. */ fprintf(stderr, "Submitting request to \"%s\".\n", uri); cm_submit_x_run(ctx); /* Check the results. */ if (cm_submit_x_has_results(ctx) == 0) { if (cm_submit_x_get_bss(ctx, &i, &s1, &s2) == 0) { if (i) { printf("%s", s1); return CM_SUBMIT_STATUS_ISSUED; } else { printf("SUBMITTED COOKIE\n"); return CM_SUBMIT_STATUS_WAIT; } } else { printf(_("Error parsing server response.\n")); return CM_SUBMIT_STATUS_UNREACHABLE; } } else { printf(_("Server error.\n")); return CM_SUBMIT_STATUS_UNREACHABLE; } } certmonger-0.79.19/src/certmonger-certmaster-submit.8.in0000644000175000017500000000643314511314133022542 0ustar gitgit00000000000000.TH CERTMONGER 8 "June 7, 2010" "certmonger Manual" .SH NAME certmaster\-submit .SH SYNOPSIS certmaster\-submit [\-h HOST] [\-c FILE] [\-C DIR] [\-v] [csrfile] .SH DESCRIPTION \fIcertmaster\-submit\fR is the helper which \fIcertmonger\fR uses to make requests to certmaster\-based CAs. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into \fIcertmaster\-submit\fR via stdin. There is no standard authenticated method for obtaining the root certificate from certmaster CAs, so \fBcertmonger\fR does not support retrieving trust information from them. .SH OPTIONS .TP \fB\-h\fR \fIHOST\fR, \fB\-\-server\-host\fR=\fIHOST\fR Submit the request to the certmaster instance running on the named host. The default is \fIlocalhost:51235\fR if a file named \fB/var/run/certmaster.pid\fR is found on the local system, and is read from \fB/etc/certmaster/minion.conf\fR if that file is not found. .TP \fB\-c\fR \fIFILE\fR, \fB\-\-cafile\fR=\fIFILE\fR Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by the CA whose certificate is in the named file. .TP \fB\-C\fR \fIDIR\fR, \fB\-\-capath\fR=\fIDIR\fR Submit the request over HTTPS instead of HTTP, and only trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH EXIT STATUS .TP 0 if the certificate was issued. The certificate will be printed. .TP 1 if the CA is still thinking. A cookie value will be printed. .TP 2 if the CA rejected the request. An error message may be printed. .TP 3 if the CA was unreachable. An error message may be printed. .TP 4 if critical configuration information is missing. An error message may be printed. .SH FILES .TP .I /var/run/certmaster.pid the certmaster service's PID file. Its presence is taken to indicate that this system is a CA, and that requests should be submitted to a certmaster server running on the local system. .TP .I /etc/certmaster/minion.conf the certmaster minion configuration file. If there is no indication that the local system is a certmaster server, then this file is consulted to determine the location of the certmaster server. .SH KNOWN BUGS Checking for the existence of certmaster's PID file is a terrible way to figure out whether we're a minion or not. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger-dogtag-ipa-renew-agent-submit.8.in0000644000175000017500000003016414511314133024615 0ustar gitgit00000000000000.TH CERTMONGER 8 "October 27, 2015" "certmonger Manual" .SH NAME dogtag\-ipa\-renew\-agent\-submit .SH SYNOPSIS dogtag\-ipa\-renew\-agent\-submit [options] [csrfile] .SH DESCRIPTION \fIdogtag\-ipa\-renew\-agent\-submit\fR is the helper which \fIcertmonger\fR uses to make certificate renewal requests to Dogtag instances running on IPA servers. It is not normally run interactively, but it can be for troubleshooting purposes. The preferred option is to request a renewal of an already\-issued certificate, using its serial number, which can be read from a PEM\-formatted certificate provided in the \fICERTMONGER_CERTIFICATE\fR environment variable, or via the \fB\-s\fR or \fB\-D\fR option on the command line. If no serial number is provided, then the client will attempt to obtain a new certificate by submitting a signing request to the CA. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into \fIdogtag\-ipa\-renew\-agent\-submit\fR via stdin. \fBcertmonger\fR does not yet support retrieving trust information from Dogtag CAs. .SH OPTIONS .TP \fB\-E\fR \fIEE\-URL\fR, \fB\-\-ee\-url\fR=\fIEE\-URL\fR The top\-level URL for the end\-entity interface provided by the CA. In IPA installations, this is typically \fIhttp://\fBSERVER\fP:\fBEEPORT\fP/ca/ee/ca\fR. If no URL is specified, the \fIhost\fR named in the \fI[global]\fR section in the \fI/etc/ipa/default.conf\fR file is used as the value of \fBSERVER\fR, and the value of \fBEEPORT\fR will be inferred based on the value of the \fIdogtag_version\fR in the \fI[global]\fR section in the \fI/etc/ipa/default.conf\fR file: if \fIdogtag_version\fR is set to \fI10\fR or more, \fBEEPORT\fR will be set to 8080. Otherwise it will be 9180. .TP \fB\-A\fR \fIAGENT\-URL\fR, \fB\-\-agent\-url\fR=\fIAGENT\-URL\fR The top\-level URL for the agent interface provided by the CA. In IPA installations, this is typically \fIhttps://\fBSERVER\fP:\fBAGENTPORT\fP/ca/agent/ca\fR. If no URL is specified, the \fIhost\fR named in the \fI[global]\fR section in the \fI/etc/ipa/default.conf\fR file is used as the value of \fBSERVER\fR, and the value of \fBAGENTPORT\fR will be inferred based on the value of the \fIdogtag_version\fR in the \fI[global]\fR section in the \fI/etc/ipa/default.conf\fR file: if \fIdogtag_version\fR is set to \fI10\fR or more, \fBAGENTPORT\fR will be set to 8443. Otherwise it will be 9443. .TP \fB\-i\fR \fIFILE\fB, \fB\-\-cafile\fR=\fIPATH\fR The location of a file containing a copy of the CA's certificate, against which the CA server's certificate will be verified. The default is \fB/etc/ipa/ca.crt\fR. .TP \fB\-C\fR \fIDIR\fR, \fB\-\-capath\fR=\fIDIR\fR The location of a directory containing a copy of the CA's certificate, against which the CA server's certificate will be verified. .TP \fB\-d\fR \fIDIR\fR, \fR\-\-dbdir\fR=\fIDIR\fR The NSS database that contains credentials to authenticate to the CA. .TP \fB\-n\fR \fINAME\fR, \fR\-\-nickname\fR=\fINAME\fR The nickname of the certificate used for authentication. .TP \fB\-c\fR \fIFILENAME\fR, \fR\-\-certfile\fR=\fIFILENAME\fR The certificate in PEM format used for authentication. .TP \fB\-k\fR \fIFILENAME\fR, \fR\-\-keyfile\fR=\fIFILENAME\fR The private key for the certificate in PEM format used for authentication. It may be encrypted. .TP \fB\-p\fR \fIFILENAME\fR, \fR\-\-sslpinfile\fR=\fIFILENAME\fR A file that contains the pin for the private key file or NSS database. .TP \fB\-P\fR \fISTRING\fR, \fR\-\-sslpin\fR=\fISTRING\fR The pin for the private key file or NSS database. .TP \fB\-s\fR \fINUMBER\fR, \fB\-\-hex\-serial\fR=\fINUMBER\fB The serial number of an already\-issued certificate for which the client should attempt to obtain a new certificate, in hexidecimal form, if one can not be read from the \fICERTMONGER_CERTIFICATE\fR environment variable. .TP \fB\-D\fR \fINUMBER\fR, \fB\-\-serial\fR=\fINUMBER\fB The serial number of an already\-issued certificate for which the client should attempt to obtain a new certificate, in decimal form, if one can not be read from the \fICERTMONGER_CERTIFICATE\fR environment variable. .TP \fB\-S\fR \fISTATE\-VALUE\fR, \fB\-\-state\fR=\fISTATE\-VALUE\fR A cookie value provided by a previous instance of this helper, if the helper is being asked to continue a multi\-step enrollment process. If the \fICERTMONGER_COOKIE\fR environment variable is set, its value is used. .TP \fB\-T\fR \fINAME\fR, \fB\-\-profile\fR=\fINAME\fR The name of the type of certificate which the client should request from the CA if it is not renewing a certificate (per the \fB\-s\fR option above). If the \fICERTMONGER_CA_PROFILE\fR environment variable is set, its value is used. Otherwise, the default value is \fBcaServerCert\fP. .TP \fB\-t\fR, \fB\-\-profile\-list\fR Instead of attempting to obtain a new certificate, query the server for a list of the enabled enrollment profiles. .TP \fB\-O\fR \fIparam=value\fR, \fB\-\-approval\-option\fR=\fIparam=value\fR An additional parameter to pass to the server when approving the signing request using the agent's credentials. By default, any server\-supplied default settings are applied. This option can be used either to override a server\-supplied default setting, or to supply one which would otherwise have not been used. .TP \fB\-N\fR, \fB\-\-force\-new\fR Even if an already\-issued certificate is available in the \fICERTMONGER_CERTIFICATE\fR environment variable, or a serial number has been provided, don't attempt to renew a certificate using its serial number. Instead, attempt to obtain a new certificate using the signing request. The default behavior is to request a renewal if possible. .TP \fB\-R\fR, \fB\-\-force\-renew\fR Negates the effect of the \fB\-N\fR flag. .TP \fB\-o\fR \fIparam=value\fR, \fB\-\-submit\-option\fR=\fIparam=value\fR When initially submitting a request to the CA, add the specified parameter and value along with any request parameters which would otherwise be sent. This option is not typically used. .TP \fB\-a\fR, \fB\-\-agent\-submit\fR Use agent credentials, specified using some combination of the \fB\-d\fR, \fB\-n\fR, \fB\-c\fR, and \fB\-k\fR flags, to authenticate to the CA when initially submitting a request to the CA or retrieving the list of enabled enrollment profiles. This is typically required when the enrollment profile being used uses \fIAgentCertAuth\fR\-based authentication, and requires that the URL specified using the \fB\-E\fR flag be an HTTPS URL, or when the URL specified using the \fB\-E\fR flag is an HTTPS URL. .TP \fB\-u username\fR, \fB\-\-uid\fR=\fIusername\fR When initially submitting a request to the CA, supply the specified value as a user name. This is typically required when the enrollment profile being used uses \fIUidPwdDirAuth\fR\-based or \fINISAuth\fR\-based authentication..TP \fB\-U\fR \fIuserdn\fR, \fB\-\-upn\fR=\fIuserdn\fR When initially submitting a request to the CA, supply the specified value as the DN (distinguished name) of the user's entry in a directory server which the CA is configured to use for checking the user's password. This is typically required when the enrollment profile being used uses \fIUdnPwdDirAuth\fR\-based authentication. .TP \fB\-W\fR \fIPASSWORD\fR, \fB\-\-userpwd\fR=\fIPASSWORD\fR When initially submitting a request to the CA, supply the specified value as the password for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdDirAuth\fR\-based, \fIUserPwdDirAuth\fR\-based, or \fINISAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-w\fR \fIFILE\fR, \fB\-\-userpwdfile\fR=\fIFILE\fR When initially submitting a request to the CA, read from the specified file a password to supply for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdDirAuth\fR\-based, \fIUserPwdDirAuth\fR\-based, or \fINISAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-Y\fR \fIPIN\fR, \fB\-\-userpin\fR=\fIPIN\fR When initially submitting a request to the CA, supply the specified value as the PIN for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdPinDirAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. \fB\-y\fR \fIFILE\fR, \fB\-\-userpinfile\fR=\fIFILE\fR When initially submitting a request to the CA, read from the specified file a PIN to supply for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdPinDirAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-v\fR, \fB\-\-verbose\fR Increases the logging level. Use twice for more logging. This option is mainly useful for troubleshooting. .SH AGENT KEY AND CERTIFICATE OPTIONS Options that provide the location for the private key and public certificate which the client should use to authenticate to the CA's agent interface. The values to use depend on which cryptography library your copy of libcurl was linked with. .TP The location of the certificate used for authentication to the CA needs to be provided in either a combination of PEM files using --certfile and --keyfile or an NSS database using--dbdir and --nickname. The default for --cafile is \fI/etc/ipa/ca.crt\fR. .TP \fB\-d\fR \fIdbdir\fR, \fB\-\-dbdir\fR=\fIdbdir\fR Use an NSS database in the specified directory for this certificate and key. Only valid with \-n. .TP \fB\-n\fR \fINAME\fR, \fB\-\-nickname\fR=\fINAME\fR Use the NSS key with this nickname. Only valid with \-d. .TP \fB\-c\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR The PEM file that contains the public certificate. Only valid with \-k. .TP \fB\-k\fR \fIFILE\fR, \fB\-\-keyfile\fR=\fIFILE\fR The PEM file that contains the private certificate. Only valid with \-c. .TP \fB\-p\fR \fIFILE\fR, \fB\-\-sslpinfile\fR=\fIFILE\fR The name of a file which contains a PIN/password which will be needed in order to make use of the agent credentials. .TP \fB\-P\fR \fIPIN\fR, \fB\-\-sslpin\fR=\fIPIN\fR The name of a file which contains a PIN/password which will be needed in order to make use of the agent credentials. .SH EXIT STATUS .TP 0 if the certificate was issued. The certificate will be printed. .TP 1 if the CA is still thinking. A cookie (state) value will be printed. .TP 2 if the CA rejected the request. An error message may be printed. .TP 3 if the CA was unreachable. An error message may be printed. .TP 4 if critical configuration information is missing. An error message may be printed. .TP 5 if the CA is still thinking. A suggested poll delay (specified in seconds) and a cookie (state) value will be printed. .TP 17 if the CA indicates that the client needs to attempt enrollment using a new key pair. .SH FILES .TP .I /etc/ipa/default.conf is the IPA client configuration file. This file is consulted to determine the URL for the Dogtag server's end\-entity and agent interfaces if they are not supplied as arguments. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger-dogtag-submit.8.in0000644000175000017500000002451214511314133021634 0ustar gitgit00000000000000.TH CERTMONGER 8 "October 27, 2015" "certmonger Manual" .SH NAME dogtag\-submit .SH SYNOPSIS dogtag\-submit \-E EE\-URL \-A AGENT\-URL [\-d DIR] [\-n NAME] [\-i FILE] [\-C DIR] [\-c FILE] [\-k FILE] [\-p FILE] [\-P PIN] [\-s serial (hex)] [\-D serial (decimal)] [\-S state] [\-T profile] [\-O param=value] [\-N | \-R] [\-t] [\-o option=value] [\-a] [\-u username] [\-U userdn] [\-W PASSWORD] [\-w FILE] [\-Y PIN] [\-y FILE] [\-v] [csrfile] .SH DESCRIPTION \fIdogtag\-submit\fR is the helper which \fIcertmonger\fR can use to make certificate enrollment and renewal requests to Dogtag servers. It is not normally run interactively, but it can be for troubleshooting purposes. The preferred option is to request a renewal of an already\-issued certificate, using its serial number, which can be read from a PEM\-formatted certificate provided in the \fICERTMONGER_CERTIFICATE\fR environment variable, or via the \fB\-s\fR or \fB\-D\fR option on the command line. If no serial number is provided, then the client will attempt to obtain a new certificate by submitting a signing request to the CA. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into \fIdogtag\-submit\fR via stdin. \fBcertmonger\fR does not yet support retrieving trust information from Dogtag CAs. .SH OPTIONS .TP \fB\-E\fR \fIEE\-URL\fR, \fB\-\-ee\-url\fR=\fIEE\-URL\fR The top\-level URL for the end\-entity interface provided by the CA, through which the initial enrollment request will be submitted. This is typically \fIhttp://\fBSERVER\fP:\fBEEPORT\fP/ca/ee/ca\fR. .TP \fB\-A\fR \fIAGENT\-URL\fR, \fB\-\-agent\-url\fR=\fIAGENT\-URL\fR The top\-level URL for the agent interface provided by the CA, through which the request can be approved using agent credentials. This is typically \fIhttps://\fBSERVER\fP:\fBAGENTPORT\fP/ca/agent/ca\fR. .TP \fB\-i\fR \fIFILE\fR, \fB\-\-cafile\fR=\fIFILE\fR The location of a file containing a copy of the CA's certificate, against which the CA server's certificate will be verified. .TP \fB\-C\fR \fIDIR\fR, \fB\-\-capath\fR=\fIDIR\fR The location of a directory containing a copy of the CA's certificate(s), against which the CA server's certificate will be verified. .TP \fB\-D\fR \fISERIAL\fR, \fB\-\-serial\fR=\fISERIAL\fR The serial number of an already\-issued certificate for which the client should attempt to obtain a new certificate, in decimal form, if one can not be read from the \fICERTMONGER_CERTIFICATE\fR environment variable. .TP \fB\-s\fR SERIAL, \fB\-\-hex\-serial\fB=\fISERIAL\fR The serial number of an already\-issued certificate for which the client should attempt to obtain a new certificate, in hexadecimal form, if one can not be read from the \fICERTMONGER_CERTIFICATE\fR environment variable. .TP \fB\-S\fR \fISTATE\fR, \fB\-\-state\fR=\fISTATE\fR A cookie value provided by a previous instance of this helper, if the helper is being asked to continue a multi\-step enrollment process. If the \fICERTMONGER_COOKIE\fR environment variable is set, its value is used. .TP \fB\-T\fR \fINAME\fR, \fB\-\-profile\fR=\fINAME\fR The name of the type of certificate which the client should request from the CA if it is not renewing a certificate (per the \fB\-s\fR option above). If the \fICERTMONGER_CA_PROFILE\fR environment variable is set, its value is used. Otherwise, the default value is \fBcaServerCert\fP. .TP \fB\-O\fR \fIparam=value\fR, \fB\-\-approval\-options\fR=\fIparam=value\fR An additional parameter to pass to the server when approving the signing request using agent credentials. By default, any server\-supplied default settings are applied. This option can be used either to override a server\-supplied default setting, or to supply one which would otherwise have not been used. Requires the \fB\-A\fR option. .TP \fB\-N\fR, \fB\-\-force\-new\fR Even if an already\-issued certificate is available in the \fICERTMONGER_CERTIFICATE\fR environment variable, or a serial number has been provided, don't attempt to renew a certificate using its serial number. Instead, attempt to obtain a new certificate using the signing request. The default behavior is to request a renewal if possible. .TP \fB\-R\fR, \fB\-\-force\-renew\fR Negates the effect of the \fB\-N\fR flag. .TP \fB\-t\fR, \fB\-\-profile\-list\fR Instead of attempting to obtain a new certificate, query the server for a list of the enabled enrollment profiles. .TP \fB\-o\fR \fIparam=value\fR, \fB\-\-submit\-option\fR=\fIparam=value\fR When initially submitting a request to the CA, add the specified parameter and value along with any request parameters which would otherwise be sent. .TP \fB\-a\fR, \fB\-\-agent\-submit\fR Use agent credentials, specified using some combination of the \fB\-d\fR, \fB\-n\fR, \fB\-c\fR, and \fB\-k\fR flags, to authenticate to the CA when initially submitting a request to the CA or retrieving the list of enabled enrollment profiles. This is typically required when the enrollment profile being used uses \fIAgentCertAuth\fR\-based authentication, and requires that the URL specified using the \fB\-E\fR flag be an HTTPS URL, or when the URL specified using the \fB\-E\fR flag is an HTTPS URL. .TP \fB\-u username\fR, \fB\-\-uid\fR=\fIusername\fR When initially submitting a request to the CA, supply the specified value as a user name. This is typically required when the enrollment profile being used uses \fIUidPwdDirAuth\fR\-based or \fINISAuth\fR\-based authentication. .TP \fB\-U\fR \fIuserdn\fR, \fB\-\-upn\fR=\fIuserdn\fR When initially submitting a request to the CA, supply the specified value as the DN (distinguished name) of the user's entry in a directory server which the CA is configured to use for checking the user's password. This is typically required when the enrollment profile being used uses \fIUdnPwdDirAuth\fR\-based authentication. .TP \fB\-W\fR \fIPASSWORD\fR, \fB\-\-userpwd\fR=\fIPASSWORD\fR When initially submitting a request to the CA, supply the specified value as the password for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdDirAuth\fR\-based, \fIUserPwdDirAuth\fR\-based, or \fINISAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-w\fR \fIFILE\fR, \fB\-\-userpwdfile\fR=\fIFILE\fR When initially submitting a request to the CA, read from the specified file a password to supply for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdDirAuth\fR\-based, \fIUserPwdDirAuth\fR\-based, or \fINISAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-Y\fR \fIPIN\fR, \fB\-\-userpin\fR=\fIPIN\fR When initially submitting a request to the CA, supply the specified value as the PIN for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdPinDirAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-y\fR \fIFILE\fR, \fB\-\-userpinfile\fR=\fIFILE\fR When initially submitting a request to the CA, read from the specified file a PIN to supply for the user whose name is specified with the \fB\-u\fR option, or whose DN is specified with the \fB\-U\fR option. This is typically only required when the enrollment profile being used uses \fIUidPwdPinDirAuth\fR\-based authentication. If the URL specified using the \fB\-E\fR flag is not an HTTPS URL, this value will not be encrypted. .TP \fB\-v\fR, \fB\-\-verbose\fR Increases the logging level. Use twice for more logging. This option is mainly useful for troubleshooting. .SH AGENT KEY AND CERTIFICATE OPTIONS Options that provide the location for the private key and public certificate which the client should use to authenticate to the CA's agent interface. The values to use depend on which cryptography library your copy of libcurl was linked with. .TP \fB\-d\fR \fIDIR\fR, \fB\-\-dbdir\fR=\fIDIR\fR Use an NSS database in the specified directory for this certificate and key. Only valid with \-n. .TP \fB\-n\fR \fINAME\fR, \fB\-\-nickname\fR=\fINAME\fR Use the NSS key with this nickname. Only valid with \-d. .TP \fB\-c\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR The PEM file that contains the public certificate. Only valid with \-k. .TP \fB\-k\fR \fIFILE\fR, \fB\-\-keyfile\fR=\fIFILE\fR The PEM file that contains the private certificate. Only valid with \-c. .TP \fB\-p\fR \fIFILE\fR, \fB\-\-sslpinfile\fR=\fIFILE\fR The name of a file which contains a PIN/password which will be needed in order to make use of the agent credentials. .TP \fB\-P\fR \fIPIN\fR, \fB\-\-sslpin\fR=\fIPIN\fR The name of a file which contains a PIN/password which will be needed in order to make use of the agent credentials. .SH EXIT STATUS .TP 0 if the certificate was issued. The certificate will be printed. .TP 1 if the CA is still thinking. A cookie (state) value will be printed. .TP 2 if the CA rejected the request. An error message may be printed. .TP 3 if the CA was unreachable. An error message may be printed. .TP 4 if critical configuration information is missing. An error message may be printed. .TP 5 if the CA is still thinking. A suggested poll delay (specified in seconds) and a cookie (state) value will be printed. .TP 17 if the CA indicates that the client needs to attempt enrollment using a new key pair. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger-ipa-submit.8.in0000644000175000017500000001713114511314133021137 0ustar gitgit00000000000000.TH CERTMONGER 8 "April 16, 2015" "certmonger Manual" .SH NAME ipa\-submit .SH SYNOPSIS ipa\-submit [\-h serverHost] [\-H serverURL] [\-d domain] [\-L ldapurl] [\-b basedn] [\-c cafile] [\-C capath] [[\-K] | [\-t keytab] [\-k submitterPrincipal]] [\-u UID] [\-W PASSWORD] [\-w FILE] [\-P principalOfRequest] [\-T profile] [\-X issuer] [csrfile] .SH DESCRIPTION \fIipa\-submit\fR is the helper which \fIcertmonger\fR uses to make requests to IPA\-based CAs. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into \fIipa\-submit\fR via stdin. \fBcertmonger\fR supports retrieving trusted certificates from IPA CAs. See \fBgetcert\-request\fR(1) and \fBgetcert\-resubmit\fR(1) for information about specifying where those certificates should be stored on the local system. Trusted certificates are retrieved from the \fBcaCertificate\fR attribute of entries present at and below \fIcn=cacert,cn=ipa,cn=etc,\fR$BASE in the IPA LDAP server's directory tree, where $BASE defaults to the value of the \fBbasedn\fR setting in \fB/etc/ipa/default.conf\fR. .SH OPTIONS .TP \fB\-P\fR \fIPRINCIPAL\fR, \fB\-\-principal\-of\-request\fR=\fIPRINCIPAL\fR Identifies the principal name of the service for which the certificate is being issued. This setting is required by IPA and must always be specified. .TP \fB\-X\fR \fINAME\fR, \fB\-\-issuer\fB=\fINAME\fR Requests that the certificate be processed by the specified certificate issuer. By default, if this flag is not specified, and the \fBCERTMONGER_CA_ISSUER\fR variable is set in the environment, then the value of the environment variable will be used. This setting is optional, and if a server returns error 3005, indicating that it does not understand multiple profiles, the request will be re\-submitted without specifying an issuer name. .TP \fB\-T\fR \fINAME\fR, \fB\-\-profile\fR=\fINAME\fR Requests that the certificate be processed using the specified certificate profile. By default, if this flag is not specified, and the \fBCERTMONGER_CA_PROFILE\fR variable is set in the environment, then the value of the environment variable will be used. This setting is optional, and if a server returns error 3005, indicating that it does not understand multiple profiles, the request will be re\-submitted without specifying a profile. .TP \fB\-h\fR \fIHOSTNAME\fR, \fB\-\-host\fR=\fIHOSTNAME\fR Submit the request to the IPA server running on the named host. The default is to read the location of the host from \fB/etc/ipa/default.conf\fR. If no server is configured, or the configured server cannot be reached, the client will attempt to use DNS discovery to locate LDAP servers for the IPA domain. If servers are found, they will be searched for entries pointing to IPA masters running the "CA" service, and the client will attempt to contact each of those in turn. .TP \fB\-H\fR \fIURL\fR, \fB\-\-xmlrpc\-url\fR=\fIURL\fR Submit the request to the IPA server at the specified location. The default is to read the location of the host from \fB/etc/ipa/default.conf\fR. If no server is configured, or the configured server cannot be reached, the client will attempt to use DNS discovery to locate LDAP servers for the IPA domain. If servers are found, they will be searched for entries pointing to IPA masters running the "CA" service, and the client will attempt to contact each of those in turn. .TP \fB\-L\fR \fIURL\fR, \fB\-\-ldap\-url\fR=\fIURL\fR Provide the IPA LDAP service location rather than using DNS discovery. The default is to read the location of the host from \fB/etc/ipa/default.conf\fR and use DNS discovery to find the set of _ldap._tcp.DOMAIN values and pick one for use. .TP \fB\-d\fR \fIDOMAIN\fR, \fB\-\-domain\fR=\fIDOMAIN\fR Use this domain when doing DNS discovery to locate LDAP servers for the IPA installation. The default is to read the location of the host from \fB/etc/ipa/default.conf\fR. .TP \fB\-b\fR \fIBASEDN\fR, \fB\-\-basedn\fR=\fIBASEDN\fR Use this basedn to search for an IPA installation in LDAP. The default is to read the location of the host from \fB/etc/ipa/default.conf\fR. .TP \fB\-c\fR \fIFILE\fR, \fB\-\-cafile\fR=\fIFILE\fR The server's certificate was issued by the CA whose certificate is in the named file. The default value is \fI/etc/ipa/ca.crt\fR. .TP \fB\-C\fR \fIPATH\fR, \fB\-\-capath\fR=\fIDIR\fR Trust the server if its certificate was issued by a CA whose certificate is in a file in the named directory. There is no default for this option, and it is not expected to be necessary. .TP \fB\-t\fR \fIKEYTAB\fR, \fB\-\-keytab\fR=\fIKEYTAB\fR Authenticate to the IPA server using Kerberos with credentials derived from keys stored in the named keytab. The default value can vary, but it is usually \fI/etc/krb5.keytab\fR. This option conflicts with the \fB\-K\fR, \fB\-u\fR, \fB\-W\fR, and \fB\-w\fR options. .TP \fB\-k\fR \fIPRINCIPAL\fR, \fB\-\-submitter\-principal\fR=\fIPRINCIPAL\fR Authenticate to the IPA server using Kerberos with credentials derived from keys stored in the named keytab for this principal name. The default value is the \fBhost\fR service for the local host in the local realm. This option conflicts with the \fB\-K\fR, \fB\-u\fR, \fB\-W\fR, and \fB\-w\fR options. .TP \fB\-K\fR, \fB\-\-use\-ccache\-creds\fR Authenticate to the IPA server using Kerberos with credentials derived from the default credential cache rather than a keytab. This option conflicts with the \fB\-k\fR, \fB\-u\fR, \fB\-W\fR, and \fB\-w\fR options. .TP \fB\-u\fR \fIUSERNAME\fR, \fB\-\-uid\fR=\fIUSERNAME\fR Authenticate to the IPA server using a user name and password, using the specified value as the user name. This option conflicts with the \fB\-k\fR, \fB\-K\fR, and \fB\-t\fR options. .TP \fB\-W\fR \fIPASSWORD\fR, \fB\-\-pwd\fR=\fIPASSWORD\fR Authenticate to the IPA server using a user name and password, using the specified value as the password. This option conflicts with the \fB\-k\fR, \fB\-K\fR, \fB\-t\fR, and \fB\-w\fR options. .TP \fB\-w\fR \fIFILE\fR, \fB\-\-pwdfile\fR=\fIFILE\fR Authenticate to the IPA server using a user name and password, reading the password from the specified file. This option conflicts with the \fB\-k\fR, \fB\-K\fR, \fB\-t\fR, and \fB\-W\fR options. .SH EXIT STATUS .TP 0 if the certificate was issued. The certificate will be printed. .TP 1 if the CA is still thinking. A cookie value will be printed. .TP 2 if the CA rejected the request. An error message may be printed. .TP 3 if the CA was unreachable. An error message may be printed. .TP 4 if critical configuration information is missing. An error message may be printed. .TP 17 if the CA indicates that the client needs to attempt enrollment using a new key pair. .SH FILES .TP .I /etc/ipa/default.conf is the IPA client configuration file. This file is consulted to determine the URL for the IPA server's XML\-RPC interface. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger-local-submit.8.in0000644000175000017500000000523114511314133021456 0ustar gitgit00000000000000.TH CERTMONGER 8 "June 7, 2014" "certmonger Manual" .SH NAME local\-submit .SH SYNOPSIS local\-submit [\-d state\-directory] [\-v] [csrfile] .SH DESCRIPTION \fIlocal\-submit\fR is the helper which \fIcertmonger\fR uses to implement its local signer. It is not normally run interactively, but it can be for troubleshooting purposes. The signing request which is to be submitted should either be in a file whose name is given as an argument, or fed into \fIlocal\-submit\fR via stdin. The local signer is currently hard\-coded to generate and use a @CM_DEFAULT_PUBKEY_SIZE@\-bit RSA key and a name and initial serial number based on a UUID, replacing that key and certificate at roughly the midpoint of their useful lifetime. \fBcertmonger\fR supports retrieving the list of current and previously\-used local CA certificates. See \fBgetcert\-request\fR(1) and \fBgetcert\-resubmit\fR(1) for information about specifying where those certificates should be stored. .SH OPTIONS .TP \fB\-d\fR \fIDIR\fR, \fB\-\-ca\-data\-directory\fR=\fIDIR\fR Identifies the directory which contains the local signer's private key, certificates, and other data used by the local signer. .TP \fB\-v\fR, \fB\-\-verbose\fR Increases the verbosity of the tool's diagnostic logging. .SH EXIT STATUS .TP 0 if the certificate was issued. The new certificate will be printed. .TP 3 if the helper needs to be called again. An error message may be printed. .TP 4 if critical configuration information is missing. An error message may be printed. .SH FILES .TP .I creds is currently a PKCS#12 bundle containing the local signer's current signing key and current and previously\-used signer certificates. It should not be modified except by the local signer. A new key is currently generated when ever a new signer certificate is needed. .TP .I serial currently contains the serial number which will be used for the next issued certificate. It should not be modified except by the local signer. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger-scep-submit.8.in0000644000175000017500000001271614511314133021324 0ustar gitgit00000000000000.TH CERTMONGER 8 "June 20, 2015" "certmonger Manual" .SH NAME scep\-submit .SH SYNOPSIS scep\-submit \-u SERVER\-URL [\-r ra\-cert\-file] [\-R ca\-cert\-file] [\-I other\-certs\-file] [\-N ca\-cert\-file] [\-i ca\-identifier] [\-v] [\-n] [\-c|\-C|\-g|\-p] [pkimessage\-filename] .SH DESCRIPTION \fIscep\-submit\fR is the helper which \fIcertmonger\fR can use to transmit certificate enrollment and renewal requests to servers using SCEP. It is not normally run interactively, but it can be for troubleshooting purposes. The request which is to be submitted should be a PEM\-encoded SCEP pkiMessage either in a file whose name is given as an argument, or fed into \fIscep\-submit\fR via stdin. .SH MODES .TP \fB\-c\fR, \fR\-\-retrieve\-ca\-capabilities\fR \fIscep-submit\fR will issue a \fIGetCACaps\fR request to the server and print the results. .TP \fB\-C\fR, \fR\-\-retrieve\-ca\-certificates\fR \fIscep-submit\fR will issue a \fIGetCACert\fR request to the server, parse the response, and then print, in order, the RA certificate, the CA certificate, and any additional certificates. .TP \fB\-p\fR, \fB\-\-pki\-message\fR \fIscep\-submit\fR will issue a \fIPKIOperation\fR request to the server using the passed\-in message as the message content. It will parse the server's response, verify the signature, and if the response includes an issued certificate, it will output the \fIpkcsPKIEnvelope\fR in PEM format. If the response indicates an error, it will print the error. .TP \fB\-g\fR, \fB\-\-get\-initial\-cert\fR \fIscep\-submit\fR will issue a \fIPKIOperation\fR request to the server using the passed\-in message as the message content. It will parse the server's response, verify the signature, and if the response includes an issued certificate, it will output the \fIpkcsPKIEnvelope\fR in PEM format. If the response indicates an error, it will print the error. .SH OPTIONS .TP \fB\-u\fR \fIURL\fR, \fB\-\-url\fR=\fIURL\fR The location of the SCEP interface provided by the CA. This is typically \fIhttp://\fBSERVER\fP/cgi\-bin/PKICLIENT.EXE\fR or \fIhttp://\fBSERVER\fP/certsrv/mscep/mscep.dll\fR. This option is always required. .TP \fB\-R\fR \fIFILE\fR, \fB\-\-cacert\fR=\fIFILE\fR The location of the CA certificate which was used to issue the SCEP web server's certificate in PEM form. If the URL specified with the \fB\-u\fR option is an \fIhttps\fR URL, then this option is required. .TP \fB\-N\fR \fIFILE\fR, \fB\-\-signingca\fR=\fIFILE\fR The location of a PEM\-formatted copy of the SCEP server's CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes. .TP \fB\-r\fR \fIFILE\fR, \fB\-\-racert\fR=\fIFILE\fR The location of the SCEP server's RA certificate, which is expected to be used for signing responses sent by the SCEP server back to the client. This option is required when either the \fB\-g\fR flag or the \fB\-p\fR flag is specified. .TP \fB\-I\fR \fIFILE\fR, \fB\-\-other\-certs\fR=\fIFILE\fR The location of a file containing other PEM\-formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. This option may be necessary when either the \fB\-g\fR flag or the \fB\-p\fR flag is specified. .TP \fB\-i\fR \fINAME\fR, \fB\-\-ca\-identifier\fR=\fINAME\fR When called with the \fB\-c\fR or \fB\-C\fR flag, this option can be used to specify the CA identifier which is passed to the server as part of the client's request. The default is "0". .TP \fB\-n\fR, \fB\-\-non\-renewal\fR The SCEP Renewal feature allows a client with a previously\-issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support \fIcertmonger\fR's rekeying feature if the SCEP server advertises support for it. This option forces the \fIscep\-submit\fR helper to prefer to issue requests which do not make use of this feature. .TP \fB-v\fR, \fB\-\-verbose\fR Increases the logging level. Use twice for more logging. This option is mainly useful for troubleshooting. .SH EXIT STATUS .TP 0 if the certificate was issued. The pkcsPKIEnvelope will be printed in PEM\-encoded form. .TP 1 if the CA is still thinking. A cookie (state) value will be printed. .TP 2 if the CA rejected the request. An error message may be printed. .TP 3 if the CA was unreachable. An error message may be printed. .TP 4 if critical configuration information is missing. An error message may be printed. .TP 5 if the CA is still thinking. A suggested poll delay (specified in seconds) and a cookie (state) value will be printed. .TP 16 if the helper needs an SCEP pkiMessage, but couldn't read one. .TP 17 if the CA indicates that the client needs to attempt enrollment using a new key pair. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger.8.in0000644000175000017500000001033014511314133017061 0ustar gitgit00000000000000.TH CERTMONGER 8 "June 14, 2015" "certmonger Manual" .SH NAME certmonger .SH SYNOPSIS certmonger [\-s|\-S] [\-L|\-l] [\-P PATH] [\-b TIMEOUT|\-B] [\-n|\-f] [\-d LEVEL] [\-p FILE] [\-F] [\-c command] [\-v] .SH DESCRIPTION The \fIcertmonger\fR daemon monitors certificates for impending expiration, and can optionally refresh soon\-to\-be\-expired certificates with the help of a CA. If told to, it can drive the entire enrollment process from key generation through enrollment and refresh. The daemon provides a control interface via the \fI@CM_DBUS_NAME@\fR service, with which client tools such as \fBgetcert\fR(1) interact. .SH OPTIONS .TP \fB\-s\fR, \fB\-\-session\fR Listen on the session bus rather than the system bus. .TP \fB\-S\fR, \fB\-\-system\fR Listen on the system bus rather than the session bus. This is the default. .TP \fB\-l\fR, \fB\-\-listening\-socket\fR Also listen on a private socket for connections from clients running under the same UID. .TP \fB\-L\fR, \fB\-\-only\-listening\-socket\fR Listen only on a private socket for connections from clients running under the same UID, and skip connecting to a bus. .TP \fB\-P\fR \fIPATH\fR, \fB\-\-listening\-socket\-path\fR=\fIPATH\fR Specify a location for the private listening socket. If the location beings with a '/' character, it will be prefixed with 'unix:path=', otherwise it will be prefixed with 'unix:'. If this option is not specified, the listening socket, if one is created, will be placed in the abstract namespace. .TP \fB\-b \fITIMEOUT\fR, \fR\-\-bus\-activation\-timeout\fB=\fITIMEOUT\fR Behave as a bus\-activated service: if there are no certificates to be monitored or obtained, and no requests are received within TIMEOUT seconds, exit. Not compatible with the \-c option. .TP \fB\-B\fR, \fB\-\-no\-bus\-activation\-timeout\fR Don't behave as a bus\-activated service. This is the default. .TP \fB\-n\fR, \fB\-\-nofork\fR Don't fork, and log messages to stderr rather than syslog. .TP \fB\-f\fR, \fB\-\-fork\fR Do fork, and log messages to syslog rather than stderr. This is the default. .TP \fB\-d\fR \fILEVEL\fR, \fB\-\-debug\-level\fR=\fILEVEL\fR Set debugging level. Higher values produce more debugging output. Implies \-n. .TP \fB\-p\fR \fIFILE\fR, \fBpidfile\fR=\fIFILE\fR Store the daemon's process ID in the named file. .TP \fB\-F\fR, \fB\-\-fips\fR Force NSS to be initialized in FIPS mode. The default behavior is to heed the setting stored in \fI/proc/sys/crypto/fips_enabled\fR. .TP \fB\-c\fR \fICOMMAND\fR, \fB\-\-command\fR=\fICOMMAND\fR After the service has initialized, run the specified command, then shut down the service after the command exits. If the \-l or \-L option was also specified, the command will be run with the \fI@CERTMONGER_PVT_ADDRESS_ENV@\fR environment variable set to the listening socket's location. Not compatible with the \-b option. .TP \fB\-v\fR, \fB\-\-version\fR Print version information and exit. .SH FILES The set of certificates being monitored or signed is tracked using files stored under \fI@CM_STORE_REQUESTS_DIRECTORY@\fR, or in a directory named by the \fI@CM_STORE_REQUESTS_DIRECTORY_ENV@\fR environment variable. The set of known CAs is tracked using files stored under \fI@CM_STORE_CAS_DIRECTORY@\fR, or in a directory named by the \fI@CM_STORE_CAS_DIRECTORY_ENV@\fR environment variable. Temporary files will be stored in "\fI@CM_TMPDIR@\fR", or in the directory named by the \fI@CM_TMPDIR_ENV@\fR environment variable if that value was not given at compile time. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger.conf.5.in0000644000175000017500000001446614511314133020020 0ustar gitgit00000000000000.TH CERTMONGER 5 "May 12, 2015" "certmonger Manual" .SH NAME certmonger.conf \- configuration file for certmonger .SH DESCRIPTION The \fIcertmonger.conf\fR file contains default settings used by certmonger. Its format is more or less that of a typical INI\-style file. The only sections currently of note are named \fIdefaults\fR and \fIselfsign\fR. .SH DEFAULTS Within the \fIdefaults\fR section, these variables and values are recognized: .IP notify_ttls This is the list of times, given in seconds, before a certificate's not\-after validity date (often referred to as its expiration time) when \fIcertmonger\fR should warn that the certificate will soon no longer be valid. If this value is not specified, \fIcertmonger\fR will attempt to use the value of the \fIttls\fR setting. The default list of values is "@CM_DEFAULT_TTL_LIST@". .IP enroll_ttls This is the list of times, given in seconds, before a certificate's not\-after validity date (often referred to as its expiration time) when \fIcertmonger\fR should attempt to automatically renew the certificate, if it is configured to do so. If this value is not specified, \fIcertmonger\fR will attempt to use the value of the \fIttls\fR setting. The default list of values is "@CM_DEFAULT_TTL_LIST@". .IP notification_method This is the method by which \fIcertmonger\fP will notify the system administrator that a certificate will soon become invalid. The recognized values are \fIsyslog\fP, \fImail\fP, and \fIcommand\fP. The default is \fIsyslog\fP. When sending mail, the notification message will be the mail message subject. When invoking a command, the notification message will be available in the "@CM_NOTIFICATION_ENV@" environment variable. .IP notification_destination This is the destination to which \fIcertmonger\fP will send notifications. It can be a syslog priority and/or facility, separated by a period, it can be an email address, or it can be a command to run. The default value is \fI@CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY@\fP. .IP key_type This is the type of key pair which will be generated, used in certificate signing requests, and used when self\-signing certificates. @NO_MAN_DSA@\fIRSA\fR is supported. @MAN_DSA@\fIRSA\fR and \fIDSA\fR are supported. @MAN_EC@\fIEC\fR (also known as \fIECDSA\fR) is also supported. The default is \fIRSA\fP. .IP rsa_key_size This is the size of an RSA key if the value is not included in a certificate request. If this value is not set then the default is @CM_DEFAULT_PUBKEY_SIZE@. The minimum value allowed is @CM_MINIMUM_RSA_KEY_SIZE@. .IP symmetric_cipher This is the symmetric cipher which will be used to encrypt private keys stored in OpenSSL's PEM format. Recognized values include \fIaes128\fP and \fIaes256\fP. The default is \fIaes128\fP. It is not recommended that this value be changed except in cases where the default is incompatible with other software. .IP digest This is the digest algorithm which will be used when signing certificate signing requests and self\-signed certificates. Recognized values include \fIsha1\fP, \fIsha256\fP, \fIsha384\fP, and \fIsha512\fP. The default is \fIsha256\fP. It is not recommended that this value be changed except in cases where the default is incompatible with other software. .IP nss_ca_trust These are the trust attributes which are applied to CA certificates which should be trusted, when they are saved to NSS databases. The default is \fICT,C,C\fP. .IP nss_other_trust These are the trust attributes which are applied to certificates which are not necessarily to be trusted, when they are saved to NSS databases. The default is \fI,,\fP. .IP max_key_use_count When attempting to replace a certificate, if \fIcertmonger\fR has previously obtained at least this number of certificates using the current key pair, it will generate a new key pair to use before proceeding. There is effectively no default for this setting. .IP max_key_lifetime The amount of time after a key was first generated when \fIcertmonger\fR will attempt to generate a new key pair to replace it, as part of the process of replacing a certificate. The value is specified as a combination of years (y), months (M), weeks (w), days (d), hours (h), minutes (m), and/or seconds (s). If no unit of time is specified, seconds are assumed. The date when a key was generated is not recorded if the key was not generated by \fIcertmonger\fR, or if the key was generated with a version of \fIcertmonger\fR older than 0.78, and for those cases, this option has no effect. There is effectively no default for this setting. .SH SELFSIGN Within the \fIselfsign\fR section, these variables and values are recognized: .IP validity_period This is the validity period given to self\-signed certificates. The value is specified as a combination of years (y), months (M), weeks (w), days (d), hours (h), minutes (m), and/or seconds (s). If no unit of time is specified, seconds are assumed. The default value is \fI@CM_DEFAULT_CERT_LIFETIME@\fR. .IP populate_unique_id This controls whether or not self\-signed certificates will have their subjectUniqueID and issuerUniqueID fields populated. While RFC5280 prohibits their use, they may be needed and/or used by older applications. The default value is \fI@CM_DEFAULT_POPULATE_UNIQUE_ID@\fR. .SH LOCAL Within the \fIlocal\fR section, these variables and values are recognized: .IP validity_period This is the validity period given to the locally\-signed CA's certificate when it is generated. The value is specified as a combination of years (y), months (M), weeks (w), days (d), hours (h), minutes (m), and/or seconds (s). If no unit of time is specified, seconds are assumed. If not set, the value of the \fIvalidity_period\fR setting from the \fIselfsign\fR section, if one is set there, will be used. The default value is \fI@CM_DEFAULT_CERT_LIFETIME@\fR. .SH SCEP Within the \fIscep\fR section, these variables and values are recognized: .IP challenge_password_otp This controls whether the SCEP challenge password is treated as a one-time password. If set to yes then the challenge password and/or challenge password file will be removed from the tracking request after the first certificate issuance so will not be sent with renewal requests. The default is no. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/certmonger.conf.in0000644000175000017500000000126114511314133017642 0ustar gitgit00000000000000# This is the certmonger configuration file. The format is a rather basic # INI-style file. See certmonger.conf(5) for notes about individual settings. # · initial whitespace is ignored # · whitespace between the key name and "=" is ignored # · whitespace after "=" is ignored # · trailing whitespace after values is ignored # · comments begin with "#" # · keys and section names are case-sensitive # · there is no end-of-line continuation # # [defaults] # notification_method = syslog # notification_destination = @CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY@ # # [selfsign] # validity_period = @CM_DEFAULT_CERT_LIFETIME@ # # [local] # validity_period = @CM_DEFAULT_CERT_LIFETIME@ # certmonger-0.79.19/src/certread-int.h0000644000175000017500000000262514511314133016760 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcertreadint_h #define cmcertreadint_h struct cm_certread_state_pvt { /* Check if something changed, for example we finished reading the * cert. */ int (*ready)(struct cm_certread_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. * */ int (*get_fd)(struct cm_certread_state *state); /* Clean up after reading the certificate. */ void (*done)(struct cm_certread_state *state); }; void cm_certread_n_parse(struct cm_store_entry *entry, unsigned char *der_cert, unsigned int der_cert_len); void cm_certread_write_data_to_pipe(struct cm_store_entry *entry, FILE *fp); void cm_certread_read_data_from_buffer(struct cm_store_entry *entry, const char *p); #endif certmonger-0.79.19/src/certread-n.c0000644000175000017500000003432214511314133016415 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certext.h" #include "certext-n.h" #include "certread.h" #include "certread-int.h" #include "log.h" #include "pin.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-n.h" struct cm_certread_state { struct cm_certread_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; struct cm_certread_n_settings { unsigned int readwrite:1; }; static int cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { int status = CM_SUB_STATUS_INTERNAL_ERROR, readwrite, ec; char *pin; SECStatus error; NSSInitContext *ctx; PK11SlotInfo *slot = NULL; CERTCertificate *cert; struct cm_certread_n_settings *settings; struct cm_pin_cb_data cb_data; FILE *fp; const char *es; char *nickname; if (entry->cm_cert_storage_location == NULL) { cm_log(1, "Error reading certificate: no location " "specified.\n"); _exit(1); } if (entry->cm_cert_nickname == NULL) { cm_log(1, "Error reading certificate: no nickname " "specified.\n"); _exit(1); } /* Open the status descriptor for stdio. */ fp = fdopen(fd, "w"); if (fp == NULL) { cm_log(1, "Unable to initialize I/O.\n"); _exit(1); } /* Open the database. */ settings = userdata; readwrite = settings->readwrite; ctx = NSS_InitContext(entry->cm_cert_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); ec = PORT_GetError(); if (ctx == NULL) { if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { switch (errno) { case EACCES: case EPERM: ec = PR_NO_ACCESS_RIGHTS_ERROR; break; default: /* Sigh. Not a lot of detail. Check if we * succeed in read-only mode, which we'll * interpret as lack of write permissions. */ ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); if (ctx != NULL) { error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down " "NSS.\n"); } ctx = NULL; ec = PR_NO_ACCESS_RIGHTS_ERROR; } break; } } if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(0, "Unable to open NSS database '%s': %s.\n", entry->cm_cert_storage_location, es); } else { cm_log(0, "Unable to open NSS database '%s'.\n", entry->cm_cert_storage_location); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ status = CM_SUB_STATUS_ERROR_PERMS; break; default: status = CM_SUB_STATUS_ERROR_INITIALIZING; break; } cm_log(0, "Unable to open NSS database.\n"); _exit(status); } /* Re-open the database with modules enabled */ if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); _exit(1); } ctx = NSS_InitContext(entry->cm_cert_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT); if (ctx == NULL) { cm_log(0, "Unable to initialize NSS db\n"); _exit(1); } es = util_n_fips_hook(); if (es != NULL) { cm_log(0, "Error putting NSS into FIPS mode: %s\n", es); _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } cert = NULL; if (cm_pin_read_for_cert(entry, &pin) != 0) { cm_log(1, "Error reading PIN for cert db.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } if (entry->cm_cert_token == NULL) { entry->cm_cert_token = util_internal_token_name(entry); } PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb); es = util_internal_token_name(entry); if (strcmp(entry->cm_cert_token, es) == 0) { slot = PK11_GetInternalKeySlot(); nickname = talloc_strdup(entry, entry->cm_cert_nickname); } else { slot = PK11_FindSlotByName(entry->cm_cert_token); nickname = talloc_asprintf(entry, "%s:%s", entry->cm_cert_token, entry->cm_cert_nickname); } if (slot == NULL) { cm_log(0, "Could not find the slot slot %s.\n", entry->cm_cert_token); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } /* Be ready to count our uses of a PIN. */ memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; /* If we're supposed to be using a PIN, and we're offered a * chance to set one, do it now. */ if (readwrite) { if (PK11_NeedUserInit(slot)) { if (cm_pin_read_for_cert(entry, &pin) != 0) { cm_log(0, "Error reading PIN to assign " "to storage slot.\n"); PK11_FreeSlot(slot); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } PK11_InitPin(slot, NULL, pin); if (PK11_NeedUserInit(slot)) { cm_log(0, "Cert storage slot still " "needs user PIN to be set.\n"); PK11_FreeSlot(slot); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } /* We're authenticated now, so count this as a * use of the PIN. */ cb_data.n_attempts++; } } /* If we need to log in in order to read certificates, do so. */ if (PK11_NeedLogin(slot)) { cm_log(3, "Need login to token %s\n", PK11_GetTokenName(slot)); if (cm_pin_read_for_cert(entry, &pin) != 0) { cm_log(0, "Error reading PIN for cert db\n"); PK11_FreeSlot(slot); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } error = PK11_Authenticate(slot, PR_TRUE, &cb_data); if (error != SECSuccess) { cm_log(0, "certread-n: Error authenticating to cert db " "slot %s.\n", PK11_GetTokenName(slot)); PK11_FreeSlot(slot); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(0, "PIN was not needed to auth to token " "%s, though one was provided. " "Treating this as an error.\n", PK11_GetTokenName(slot)); PK11_FreeSlot(slot); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } } cm_log(3, "Looking for nickname %s\n", nickname); cert = PK11_FindCertFromNickname(nickname, pin); if (cert) { cm_log(3, "Located the certificate \"%s\".\n", nickname); } else { cm_log(3, "Error locating certificate.\n"); PK11_FreeSlot(slot); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } cm_certread_n_parse(entry, cert->derCert.data, cert->derCert.len); cm_certread_write_data_to_pipe(entry, fp); fclose(fp); PK11_FreeSlot(slot); CERT_DestroyCertificate(cert); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(0); } /* Parse the certificate in the entry, and refresh the certificate-based * fields. */ void cm_certread_n_parse(struct cm_store_entry *entry, unsigned char *der_cert, unsigned int der_cert_len) { PLArenaPool *arena; SECItem item, *items; CERTCertificate *cert, **certs; NSSInitContext *ctx; char *p; const char *nl, *es = NULL; unsigned int i; /* Initialize the library. */ ctx = NSS_InitContext(NULL, NULL, NULL, NULL, NULL, NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_READONLY | NSS_INIT_NOROOTINIT); if (ctx == NULL) { PRErrorCode ec = PR_GetError(); if (ec) { es = PR_ErrorToName(ec); } cm_log(1, "Unable to initialize NSS %s\n", es ? es: ""); _exit(1); } es = util_n_fips_hook(); if (es != NULL) { cm_log(1, "Error putting NSS into FIPS mode: %s\n", es); _exit(1); } /* Allocate a memory pool. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Error opening database '%s'.\n", entry->cm_cert_storage_location); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(ENOMEM); } /* Decode the certificate. */ item.data = der_cert; item.len = der_cert_len; items = &item; certs = NULL; if ((CERT_ImportCerts(CERT_GetDefaultCertDB(), 0, 1, &items, &certs, PR_FALSE, PR_FALSE, "temp") != SECSuccess) || (certs == NULL) || (certs[0] == NULL)) { cm_log(1, "Error decoding certificate.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(1); } cert = certs[0]; /* Pick out the interesting bits. */ /* Issuer name */ talloc_free(entry->cm_cert_issuer_der); entry->cm_cert_issuer_der = cm_store_hex_from_bin(entry, cert->derIssuer.data, cert->derIssuer.len); talloc_free(entry->cm_cert_issuer); entry->cm_cert_issuer = talloc_strdup(entry, cert->issuerName); /* Serial number */ talloc_free(entry->cm_cert_serial); item = cert->serialNumber; entry->cm_cert_serial = cm_store_hex_from_bin(entry, item.data, item.len); /* Subject name */ talloc_free(entry->cm_cert_subject_der); item = cert->derSubject; entry->cm_cert_subject_der = cm_store_hex_from_bin(entry, item.data, item.len); talloc_free(entry->cm_cert_subject); entry->cm_cert_subject = talloc_strdup(entry, cert->subjectName); /* Subject Public Key Info, encoded into a blob. */ talloc_free(entry->cm_cert_spki); if (SEC_ASN1EncodeItem(arena, items, &cert->subjectPublicKeyInfo, CERT_SubjectPublicKeyInfoTemplate) != items) { cm_log(1, "Error encoding subjectPublicKeyInfo.\n"); CERT_DestroyCertArray(certs, 1); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(1); } entry->cm_cert_spki = cm_store_hex_from_bin(entry, items->data, items->len); /* Not-before date. */ p = talloc_strndup(entry, (char *) cert->validity.notBefore.data, cert->validity.notBefore.len); if (p != NULL) { entry->cm_cert_not_before = cm_store_time_from_timestamp(p); } else { entry->cm_cert_not_before = 0; } /* Not-after date. */ p = talloc_strndup(entry, (char *) cert->validity.notAfter.data, cert->validity.notAfter.len); if (p != NULL) { entry->cm_cert_not_after = cm_store_time_from_timestamp(p); } else { entry->cm_cert_not_after = 0; } /* Hostname from subjectAltName extension. */ talloc_free(entry->cm_cert_hostname); entry->cm_cert_hostname = NULL; /* Email address from subjectAltName extension. */ talloc_free(entry->cm_cert_email); entry->cm_cert_email = NULL; /* Principal name from subjectAltName extension. */ talloc_free(entry->cm_cert_principal); entry->cm_cert_principal = NULL; /* IP address from subjectAltName extension. */ talloc_free(entry->cm_cert_ipaddress); entry->cm_cert_ipaddress = NULL; /* Key usage from keyUsage extension. */ talloc_free(entry->cm_cert_ku); entry->cm_cert_ku = NULL; /* Extended key usage from extendedKeyUsage extension. */ talloc_free(entry->cm_cert_eku); entry->cm_cert_eku = NULL; /* Parse the extensions. */ cm_certext_read_extensions(entry, arena, cert->extensions); /* The certificate itself. */ p = NSSBase64_EncodeItem(arena, NULL, 0, &cert->derCert); if (p != NULL) { i = strlen(p); if ((i > 0) && (p[i - 1] != '\n')) { nl = "\n"; } else { nl = ""; } talloc_free(entry->cm_cert); p = talloc_asprintf(entry, "%s%s%s%s", "-----BEGIN CERTIFICATE-----\n", p, nl, "-----END CERTIFICATE-----\n"); entry->cm_cert = p; } /* Clean up. */ CERT_DestroyCertArray(certs, 1); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } } /* Check if something changed, for example we finished reading the data we need * from the cert. */ static int cm_certread_n_ready(struct cm_certread_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_certread_n_get_fd(struct cm_certread_state *state) { return cm_subproc_get_fd(state->subproc); } /* Clean up after reading the certificate. */ static void cm_certread_n_done(struct cm_certread_state *state) { const char *msg; if (state->subproc != NULL) { msg = cm_subproc_get_msg(state->subproc, NULL); cm_certread_read_data_from_buffer(state->entry, msg); cm_subproc_done(state->subproc); } talloc_free(state); } /* Start reading the certificate from the configured location. */ struct cm_certread_state * cm_certread_n_start(struct cm_store_entry *entry) { struct cm_certread_state *state; struct cm_certread_n_settings settings = { .readwrite = 1, }; if (entry->cm_cert_storage_type != cm_cert_storage_nssdb) { cm_log(1, "Wrong read method: can only read certificates " "from an NSS database.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = cm_certread_n_ready; state->pvt.get_fd= cm_certread_n_get_fd; state->pvt.done= cm_certread_n_done; state->entry = entry; state->subproc = cm_subproc_start(cm_certread_n_main, state, NULL, entry, &settings); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/certread-o.c0000644000175000017500000001014014511314133016406 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certread.h" #include "certread-int.h" #include "log.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-o.h" struct cm_certread_state { struct cm_certread_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; static int cm_certread_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { FILE *pem, *fp; X509 *cert; int status, len; char buf[LINE_MAX]; unsigned char *der; long error; if (entry->cm_cert_storage_location == NULL) { cm_log(1, "Error reading certificate: no location " "specified.\n"); _exit(1); } util_o_init(); ERR_load_crypto_strings(); status = CM_SUB_STATUS_INTERNAL_ERROR; fp = fdopen(fd, "w"); if (fp == NULL) { cm_log(1, "Unable to initialize I/O.\n"); _exit(1); } pem = fopen(entry->cm_cert_storage_location, "r"); if (pem != NULL) { cert = PEM_read_X509(pem, NULL, NULL, NULL); if (cert != NULL) { status = 0; } else { cm_log(1, "Internal error reading cert from \"%s\".\n", entry->cm_cert_storage_location); } fclose(pem); } else { if (errno != ENOENT) { cm_log(1, "Error opening cert file '%s' " "for reading: %s.\n", entry->cm_cert_storage_location, strerror(errno)); } cert = NULL; } if (status == 0) { der = NULL; len = i2d_X509(cert, &der); cm_certread_n_parse(entry, der, len); cm_certread_write_data_to_pipe(entry, fp); } else { while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } } fclose(fp); _exit(0); } /* Check if something changed, for example we finished reading the data we need * from the cert. */ static int cm_certread_o_ready(struct cm_certread_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_certread_o_get_fd(struct cm_certread_state *state) { return cm_subproc_get_fd(state->subproc); } /* Clean up after reading the certificate. */ static void cm_certread_o_done(struct cm_certread_state *state) { if (state->subproc != NULL) { cm_certread_read_data_from_buffer(state->entry, cm_subproc_get_msg(state->subproc, NULL)); cm_subproc_done(state->subproc); } talloc_free(state); } /* Start reading the certificate from the configured location. */ struct cm_certread_state * cm_certread_o_start(struct cm_store_entry *entry) { struct cm_certread_state *state; if (entry->cm_cert_storage_type != cm_cert_storage_file) { cm_log(1, "Wrong read method: can only read certificates " "from a file.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = cm_certread_o_ready; state->pvt.get_fd= cm_certread_o_get_fd; state->pvt.done= cm_certread_o_done; state->entry = entry; state->subproc = cm_subproc_start(cm_certread_o_main, state, NULL, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/certread.c0000644000175000017500000003031114511314133016154 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include "certread.h" #include "certread-int.h" #include "log.h" #include "store.h" #include "store-int.h" /* Start refreshing the certificate and associated data from the entry from the * configured location. */ struct cm_certread_state * cm_certread_start(struct cm_store_entry *entry) { switch (entry->cm_cert_storage_type) { #ifdef HAVE_OPENSSL case cm_cert_storage_file: if (entry->cm_cert_storage_location != NULL) { return cm_certread_o_start(entry); } else { return NULL; } break; #endif #ifdef HAVE_NSS case cm_cert_storage_nssdb: if ((entry->cm_cert_storage_location != NULL) && (entry->cm_cert_nickname != NULL)) { return cm_certread_n_start(entry); } else { return NULL; } break; #endif } return NULL; } /* Check if something changed, for example we finished reading the cert. */ int cm_certread_ready(struct cm_certread_state *state) { struct cm_certread_state_pvt *pvt; pvt = (struct cm_certread_state_pvt *) state; return pvt->ready(state); } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_certread_get_fd(struct cm_certread_state *state) { struct cm_certread_state_pvt *pvt; pvt = (struct cm_certread_state_pvt *) state; return pvt->get_fd(state); } /* Clean up after reading the certificate. */ void cm_certread_done(struct cm_certread_state *state) { struct cm_certread_state_pvt *pvt; pvt = (struct cm_certread_state_pvt *) state; pvt->done(state); } /* Send what we know about this certificate down a pipe using stdio. */ void cm_certread_write_data_to_pipe(struct cm_store_entry *entry, FILE *fp) { int i; unsigned char *p; fprintf(fp, " %s\n", entry->cm_cert_issuer_der ?: ""); p = (unsigned char *) entry->cm_cert_issuer; fprintf(fp, " %s\n", p ? cm_store_base64_from_bin(NULL, p, -1) : ""); fprintf(fp, " %s\n", entry->cm_cert_serial ?: ""); fprintf(fp, " %s\n", entry->cm_cert_subject_der ?: ""); p = (unsigned char *) entry->cm_cert_subject; fprintf(fp, " %s\n", p ? cm_store_base64_from_bin(NULL, p, -1) : ""); fprintf(fp, " %s\n", entry->cm_cert_spki ?: ""); fprintf(fp, " %lu\n", entry->cm_cert_not_before ?: 0); fprintf(fp, " %lu\n", entry->cm_cert_not_after ?: 0); for (i = 0; (entry->cm_cert_hostname != NULL) && (entry->cm_cert_hostname[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_hostname[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); for (i = 0; (entry->cm_cert_email != NULL) && (entry->cm_cert_email[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_email[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); for (i = 0; (entry->cm_cert_principal != NULL) && (entry->cm_cert_principal[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_principal[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); for (i = 0; (entry->cm_cert_ipaddress != NULL) && (entry->cm_cert_ipaddress[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_ipaddress[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); fprintf(fp, " %s\n", entry->cm_cert_ku ?: ""); fprintf(fp, " %s\n", entry->cm_cert_eku ?: ""); p = (unsigned char *) entry->cm_cert_token; fprintf(fp, " %s\n", p ? cm_store_base64_from_bin(NULL, p, -1) : ""); fprintf(fp, " %d\n", entry->cm_cert_is_ca ? 1 : 0); fprintf(fp, " %d\n", entry->cm_cert_is_ca ? entry->cm_cert_ca_path_length : -1); for (i = 0; (entry->cm_cert_ocsp_location != NULL) && (entry->cm_cert_ocsp_location[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_ocsp_location[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); for (i = 0; (entry->cm_cert_crl_distribution_point != NULL) && (entry->cm_cert_crl_distribution_point[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_crl_distribution_point[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); for (i = 0; (entry->cm_cert_freshest_crl != NULL) && (entry->cm_cert_freshest_crl[i] != NULL); i++) { p = (unsigned char *) entry->cm_cert_freshest_crl[i]; fprintf(fp, "%s%s", (i > 0) ? "," : " ", cm_store_base64_from_bin(NULL, p, -1)); } fprintf(fp, "%s\n", i > 0 ? "" : " "); p = (unsigned char *) entry->cm_cert_ns_comment; fprintf(fp, " %s\n", p ? cm_store_base64_from_bin(NULL, p, -1) : ""); p = (unsigned char *) entry->cm_cert_profile; fprintf(fp, " %s\n", p ? cm_store_base64_from_bin(NULL, p, -1) : ""); fprintf(fp, " %d\n", entry->cm_cert_no_ocsp_check ? 1 : 0); p = (unsigned char *) entry->cm_cert_ns_certtype; fprintf(fp, " %s\n", p ? cm_store_base64_from_bin(NULL, p, -1) : ""); fprintf(fp, " %s\n", entry->cm_cert ?: ""); } /* Parse what we know about this certificate from a buffer. */ void cm_certread_read_data_from_buffer(struct cm_store_entry *entry, const char *p) { const char *q, *u, *v; char *s; void *vals; int i = 0, j; while (*p != '\0') { /* Skip over the first character. */ p++; /* Find the end of the line. */ q = p + strcspn(p, "\r\n"); /* Decide what to do with the data. */ switch (i++) { case 0: talloc_free(entry->cm_cert_issuer_der); entry->cm_cert_issuer_der = (p == q) ? NULL : talloc_strndup(entry, p, q - p); break; case 1: talloc_free(entry->cm_cert_issuer); entry->cm_cert_issuer = (p == q) ? NULL : cm_store_base64_as_bin(entry, p, q - p, NULL); break; case 2: talloc_free(entry->cm_cert_serial); entry->cm_cert_serial = (p == q) ? NULL : talloc_strndup(entry, p, q - p); break; case 3: talloc_free(entry->cm_cert_subject_der); entry->cm_cert_subject_der = (p == q) ? NULL : talloc_strndup(entry, p, q - p); break; case 4: talloc_free(entry->cm_cert_subject); entry->cm_cert_subject = (p == q) ? NULL : cm_store_base64_as_bin(entry, p, q - p, NULL); break; case 5: talloc_free(entry->cm_cert_spki); entry->cm_cert_spki = (p == q) ? NULL : talloc_strndup(entry, p, q - p); break; case 6: s = talloc_strndup(entry, p, q - p); entry->cm_cert_not_before = atol(s); talloc_free(s); break; case 7: s = talloc_strndup(entry, p, q - p); entry->cm_cert_not_after = atol(s); talloc_free(s); break; case 8: talloc_free(entry->cm_cert_hostname); entry->cm_cert_hostname = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_hostname; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_hostname[j] = cm_store_base64_as_bin(vals, u, v - u, NULL); j++; } u = v + strspn(u, ",\r\n"); } break; case 9: talloc_free(entry->cm_cert_email); entry->cm_cert_email = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_email; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_email[j] = cm_store_base64_as_bin(vals, u, v - u, NULL); j++; } u = v + strspn(u, ",\r\n"); } break; case 10: talloc_free(entry->cm_cert_principal); entry->cm_cert_principal = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_principal; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_principal[j] = cm_store_base64_as_bin(vals, u, v - u, NULL); j++; } u = v + strspn(u, ",\r\n"); } break; case 11: talloc_free(entry->cm_cert_ipaddress); entry->cm_cert_ipaddress = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_ipaddress; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_ipaddress[j] = talloc_strndup(vals, u, v - u); j++; } u = v + strspn(u, ",\r\n"); } break; case 12: talloc_free(entry->cm_cert_ku); entry->cm_cert_ku = (p == q) ? NULL : talloc_strndup(entry, p, q - p); break; case 13: talloc_free(entry->cm_cert_eku); entry->cm_cert_eku = (p == q) ? NULL : talloc_strndup(entry, p, q - p); break; case 14: if (p != q) { talloc_free(entry->cm_cert_token); entry->cm_cert_token = cm_store_base64_as_bin(entry, p, q - p, NULL); } break; case 15: entry->cm_cert_is_ca = (p != q) ? (atoi(p) != 0) : 0; break; case 16: entry->cm_cert_ca_path_length = (p != q) ? atoi(p) : -1; break; case 17: talloc_free(entry->cm_cert_ocsp_location); entry->cm_cert_ocsp_location = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_ocsp_location; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_ocsp_location[j] = cm_store_base64_as_bin(vals, u, v - u, NULL); j++; } u = v + strspn(u, ",\r\n"); } break; case 18: talloc_free(entry->cm_cert_crl_distribution_point); entry->cm_cert_crl_distribution_point = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_crl_distribution_point; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_crl_distribution_point[j] = cm_store_base64_as_bin(vals, u, v - u, NULL); j++; } u = v + strspn(u, ",\r\n"); } break; case 19: talloc_free(entry->cm_cert_freshest_crl); entry->cm_cert_freshest_crl = talloc_zero_array(entry, char *, q - p + 2); vals = entry->cm_cert_freshest_crl; u = p; j = 0; while ((*u != '\0') && (u < q)) { v = u + strcspn(u, ",\r\n"); if (v > u) { entry->cm_cert_freshest_crl[j] = cm_store_base64_as_bin(vals, u, v - u, NULL); j++; } u = v + strspn(u, ",\r\n"); } break; case 20: talloc_free(entry->cm_cert_ns_comment); entry->cm_cert_ns_comment = (p == q) ? NULL : cm_store_base64_as_bin(entry, p, q - p, NULL); break; case 21: talloc_free(entry->cm_cert_profile); entry->cm_cert_profile = (p == q) ? NULL : cm_store_base64_as_bin(entry, p, q - p, NULL); break; case 22: entry->cm_cert_no_ocsp_check = (p != q) ? (atoi(p) != 0) : 0; break; case 23: talloc_free(entry->cm_cert_ns_certtype); entry->cm_cert_ns_certtype = (p == q) ? NULL : cm_store_base64_as_bin(entry, p, q - p, NULL); break; case 24: talloc_free(entry->cm_cert); entry->cm_cert = (p[strspn(p, " \r\n")] == '\0') ? NULL : talloc_strdup(entry, p); break; } /* Find the beginning of the next line. */ p = q + strspn(q, "\r\n"); } } certmonger-0.79.19/src/certread.h0000644000175000017500000000273114511314133016166 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcertread_h #define cmcertread_h struct cm_certread_state; struct cm_store_entry; /* Start refreshing the certificate and associated data from the entry from the * configured location. */ struct cm_certread_state *cm_certread_start(struct cm_store_entry *entry); struct cm_certread_state *cm_certread_n_start(struct cm_store_entry *entry); struct cm_certread_state *cm_certread_o_start(struct cm_store_entry *entry); /* Check if something changed, for example we finished reading the cert. */ int cm_certread_ready(struct cm_certread_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_certread_get_fd(struct cm_certread_state *state); /* Clean up after reading the certificate. */ void cm_certread_done(struct cm_certread_state *state); #endif certmonger-0.79.19/src/certsave-int.h0000644000175000017500000000424214511314133017000 0ustar gitgit00000000000000/* * Copyright (C) 2009,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcertsaveint_h #define cmcertsaveint_h enum cm_certsave_status { CM_CERTSAVE_STATUS_SAVED = 0, CM_CERTSAVE_STATUS_INTERNAL_ERROR = 1, CM_CERTSAVE_STATUS_SUBJECT_CONFLICT = 2, CM_CERTSAVE_STATUS_NICKNAME_CONFLICT = 3, CM_CERTSAVE_STATUS_INITIALIZING = 4, CM_CERTSAVE_STATUS_PERMS = 5, CM_CERTSAVE_STATUS_AUTH = 6, CM_CERTSAVE_STATUS_NO_TOKEN = 7, }; struct cm_certsave_state_pvt { /* Check if something changed, for example we finished saving the cert. */ int (*ready)(struct cm_certsave_state *state); /* Get a selectable-for-read descriptor that we can poll for status * changes. */ int (*get_fd)(struct cm_certsave_state *state); /* Check if we saved the certificate. */ int (*saved)(struct cm_certsave_state *state); /* Check if we failed due to filesystem permissions. */ int (*permissions_error)(struct cm_certsave_state *state); /* Tell us if we need a token to be inserted to access the storage * location. */ int (*token_error)(struct cm_certsave_state *state); /* Tell us if we need a PIN (or a new PIN) to access the storage * location. */ int (*pin_error)(struct cm_certsave_state *state); /* Check if we failed because the subject was already being used. */ int (*conflict_subject)(struct cm_certsave_state *state); /* Check if we failed because the nickname was already being used. */ int (*conflict_nickname)(struct cm_certsave_state *state); /* Clean up after saving the certificate. */ void (*done)(struct cm_certsave_state *state); }; #endif certmonger-0.79.19/src/certsave-n.c0000644000175000017500000007774514511314133016460 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certsave.h" #include "certsave-int.h" #include "log.h" #include "pin.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-n.h" #define PRIVKEY_LIST_EMPTY(l) PRIVKEY_LIST_END(PRIVKEY_LIST_HEAD(l), l) struct cm_certsave_state { struct cm_certsave_state_pvt pvt; struct cm_subproc_state *subproc; struct cm_store_entry *entry; }; struct cm_certsave_n_settings { unsigned int readwrite:1; }; static SECKEYPrivateKey ** add_privkey_to_list(SECKEYPrivateKey **list, SECKEYPrivateKey *key) { SECKEYPrivateKey **newlist; int i; if (key != NULL) { for (i = 0; (list != NULL) && (list[i] != NULL); i++) { if (list[i] == key) { SECKEY_DestroyPrivateKey(key); break; } } if ((list == NULL) || (list[i] == NULL)) { newlist = malloc(sizeof(newlist[0]) * (i + 2)); if (newlist != NULL) { if (list != NULL) memcpy(newlist, list, sizeof(newlist[0]) * i); newlist[i] = key; newlist[i + 1] = NULL; list = newlist; } } } return list; } /* Return a nickname minus the token */ static char * cm_get_nickname(char *data) { char *p = NULL; if (strchr(data, ':') != NULL) { p = strrchr(data, ':') + 1; } else { p = data; } return p; } static int cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { int status = CM_CERTSAVE_STATUS_INTERNAL_ERROR, readwrite, i, ec; PRBool have_trust; PLArenaPool *arena; SECStatus error; SECItem *item, subject; char *p, *q, *pin; const char *token; const char *es; PK11SlotList *slotlist; PK11SlotListElement *sle; CK_MECHANISM_TYPE mech; NSSInitContext *ctx; CERTCertDBHandle *certdb; CERTCertList *certlist; CERTCertificate *oldcert, *newcert, cert; CERTCertTrust trust; CERTSignedData csdata; CERTCertListNode *node; SECKEYPrivateKey **privkeys = NULL, *privkey; SECKEYPrivateKeyList *privkeylist; SECKEYPrivateKeyListNode *knode; struct cm_certsave_n_settings *settings; struct cm_pin_cb_data cb_data; if (entry->cm_cert_storage_location == NULL) { cm_log(1, "Error saving certificate: no location " "specified.\n"); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } if (entry->cm_cert_nickname == NULL) { cm_log(1, "Error saving certificate: no nickname " "specified.\n"); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } /* Open the database. */ if (entry->cm_nss_user != NULL) { struct passwd *pwd; struct group *grp; char *user, *group = NULL; uid_t uid; gid_t gid; user = strdup(entry->cm_nss_user); group = strchr(user, ':'); if (group != NULL) { *group++ = '\0'; if (strlen(group) == 0) { group = NULL; } } errno = 0; pwd = getpwnam(user); if (pwd == NULL) { cm_log(0, "Error looking up user \"%s\", " "not setting identity: %s.\n", user, strerror(errno)); free(user); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } uid = pwd->pw_uid; gid = pwd->pw_gid; if (group != NULL) { grp = getgrnam(group); if (grp == NULL) { cm_log(0, "Error looking up group \"%s\", " "not setting identity.\n", group); free(user); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } gid = grp->gr_gid; } free(user); cm_log(1, "Switching to %s %d:%d\n", pwd->pw_name, uid, gid); if (initgroups(pwd->pw_name, gid) == -1) { cm_log(0, "initgroups error (%s: %d): %s\n", pwd->pw_name, gid, strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } if (setgid(gid) == -1) { cm_log(0, "setgid error (%d): %s\n", gid, strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } if (setuid(uid) == -1) { cm_log(0, "setuid error (%d): %s\n", uid, strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } } settings = userdata; readwrite = settings->readwrite; errno = 0; ctx = NSS_InitContext(entry->cm_cert_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); ec = PORT_GetError(); if (ctx == NULL) { if ((ec == SEC_ERROR_READ_ONLY) && readwrite) { ec = PR_NO_ACCESS_RIGHTS_ERROR; } else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { switch (errno) { case EACCES: case EPERM: case ENOENT: ec = PR_NO_ACCESS_RIGHTS_ERROR; break; default: /* Sigh. Not a lot of detail. Check if we * succeed in read-only mode, which we'll * interpret as lack of write permissions. */ ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); if (ctx != NULL) { error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down " "NSS.\n"); } ctx = NULL; ec = PR_NO_ACCESS_RIGHTS_ERROR; } break; } } if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Unable to open NSS database '%s': %s.\n", entry->cm_cert_storage_location, es); } else { cm_log(1, "Unable to open NSS database '%s'.\n", entry->cm_cert_storage_location); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ status = CM_CERTSAVE_STATUS_PERMS; break; default: status = CM_CERTSAVE_STATUS_INITIALIZING; break; } } else { /* We don't try to force FIPS mode here, as it seems to get in * the way of saving the certificate. */ if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(0, "Error shutting down NSS.\n"); _exit(1); } ctx = NSS_InitContext(entry->cm_cert_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT); if (ctx == NULL) { cm_log(0, "Unable to initialize NSS %s.\n", entry->cm_cert_storage_location); _exit(1); } /* Allocate a memory pool. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Error opening database '%s'.\n", entry->cm_cert_storage_location); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } /* Find the tokens that we might use for cert storage. */ mech = CKM_INVALID_MECHANISM; slotlist = PK11_GetAllTokens(mech, PR_FALSE, PR_FALSE, NULL); if (slotlist == NULL) { cm_log(1, "Error getting list of tokens.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(2); } /* Walk the list looking for the requested slot, or the first one if * none was requested. */ if (cm_pin_read_for_cert(entry, &pin) != 0) { cm_log(1, "Error reading PIN for cert db.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb); if (entry->cm_cert_token == NULL) { entry->cm_cert_token = util_internal_token_name(entry); } for (sle = slotlist->head; ((sle != NULL) && (sle->slot != NULL)); sle = sle->next) { /* Log the slot's name. */ token = PK11_GetTokenName(sle->slot); if (token != NULL) { cm_log(3, "Found token '%s'.\n", token); } else { cm_log(3, "Found unnamed token.\n"); } /* If we're looking for a specific slot, and this isn't it, * keep going. */ if ((entry->cm_cert_token != NULL) && ((token == NULL) || (strcmp(entry->cm_cert_token, token) != 0))) { if (token != NULL) { cm_log(1, "Token is named \"%s\", not \"%s\", " "skipping.\n", token, entry->cm_cert_token); } else { cm_log(1, "Token is unnamed, not \"%s\", " "skipping.\n", entry->cm_cert_token); } goto next_slot; } /* Be ready to count our uses of a PIN. */ memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; pin = NULL; if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading PIN for key store, " "failing to save certificate.\n"); PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_AUTH); } if (PK11_NeedUserInit(sle->slot)) { PK11_InitPin(sle->slot, NULL, pin ? pin : ""); ec = PORT_GetError(); es = PR_ErrorToName(ec); if (PK11_NeedUserInit(sle->slot)) { if (es != NULL) { cm_log(1, "Key storage slot still " "needs user PIN to be set: " "%s.\n", es); } else { cm_log(1, "Key storage slot still " "needs user PIN to be set.\n"); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ _exit(CM_CERTSAVE_STATUS_PERMS); break; default: _exit(CM_CERTSAVE_STATUS_AUTH); break; } } /* count this as use of the PIN */ cb_data.n_attempts++; } if (PK11_NeedLogin(sle->slot)) { error = PK11_Authenticate(sle->slot, PR_TRUE, &cb_data); if (error != SECSuccess) { cm_log(1, "Error authenticating to cert db for token " "%s.\n", token); goto next_slot; } cb_data.n_attempts++; } if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to auth to key " "store, though one was provided. " "Treating this as an error.\n"); PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_AUTH); } certdb = CERT_GetDefaultCertDB(); if (certdb != NULL) { /* Strip the header and footer. */ p = entry->cm_cert; q = NULL; if (p != NULL) { while (strncmp(p, "-----BEGIN ", 11) == 0) { p += strcspn(p, "\r\n"); p += strspn(p, "\r\n"); } q = strstr(p, "-----END"); } if ((q == NULL) || (*p == '\0')) { cm_log(1, "Unable to parse certificate.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } /* Handle the base64 decode. */ item = NSSBase64_DecodeBuffer(arena, NULL, p, q - p); if (item == NULL) { cm_log(1, "Unable to decode certificate " "into buffer.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } /* Do a "shallow" decode to pull out the subject name * so that we can check for a conflict. */ memset(&csdata, 0, sizeof(csdata)); if (SEC_ASN1DecodeItem(arena, &csdata, CERT_SignedDataTemplate, item) != SECSuccess) { cm_log(1, "Unable to decode certificate " "signed data into buffer.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } memset(&cert, 0, sizeof(cert)); if (SEC_ASN1DecodeItem(arena, &cert, CERT_CertificateTemplate, &csdata.data) != SECSuccess) { cm_log(1, "Unable to decode certificate " "data into buffer.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } subject = cert.derSubject; /* Ask NSS if there would be a conflict. */ have_trust = PR_FALSE; if (SEC_CertNicknameConflict(entry->cm_cert_nickname, &subject, certdb)) { /* Delete the certificate that's already there * with the nickname we want, otherwise our * cert with a different subject name will be * discarded. */ cm_log(3, "Looking for duplicate nickname '%s'\n", entry->cm_cert_nickname); certlist = PK11_FindCertsFromNickname(entry->cm_cert_nickname, NULL); if (certlist != NULL) { /* Look for certs with different * subject names but the same nickname, * because they've got to go. */ for (node = CERT_LIST_HEAD(certlist); (node != NULL) && !CERT_LIST_EMPTY(certlist) && !CERT_LIST_END(node, certlist); node = CERT_LIST_NEXT(node)) { if ((!SECITEM_ItemsAreEqual(&subject, &node->cert->derSubject)) && (sle->slot == node->cert->slot)) { cm_log(3, "1 Found a " "certificate " "with the same " "nickname but " "different " "subject, " "removing " "certificate " "\"%s\" with " "subject " "\"%s\".\n", node->cert->nickname, node->cert->subjectName ? node->cert->subjectName : ""); /* Get a handle for * this certificate's * private key, in case * we need to remove * it. */ privkey = PK11_FindKeyByAnyCert(node->cert, NULL); privkeys = add_privkey_to_list(privkeys, privkey); SEC_DeletePermCertificate(node->cert); } } CERT_DestroyCertList(certlist); } } else { cm_log(3, "No duplicate nickname entries for '%s'.\n", entry->cm_cert_nickname); } /* This certificate's subject may already be present * with a different nickname. Delete those, too. */ certlist = CERT_CreateSubjectCertList(NULL, certdb, &subject, PR_FALSE, PR_FALSE); if (certlist != NULL) { /* Look for certs with different nicknames but * the same subject name, because those have * got to go. */ i = 0; for (node = CERT_LIST_HEAD(certlist); (node != NULL) && !CERT_LIST_EMPTY(certlist) && !CERT_LIST_END(node, certlist); node = CERT_LIST_NEXT(node)) { if ((node->cert->nickname != NULL) && (strcmp(cm_get_nickname(entry->cm_cert_nickname), cm_get_nickname(node->cert->nickname)) != 0) && (sle->slot == node->cert->slot)) { i++; cm_log(3, "2 Found a " "certificate with a " "different nickname but " "the same subject, " "removing certificate " "\"%s\" vs \"%s\" with subject " "\"%s\" in slot \"%s\" vs " "\"%s\".\n", node->cert->nickname, entry->cm_cert_nickname, node->cert->subjectName ? node->cert->subjectName : "", PK11_GetTokenName(sle->slot), PK11_GetTokenName(node->cert->slot) ); /* Get a handle for this * certificate's private key, * in case we need to remove * it. */ privkey = PK11_FindKeyByAnyCert(node->cert, NULL); privkeys = add_privkey_to_list(privkeys, privkey); SEC_DeletePermCertificate(node->cert); } else { /* Same nickname, and we * already know it has the same * subject name. Save its * trust. */ if (!have_trust) { if (CERT_GetCertTrust(node->cert, &trust) == SECSuccess) { have_trust = PR_TRUE; } } } } if (i == 0) { cm_log(3, "No duplicate subject name entries in certlist.\n"); } CERT_DestroyCertList(certlist); } else { cm_log(3, "No duplicate subject name entries.\n"); } /* Make one more attempt at finding an existing trust * value. */ if (!have_trust) { oldcert = PK11_FindCertFromNickname(entry->cm_cert_nickname, NULL); if (oldcert != NULL) { if (CERT_GetCertTrust(oldcert, &trust) == SECSuccess) { have_trust = PR_TRUE; } CERT_DestroyCertificate(oldcert); oldcert = NULL; } } /* save off old cert before importing new one */ cm_log(3, "Looking for existing certicates with the same nickname\n"); oldcert = PK11_FindCertFromNickname(entry->cm_cert_nickname, NULL); if (oldcert) { cm_log(3, "Found existing cert \"%s\".\n", oldcert->nickname); } else { cm_log(3, "No existing certificate found.\n"); } /* Import the certificate. */ newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len); if (newcert != NULL) { PK11SlotInfo *internal_slot = NULL; SECStatus ierror; error = PK11_ImportCert(sle->slot, newcert, CK_INVALID_HANDLE, entry->cm_cert_nickname, PR_FALSE); /* Import the updated cert into the internal slot if the * the configured token is not already internal */ internal_slot = PK11_GetInternalKeySlot(); if ((ierror == SECSuccess) && (sle->slot != internal_slot)) { cm_log(3, "Imported to token, adding to internal\n"); ierror = PK11_ImportCert(internal_slot, newcert, CK_INVALID_HANDLE, entry->cm_cert_nickname, PR_FALSE); cm_log(1, "Imported certificate with " "nickname \"%s\" to \"%s\".\n", entry->cm_cert_nickname, PK11_GetTokenName(internal_slot)); } PK11_FreeSlot(internal_slot); } else { cm_log(1, "SECFailure loading certificates\n"); error = SECFailure; } if (error == SECSuccess) { cm_log(1, "Imported certificate with " "nickname \"%s\" to \"%s\".\n", entry->cm_cert_nickname, PK11_GetTokenName(sle->slot)); status = 0; /* Set the trust on the new certificate, * perhaps matching the trust on an * already-present certificate with the same * nickname. */ if (!have_trust) { memset(&trust, 0, sizeof(trust)); trust.sslFlags = CERTDB_USER; trust.emailFlags = CERTDB_USER; trust.objectSigningFlags = CERTDB_USER; } error = CERT_ChangeCertTrust(certdb, newcert, &trust); ec = PORT_GetError(); if (error != SECSuccess) { if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(0, "Error setting trust " "on certificate \"%s\": " "%s.\n", entry->cm_cert_nickname, es); } else { cm_log(0, "Error setting trust " "on certificate \"%s\".\n", entry->cm_cert_nickname); } } /* Delete any other certificates that are there * with the same nickname. While NSS's * database allows duplicates so long as they * have the same subject name and nickname, * several APIs and many applications can't * dependably find the right one among more * than one. So bye-bye, old certificates. */ slotlist = PK11_GetAllSlotsForCert(oldcert, NULL); if (slotlist && oldcert) { CERTCertificate *cert = NULL; PK11SlotListElement *se; int deleted = 0; /* Loop until no certificates are removed. For some * reason NSS does not always remove the certificate * from the token the certificate is associated * with so loop until there are none to be removed. */ do { deleted = 0; for (se = slotlist->head; ((se != NULL) && (se->slot != NULL)); se = se->next) { cm_log(3, "Looking to remove \"%s\" from slot \"%s\"\n", oldcert->nickname, PK11_GetTokenName(se->slot)); cert = CERT_FindCertByDERCert(certdb, &oldcert->derCert); if (cert == NULL) { cm_log(3, "No matching certificate found \"%s\"\n", oldcert->nickname); continue; } if (!SECITEM_ItemsAreEqual(&cert->derCert, &oldcert->derCert) && (se->slot == cert->slot)) { cm_log(1, "Deleting duplicate certificate(s)\n"); cm_log(3, "Removing nickname '%s' cert slock '%s' in slot '%s'\n", cert->nickname, PK11_GetTokenName(cert->slot), PK11_GetTokenName(se->slot)); /* Mark the key as an orphan candidate in * case of a rekey. */ privkey = PK11_FindKeyByAnyCert(cert, NULL); privkeys = add_privkey_to_list(privkeys, privkey); SEC_DeletePermCertificate(cert); deleted += 1; } else { cm_log(3, "Certificate not found in \"%s\"\n", PK11_GetTokenName(se->slot)); } CERT_DestroyCertificate(cert); cert = NULL; } if (deleted == 0) { cm_log(3, "No certs deleted\n"); } else { cm_log(3, "%d certs deleted\n", deleted); } PK11_FreeSlotList(slotlist); //slotlist = PK11_GetAllTokens(mech, PR_FALSE, PR_FALSE, NULL); slotlist = PK11_GetAllSlotsForCert(oldcert, NULL); } while (deleted > 0); } else { cm_log(1, "No existing certificate found to delete\n"); } if (slotlist) { PK11_FreeSlotList(slotlist); } if (oldcert) { CERT_DestroyCertificate(oldcert); oldcert = NULL; } certlist = PK11_FindCertsFromNickname(entry->cm_cert_nickname, NULL); if (certlist != NULL) { /* Look for certs with contents. */ for (node = CERT_LIST_HEAD(certlist); (node != NULL) && !CERT_LIST_EMPTY(certlist) && !CERT_LIST_END(node, certlist); node = CERT_LIST_NEXT(node)) { if (!SECITEM_ItemsAreEqual(item, &node->cert->derCert) && (sle->slot == node->cert->slot)) { cm_log(3, "3 Found a " "certificate " "with the same " "nickname and " "subject, but " "different " "contents, " "removing it.\n"); /* Get a handle for * this certificate's * private key, in case * we need to remove * it. */ privkey = PK11_FindKeyByAnyCert(node->cert, NULL); privkeys = add_privkey_to_list(privkeys, privkey); SEC_DeletePermCertificate(node->cert); } } CERT_DestroyCertList(certlist); } } else { if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(0, "Error importing certificate " "into NSSDB \"%s\": %s.\n", entry->cm_cert_storage_location, es); } else { cm_log(0, "Error importing certificate " "into NSSDB \"%s\".\n", entry->cm_cert_storage_location); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* ACCES/PERM */ status = CM_CERTSAVE_STATUS_PERMS; break; default: status = CM_CERTSAVE_STATUS_INTERNAL_ERROR; break; } } /* If we managed to import the certificate, mark its * key for having its nickname removed. */ if (newcert != NULL) { privkey = PK11_FindKeyByAnyCert(newcert, NULL); privkeys = add_privkey_to_list(privkeys, privkey); CERT_DestroyCertificate(newcert); } /* In case we're rekeying, but failed, mark the * candidate key for name-clearing or removal, too. */ if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { p = util_build_next_nickname(entry->cm_key_nickname, entry->cm_key_next_marker); privkeylist = PK11_ListPrivKeysInSlot(sle->slot, p, NULL); if (privkeylist != NULL) { for (knode = PRIVKEY_LIST_HEAD(privkeylist); !PRIVKEY_LIST_EMPTY(privkeylist) && !PRIVKEY_LIST_END(knode, privkeylist); knode = PRIVKEY_LIST_NEXT(knode)) { q = PK11_GetPrivateKeyNickname(knode->key); if ((q != NULL) && (strcmp(p, q) == 0)) { privkey = SECKEY_CopyPrivateKey(knode->key); privkeys = add_privkey_to_list(privkeys, privkey); break; } } SECKEY_DestroyPrivateKeyList(privkeylist); } } if (privkeys != NULL) { /* Check if any certificates are still using * the keys that correspond to certificates * that we removed. */ for (i = 0; privkeys[i] != NULL; i++) { privkey = privkeys[i]; oldcert = PK11_GetCertFromPrivateKey(privkey); if (!entry->cm_key_preserve && (oldcert == NULL)) { /* We're not preserving * orphaned keys, so remove * this one. No need to mess * with its nickname first. */ PK11_DeleteTokenPrivateKey(privkey, PR_FALSE); if (error == SECSuccess) { cm_log(3, "Removed old key.\n"); } else { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(0, "Failed " "to remove " "old key: " "%s.\n", es); } else { cm_log(0, "Failed " "to remove " "old key.\n"); } } } else { /* Remove the explicit * nickname, so that the key * will have to be found using * the certificate's nickname, * and certutil will display * the matching certificate's * nickname when it's asked to * list the keys in the * database. */ error = PK11_SetPrivateKeyNickname(privkey, ""); if (error == SECSuccess) { cm_log(3, "Removed " "name from old " "key.\n"); } else { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(0, "Failed " "to unname " "old key: " "%s.\n", es); } else { cm_log(0, "Failed " "to unname " "old key.\n"); } } SECKEY_DestroyPrivateKey(privkey); } if (oldcert != NULL) { CERT_DestroyCertificate(oldcert); } } free(privkeys); } } else { cm_log(1, "Error getting handle to default NSS DB.\n"); } PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } /* Fixup the ownership and permissions on the key and * certificate databases. */ util_set_db_entry_key_owner(entry->cm_key_storage_location, entry); util_set_db_entry_cert_owner(entry->cm_cert_storage_location, entry); break; next_slot: if (sle == slotlist->tail) { break; } } /* for slot loop */ } /* ctx == NULL */ if (status != 0) { _exit(status); } return 0; } /* Check if something changed, for example we finished saving the cert. */ static int cm_certsave_n_ready(struct cm_certsave_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_certsave_n_get_fd(struct cm_certsave_state *state) { return cm_subproc_get_fd(state->subproc); } /* Check if we saved the certificate -- the child exited with status 0. */ static int cm_certsave_n_saved(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_SAVED)) { return -1; } if ((state->entry->cm_key_next_marker != NULL) && (strlen(state->entry->cm_key_next_marker) > 0)) { state->entry->cm_key_requested_count = state->entry->cm_key_next_requested_count; state->entry->cm_key_next_requested_count = 0; state->entry->cm_key_generated_date = state->entry->cm_key_next_generated_date; state->entry->cm_key_next_generated_date = 0; state->entry->cm_key_issued_count = 1; } else { state->entry->cm_key_issued_count++; } state->entry->cm_key_next_marker = NULL; return 0; } /* Check if we failed because the subject was already there with a different * nickname. */ static int cm_certsave_n_conflict_subject(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_SUBJECT_CONFLICT)) { return -1; } return 0; } /* Check if we failed because the nickname was already taken by a different * subject . */ static int cm_certsave_n_conflict_nickname(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_NICKNAME_CONFLICT)) { return -1; } return 0; } /* Check if we failed because we couldn't read or write to the storage * location. */ static int cm_certsave_n_permissions_error(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_PERMS)) { return -1; } return 0; } /* Check if we failed because the right token wasn't present. */ static int cm_certsave_n_token_error(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_NO_TOKEN)) { return -1; } return 0; } /* Check if we failed because we didn't have the right PIN or password to * access the storage location. */ static int cm_certsave_n_pin_error(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_AUTH)) { return -1; } return 0; } /* Clean up after saving the certificate. */ static void cm_certsave_n_done(struct cm_certsave_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start writing the certificate from the entry to the configured location. */ struct cm_certsave_state * cm_certsave_n_start(struct cm_store_entry *entry) { struct cm_certsave_state *state; struct cm_certsave_n_settings settings = { .readwrite = 1, }; if (entry->cm_cert_storage_type != cm_cert_storage_nssdb) { cm_log(1, "Wrong save method: can only save certificates " "to an NSS database.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = cm_certsave_n_ready; state->pvt.get_fd = cm_certsave_n_get_fd; state->pvt.saved = cm_certsave_n_saved; state->pvt.conflict_subject = cm_certsave_n_conflict_subject; state->pvt.conflict_nickname = cm_certsave_n_conflict_nickname; state->pvt.permissions_error = cm_certsave_n_permissions_error; state->pvt.token_error = cm_certsave_n_token_error; state->pvt.pin_error = cm_certsave_n_pin_error; state->pvt.done= cm_certsave_n_done; state->entry = entry; state->subproc = cm_subproc_start(cm_certsave_n_main, state, NULL, entry, &settings); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/certsave-o.c0000644000175000017500000003672514511314133016452 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certsave.h" #include "certsave-int.h" #include "log.h" #include "pin.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-o.h" struct cm_certsave_state { struct cm_certsave_state_pvt pvt; struct cm_subproc_state *subproc; struct cm_store_entry *entry; }; static char * read_file_contents(const char *filename, char *what, PRBool critical) { FILE *fp; struct stat st; char *content = NULL; int i; unsigned int n; fp = fopen(filename, "r"); if (fp == NULL) { if ((errno == ENOENT) && !critical) { return NULL; } cm_log(1, "Error opening %s \"%s\" " "for reading: %s.\n", what, filename, strerror(errno)); switch (errno) { case EACCES: case EPERM: _exit(CM_CERTSAVE_STATUS_PERMS); break; default: _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); break; } } if (fstat(fileno(fp), &st) == -1) { cm_log(1, "Error opening %s \"%s\" " "for reading: %s.\n", what, filename, strerror(errno)); switch (errno) { case EACCES: case EPERM: _exit(CM_CERTSAVE_STATUS_PERMS); break; default: _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); break; } } content = malloc(st.st_size + 1); if (content == NULL) { cm_log(1, "Error allocating memory for %s \"%s\".\n", what, filename); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } n = 0; while (n < st.st_size) { i = fread(content + n, 1, st.st_size - n, fp); if (i <= 0) { cm_log(1, "Error reading %s \"%s\": %s.\n", what, filename, strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } n += i; } fclose(fp); content[st.st_size] = '\0'; if (st.st_size == 0) { free(content); return NULL; } return content; } static void write_file_contents(const char *filename, const char *contents, const char *what, PRBool is_key, struct cm_store_entry *entry) { FILE *fp; int i; unsigned int n, len; fp = fopen(filename, "w"); if (fp == NULL) { cm_log(1, "Error opening %s \"%s\" " "for writing: %s.\n", what, filename, strerror(errno)); switch (errno) { case EACCES: case EPERM: _exit(CM_CERTSAVE_STATUS_PERMS); break; default: _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); break; } } if (is_key) { util_set_fd_entry_key_owner(fileno(fp), filename, entry); } else { util_set_fd_entry_cert_owner(fileno(fp), filename, entry); } n = 0; len = strlen(contents); while (n < len) { i = fwrite(contents + n, 1, len - n, fp); if (i <= 0) { cm_log(1, "Error writing %s \"%s\": %s.\n", what, filename, strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } n += i; } fclose(fp); } static int cm_certsave_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { int status = -1; BIO *bio = NULL; FILE *pem; X509 *cert; char *next_keyfile = NULL, *old_keyfile = NULL, *serial = NULL; char *old_key = NULL, *next_key = NULL, *old_cert = NULL, *pin; unsigned char *bin; BIGNUM *bn; struct cm_pin_cb_data cb_data; EVP_PKEY *old_pkey = NULL; if (entry->cm_cert_storage_location == NULL) { cm_log(1, "Error saving certificate: no location " "specified.\n"); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } util_o_init(); /* If we're about to switch out the private key, because we're * rekeying, ... */ if ((entry->cm_key_storage_location != NULL) && (entry->cm_cert_storage_location != NULL) && (entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { /* ... read the candidate key file's contents and the old * certificate, along with the old key file's contents. */ next_keyfile = util_build_next_filename(entry->cm_key_storage_location, entry->cm_key_next_marker); if (next_keyfile == NULL) { cm_log(1, "Error building key file name " "for reading: %s.\n", strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } next_key = read_file_contents(next_keyfile, "next key file", PR_TRUE); old_key = read_file_contents(entry->cm_key_storage_location, "key file", PR_TRUE); old_cert = read_file_contents(entry->cm_cert_storage_location, "certificate file", PR_FALSE); } else if (entry->cm_key_storage_location != NULL) { /* Or just read the old file's contents. */ old_key = read_file_contents(entry->cm_key_storage_location, "key file", PR_TRUE); } /* Decrypt the old key. */ if (old_key != NULL) { bio = BIO_new_mem_buf(old_key, -1); } if (bio != NULL) { if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading key encryption PIN.\n"); _exit(CM_CERTSAVE_STATUS_AUTH); } memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; old_pkey = PEM_read_bio_PrivateKey(bio, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); if (old_pkey == NULL) { cm_log(1, "Internal error reading key from \"%s\".\n", entry->cm_key_storage_location); _exit(CM_CERTSAVE_STATUS_AUTH); /* XXX */ } else { if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to read private " "key '%s', though one was provided. " "Treating this as an error.\n", entry->cm_key_storage_location); _exit(CM_CERTSAVE_STATUS_AUTH); /* XXX */ } } } /* If we're meant to preserve keys that are no longer going to be used, * then we should have an old key and certificate. Use the * certificate's serial number to construct the file name to use for * storing the old key. */ if (entry->cm_key_preserve && (old_cert != NULL) && (old_key != NULL)) { bio = BIO_new_mem_buf(old_cert, -1); if (bio != NULL) { cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); if (cert != NULL) { bn = ASN1_INTEGER_to_BN(util_X509_get0_serialNumber(cert), NULL); if (bn != NULL) { bin = malloc(BN_num_bytes(bn)); if (bin != NULL) { BN_bn2bin(bn, bin); serial = cm_store_hex_from_bin(NULL, bin, BN_num_bytes(bn)); free(bin); } } if (serial != NULL) { old_keyfile = util_build_old_filename(entry->cm_key_storage_location, serial); if (old_keyfile == NULL) { cm_log(1, "Error building key file name " "for writing: %s.\n", strerror(errno)); _exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR); } } X509_free(cert); } BIO_free(bio); } } /* Save the certificate itself. */ bio = BIO_new_mem_buf(entry->cm_cert, -1); if (bio != NULL) { cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); if (cert != NULL) { /* Double-check that we're not trying to rotate in a * key that we won't actually be using. */ if ((old_pkey != NULL) && (EVP_PKEY_cmp(old_pkey, X509_get_pubkey(cert)) == 1)) { entry->cm_key_next_marker = NULL; if (next_key != NULL) { cm_log(1, "Public key was not changed.\n"); free(next_key); next_key = NULL; } if (next_keyfile != NULL) { cm_log(1, "Removing candidate private key.\n"); if (remove(next_keyfile) != 0) { cm_log(1, "Error removing \"%s\": %s.\n", next_keyfile, strerror(errno)); } free(next_keyfile); next_keyfile = NULL; } } /* Now move on to the saving. */ pem = fopen(entry->cm_cert_storage_location, "w"); if (pem != NULL) { if (PEM_write_X509(pem, cert) == 0) { switch (errno) { case EACCES: case EPERM: status = CM_CERTSAVE_STATUS_PERMS; break; default: status = CM_CERTSAVE_STATUS_INTERNAL_ERROR; break; } cm_log(1, "Error saving certificate " "to '%s': %s.\n", entry->cm_cert_storage_location, strerror(errno)); } else { /* If we're replacing the private key * too, handle that. */ if ((entry->cm_key_storage_location != NULL) && (next_key != NULL)) { /* If we're saving a copy of * the old key, take care of * that first. */ if ((old_keyfile != NULL) && (old_key != NULL)) { /* Remove anything by * the name we want * to use for storing * the old key. */ if (remove(old_keyfile) != 0) { cm_log(1, "Error removing \"%s\": %s.\n", old_keyfile, strerror(errno)); } /* Store the old key to * the file whose name * we constructed * earlier. */ write_file_contents(old_keyfile, old_key, "old key file", PR_TRUE, entry); } /* Overwrite the key file with * the new key. */ write_file_contents(entry->cm_key_storage_location, next_key, "key file", PR_TRUE, entry); if (remove(next_keyfile) != 0) { cm_log(1, "Error removing \"%s\": %s.\n", next_keyfile, strerror(errno)); } } else if ((entry->cm_key_storage_location != NULL) && (old_key != NULL)) { /* Overwrite the key file with * its own contents, to reuse * the logic that fixes up its * ownership and permissions. */ write_file_contents(entry->cm_key_storage_location, old_key, "key file", PR_TRUE, entry); } status = CM_CERTSAVE_STATUS_SAVED; } /* Fixup the ownership and permissions on the * certificate file. */ util_set_fd_entry_cert_owner(fileno(pem), entry->cm_cert_storage_location, entry); fclose(pem); } else { switch (errno) { case EACCES: case EPERM: status = CM_CERTSAVE_STATUS_PERMS; break; default: status = CM_CERTSAVE_STATUS_INTERNAL_ERROR; break; } cm_log(1, "Error saving certificate " "to '%s': %s.\n", entry->cm_cert_storage_location, strerror(errno)); } X509_free(cert); } else { cm_log(1, "Error parsing certificate for saving.\n"); status = CM_CERTSAVE_STATUS_INTERNAL_ERROR; } BIO_free(bio); } else { cm_log(1, "Error setting up to parse certificate.\n"); status = CM_CERTSAVE_STATUS_INTERNAL_ERROR; } if (old_pkey != NULL) { EVP_PKEY_free(old_pkey); } free(next_key); free(old_key); free(old_cert); free(next_keyfile); free(old_keyfile); if (status != 0) { _exit(status); } return 0; } /* Check if something changed, for example we finished saving the cert. */ static int cm_certsave_o_ready(struct cm_certsave_state *state) { return cm_subproc_ready(state->subproc); } /* Check if we saved the certificate -- the child exited with status 0. */ static int cm_certsave_o_saved(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_SAVED)) { return -1; } if ((state->entry->cm_key_next_marker != NULL) && (strlen(state->entry->cm_key_next_marker) > 0)) { state->entry->cm_key_requested_count = state->entry->cm_key_next_requested_count; state->entry->cm_key_next_requested_count = 0; state->entry->cm_key_generated_date = state->entry->cm_key_next_generated_date; state->entry->cm_key_next_generated_date = 0; state->entry->cm_key_issued_count = 1; } else { state->entry->cm_key_issued_count++; } state->entry->cm_key_next_marker = NULL; return 0; } /* Check if we failed because the subject was already there with a different * nickname. */ static int cm_certsave_o_conflict_subject(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_SUBJECT_CONFLICT)) { return -1; } return 0; } /* Check if we failed because the nickname was already taken by a different * subject. */ static int cm_certsave_o_conflict_nickname(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_NICKNAME_CONFLICT)) { return -1; } return 0; } /* Check if we failed because we couldn't read or write to the storage * location. */ static int cm_certsave_o_permissions_error(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_PERMS)) { return -1; } return 0; } /* Check if we failed because the right token wasn't present. */ static int cm_certsave_o_token_error(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_NO_TOKEN)) { return -1; } return 0; } /* Check if we failed because we didn't have the right PIN or password to * access the storage location. */ static int cm_certsave_o_pin_error(struct cm_certsave_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_CERTSAVE_STATUS_AUTH)) { return -1; } return 0; } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_certsave_o_get_fd(struct cm_certsave_state *state) { return cm_subproc_get_fd(state->subproc); } /* Clean up after saving the certificate. */ static void cm_certsave_o_done(struct cm_certsave_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start writing the certificate from the entry to the configured location. */ struct cm_certsave_state * cm_certsave_o_start(struct cm_store_entry *entry) { struct cm_certsave_state *state; if (entry->cm_cert_storage_type != cm_cert_storage_file) { cm_log(1, "Wrong save method: can only save certificates " "to files.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = cm_certsave_o_ready; state->pvt.get_fd = cm_certsave_o_get_fd; state->pvt.saved = cm_certsave_o_saved; state->pvt.done = cm_certsave_o_done; state->pvt.conflict_subject = cm_certsave_o_conflict_subject; state->pvt.conflict_nickname = cm_certsave_o_conflict_nickname; state->pvt.permissions_error = cm_certsave_o_permissions_error; state->pvt.token_error = cm_certsave_o_token_error; state->pvt.pin_error = cm_certsave_o_pin_error; state->entry = entry; state->subproc = cm_subproc_start(cm_certsave_o_main, state, NULL, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/certsave.c0000644000175000017500000000750114511314133016204 0ustar gitgit00000000000000/* * Copyright (C) 2009,2013 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include "certsave.h" #include "certsave-int.h" #include "prefs.h" #include "store-int.h" #include "talloc.h" /* Start writing the certificate from the entry to the configured location. */ struct cm_certsave_state * cm_certsave_start(struct cm_store_entry *entry) { /* If saving a SCEP certificate wipe out the challenge password */ if ((cm_prefs_scep_password_otp()) && (entry->cm_template_challenge_password != NULL) && (entry->cm_scep_nonce != NULL)) { talloc_free(entry->cm_template_challenge_password); entry->cm_template_challenge_password = NULL; talloc_free(entry->cm_template_challenge_password_file); entry->cm_template_challenge_password_file = NULL; } switch (entry->cm_cert_storage_type) { #ifdef HAVE_OPENSSL case cm_cert_storage_file: return cm_certsave_o_start(entry); break; #endif #ifdef HAVE_NSS case cm_cert_storage_nssdb: return cm_certsave_n_start(entry); break; #endif } return NULL; } /* Check if something changed, for example we finished saving the cert. */ int cm_certsave_ready(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->ready(state); } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_certsave_get_fd(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->get_fd(state); } /* Check if we saved the certificate. */ int cm_certsave_saved(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->saved(state); } /* Check if we failed due to a subject conflict. */ int cm_certsave_conflict_subject(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->conflict_subject(state); } /* Check if we failed due to a nickname conflict. */ int cm_certsave_conflict_nickname(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->conflict_nickname(state); } /* Check if we failed due to a permissions error. */ int cm_certsave_permissions_error(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->permissions_error(state); } /* Check if we failed because the storage token is not present. */ int cm_certsave_token_error(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->token_error(state); } /* Check if we failed because we're missing a PIN or password that's required * for accessing the data store. */ int cm_certsave_pin_error(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; return pvt->pin_error(state); } /* Clean up after saving the certificate. */ void cm_certsave_done(struct cm_certsave_state *state) { struct cm_certsave_state_pvt *pvt; pvt = (struct cm_certsave_state_pvt *) state; pvt->done(state); } certmonger-0.79.19/src/certsave.h0000644000175000017500000000427414511314133016215 0ustar gitgit00000000000000/* * Copyright (C) 2009,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcertsave_h #define cmcertsave_h struct cm_certsave_state; struct cm_store_entry; /* Start writing the certificate from the entry to the configured location. */ struct cm_certsave_state *cm_certsave_start(struct cm_store_entry *entry); struct cm_certsave_state *cm_certsave_n_start(struct cm_store_entry *entry); struct cm_certsave_state *cm_certsave_o_start(struct cm_store_entry *entry); /* Check if something changed, for example we finished saving the cert. */ int cm_certsave_ready(struct cm_certsave_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_certsave_get_fd(struct cm_certsave_state *state); /* Check if we saved the certificate. */ int cm_certsave_saved(struct cm_certsave_state *state); /* Check if we failed due to a subject name conflict. */ int cm_certsave_conflict_subject(struct cm_certsave_state *state); /* Check if we failed due to a nickname conflict. */ int cm_certsave_conflict_nickname(struct cm_certsave_state *state); /* Check if we failed due to a permissions error. */ int cm_certsave_permissions_error(struct cm_certsave_state *state); /* Check if we failed due to the storage token not being present. */ int cm_certsave_token_error(struct cm_certsave_state *state); /* Check if we failed due to not having the right PIN for accessing the * storage location. */ int cm_certsave_pin_error(struct cm_certsave_state *state); /* Clean up after saving the certificate. */ void cm_certsave_done(struct cm_certsave_state *state); #endif certmonger-0.79.19/src/cm.c0000644000175000017500000010146314511314133014771 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "cm.h" #include "log.h" #include "iterate.h" #include "netlink.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "tdbus.h" #include "tdbush.h" #include "tm.h" struct cm_context { int should_quit; int n_entries; struct cm_store_entry **entries; int n_cas; struct cm_store_ca **cas; struct cm_event { void *iterate_state; void *next_event; } *entry_events; struct cm_ca_event { void *iterate_state[cm_ca_phase_invalid]; void *next_event[cm_ca_phase_invalid]; } *ca_events; int netlink; void *netlink_tfd, *netlink_delayed_event; int idle_timeout; void *idle_event, *conn_ptr; char *server_address; struct { void *tfd; char *command; int fd; struct cm_subproc_state *state; } gate; }; static void *cm_service_entry(struct cm_context *context, struct timeval *now, int i); static void *cm_service_ca(struct cm_context *context, struct timeval *now, int i, enum cm_ca_phase phase); static void cm_fd_h(struct tevent_context *ec, struct tevent_fd *fde, uint16_t flags, void *pvt); static void cm_timer_h(struct tevent_context *ec, struct tevent_timer *te, struct timeval current_time, void *pvt); static void cm_break_h(struct tevent_context *ec, struct tevent_signal *se, int signum, int count, void *siginfo, void *ctx); static void cm_netlink_fd_h(struct tevent_context *ec, struct tevent_fd *fde, uint16_t flags, void *pvt); static void cm_timeout_h(struct tevent_context *ec, struct tevent_timer *te, struct timeval current_time, void *pvt); int cm_init(struct tevent_context *parent, struct cm_context **context, int idle_timeout, const char *gate_command) { struct cm_context *ctx; int i, j; enum cm_ca_phase phase; *context = NULL; ctx = talloc_ptrtype(parent, ctx); if (ctx == NULL) { return ENOMEM; } memset(ctx, 0, sizeof(*ctx)); /* Read the entries from the data store. */ ctx->entries = cm_store_get_all_entries(ctx); for (i = 0; (ctx->entries != NULL) && (ctx->entries[i] != NULL); i++) { continue; } ctx->n_entries = i; /* Allocate space for the tevents for each entry. */ ctx->entry_events = talloc_array_ptrtype(ctx, ctx->entry_events, ctx->n_entries); if (ctx->entry_events == NULL) { talloc_free(ctx); return ENOMEM; } memset(ctx->entry_events, 0, sizeof(ctx->entry_events[0]) * ctx->n_entries); /* Read the list of known CAs. */ ctx->cas = cm_store_get_all_cas(ctx); for (i = 0; (ctx->cas != NULL) && (ctx->cas[i] != NULL); i++) { continue; } ctx->n_cas = i; /* Allocate space for the tevents for each CA. */ ctx->ca_events = talloc_array_ptrtype(ctx, ctx->ca_events, ctx->n_cas); if (ctx->ca_events == NULL) { talloc_free(ctx); return ENOMEM; } memset(ctx->ca_events, 0, sizeof(ctx->ca_events[0]) * ctx->n_cas); /* Handle things which should get us to quit. */ tevent_add_signal(parent, ctx, SIGHUP, 0, cm_break_h, ctx); tevent_add_signal(parent, ctx, SIGINT, 0, cm_break_h, ctx); tevent_add_signal(parent, ctx, SIGTERM, 0, cm_break_h, ctx); /* Be ready for an idle timeout. */ ctx->idle_timeout = idle_timeout; ctx->idle_event = NULL; /* Be ready to launch a gating command. */ if (gate_command != NULL) { ctx->gate.command = talloc_strdup(ctx, gate_command); } /* Initialize state tracking, but don't set things in motion yet. */ for (i = 0; i < ctx->n_entries; i++) { memset(&ctx->entry_events[i], 0, sizeof(ctx->entry_events[i])); if (cm_iterate_entry_init(ctx->entries[i], &ctx->entry_events[i].iterate_state) != 0) { for (j = 0; j < i; j++) { cm_iterate_entry_done(ctx->entries[j], ctx->entry_events[j].iterate_state); ctx->entry_events[j].iterate_state = NULL; } talloc_free(ctx); return ENOMEM; } } for (i = 0; i < ctx->n_cas; i++) { memset(&ctx->ca_events[i], 0, sizeof(ctx->ca_events[i])); for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if (cm_iterate_ca_init(ctx->cas[i], phase, &ctx->ca_events[i].iterate_state[phase]) != 0) { do { phase--; cm_iterate_ca_done(ctx->cas[i], ctx->ca_events[i].iterate_state[phase]); ctx->ca_events[i].iterate_state[phase] = NULL; } while (phase > 0); for (j = 0; j < i; j++) { phase = cm_ca_phase_invalid; do { phase--; cm_iterate_ca_done(ctx->cas[j], ctx->ca_events[j].iterate_state[phase]); ctx->ca_events[j].iterate_state[phase] = NULL; } while (phase > 0); } talloc_free(ctx); return ENOMEM; } } } /* Start draining the netlink socket so that it doesn't get backed up * waiting for us to read notifications. */ ctx->netlink = cm_netlink_socket(); if (ctx->netlink != -1) { ctx->netlink_tfd = tevent_add_fd(parent, ctx, ctx->netlink, TEVENT_FD_READ, cm_netlink_fd_h, ctx); } /* Start out without a DBus connection. */ ctx->conn_ptr = NULL; *context = ctx; return 0; } static void cm_timer_h(struct tevent_context *ec, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct cm_context *context = pvt; int i, j; enum cm_ca_phase phase; for (i = 0; i < context->n_entries; i++) { if (context->entry_events[i].next_event == te) { talloc_free(te); context->entry_events[i].next_event = cm_service_entry(context, NULL, i); break; } } for (j = 0; j < context->n_cas; j++) { for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if (context->ca_events[j].next_event[phase] == te) { talloc_free(te); context->ca_events[j].next_event[phase] = cm_service_ca(context, NULL, j, phase); break; } } if (phase < cm_ca_phase_invalid) { break; } } if ((i >= context->n_entries) && (j >= context->n_cas)) { cm_log(3, "Bug: unowned timer fired.\n"); } } static void cm_timeout_h(struct tevent_context *ec, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct cm_context *context = pvt; if (context->idle_event != NULL) { talloc_free(context->idle_event); context->idle_event = NULL; } if (context->n_entries == 0) { cm_log(3, "Hit idle timer (%ds).\n", context->idle_timeout); context->should_quit++; } } void cm_reset_timeout(struct cm_context *context) { struct timeval now, then; if (context->idle_event != NULL) { cm_log(3, "Clearing previously-set idle timer.\n"); talloc_free(context->idle_event); context->idle_event = NULL; } if ((context->idle_timeout > 0) && (context->n_entries == 0)) { now = tevent_timeval_current(); then = tevent_timeval_add(&now, context->idle_timeout, 0); cm_log(3, "Setting idle timer (%ds).\n", context->idle_timeout); context->idle_event = tevent_add_timer(talloc_parent(context), context, then, cm_timeout_h, context); } else if (context->idle_timeout > 0) { cm_log(1, "There are active certificates and requests, " "ignoring idle timeout.\n"); context->idle_timeout = 0; } } static void cm_fd_h(struct tevent_context *ec, struct tevent_fd *fde, uint16_t flags, void *pvt) { struct cm_context *context = pvt; int i, j; enum cm_ca_phase phase; for (i = 0; i < context->n_entries; i++) { if (context->entry_events[i].next_event == fde) { talloc_free(fde); context->entry_events[i].next_event = cm_service_entry(context, NULL, i); break; } } for (j = 0; j < context->n_cas; j++) { for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if (context->ca_events[j].next_event[phase] == fde) { talloc_free(fde); context->ca_events[j].next_event[phase] = cm_service_ca(context, NULL, j, phase); break; } } if (phase < cm_ca_phase_invalid) { break; } } if ((i >= context->n_entries) && (j >= context->n_cas)) { cm_log(3, "Bug: unowned FD watch fired.\n"); } } static void cm_break_h(struct tevent_context *ec, struct tevent_signal *se, int signum, int count, void *siginfo, void *pvt) { struct cm_context *ctx = pvt; cm_log(3, "Got signal %d.\n", signum); ctx->should_quit++; } static void cm_netlink_delayed_h(struct tevent_context *ec, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct cm_context *ctx = pvt; int i; enum cm_ca_phase phase; for (i = 0; i < ctx->n_entries; i++) { if (ctx->entry_events[i].next_event != NULL) { switch (ctx->entries[i]->cm_state) { case CM_CA_UNREACHABLE: cm_restart_entry(ctx, ctx->entries[i]->cm_nickname); break; default: break; } } } for (i = 0; i < ctx->n_cas; i++) { for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if (ctx->ca_events[i].iterate_state[phase] != NULL) { switch (ctx->cas[i]->cm_ca_state[phase]) { case CM_CA_DATA_UNREACHABLE: cm_restart_ca(ctx, ctx->cas[i]->cm_nickname, phase); break; default: break; } } } } if (te == ctx->netlink_delayed_event) { talloc_free(ctx->netlink_delayed_event); ctx->netlink_delayed_event = NULL; } } static void cm_netlink_fd_h(struct tevent_context *ec, struct tevent_fd *fde, uint16_t flags, void *pvt) { struct cm_context *ctx = pvt; char buf[0x10000]; int len; struct timeval later; struct sockaddr_storage nlsrc; socklen_t nlsrclen; /* Shouldn't happen. */ if ((ctx == NULL) || (ctx->netlink < 0)) { return; } /* Drain the buffer. */ cm_log(3, "Got netlink traffic.\n"); memset(&nlsrc, 0, sizeof(nlsrc)); nlsrclen = sizeof(nlsrc); while ((len = recvfrom(ctx->netlink, buf, sizeof(buf), 0, (struct sockaddr *) &nlsrc, &nlsrclen)) != -1) { switch (len) { case 0: cm_log(3, "Got EOF from netlink socket.\n"); talloc_free(fde); close(ctx->netlink); ctx->netlink = -1; break; default: cm_log(3, "Got %d bytes from netlink socket.\n", len); break; } memset(&nlsrc, 0, sizeof(nlsrc)); nlsrclen = 0; if (ctx->netlink == -1) { break; } } /* Queue delayed processing. */ if (cm_netlink_pkt_is_route_change(buf, len, (struct sockaddr *) &nlsrc, nlsrclen) == 0) { talloc_free(ctx->netlink_delayed_event); later = tevent_timeval_current_ofs(CM_DELAY_NETLINK, 0); ctx->netlink_delayed_event = tevent_add_timer(talloc_parent(ctx), ctx, later, cm_netlink_delayed_h, ctx); } /* Sign off. */ if (len != 0) { cm_log(3, "No more netlink traffic (for now).\n"); } } struct cm_store_ca * cm_find_ca_by_entry(struct cm_context *c, struct cm_store_entry *entry) { return entry->cm_ca_nickname ? cm_get_ca_by_nickname(c, entry->cm_ca_nickname) : NULL; } static void * cm_service_entry(struct cm_context *context, struct timeval *current_time, int i) { int ret, delay, fd; struct timeval now, then; enum cm_time when; void *t; if (current_time != NULL) { now = *current_time; } else { now = tevent_timeval_current(); } fd = -1; ret = cm_iterate_entry(context->entries[i], cm_find_ca_by_entry(context, context->entries[i]), context, &cm_get_ca_by_index, &cm_get_n_cas, &cm_get_entry_by_index, &cm_get_n_entries, &cm_tdbush_property_emit_entry_saved_cert, &cm_tdbush_property_emit_entry_changes, context->entry_events[i].iterate_state, &when, &delay, &fd); t = NULL; if (ret == 0) { switch (when) { case cm_time_now: t = tevent_add_timer(talloc_parent(context), context, now, cm_timer_h, context); cm_log(3, "Will revisit %s('%s') now.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname); break; case cm_time_soon: then = tevent_timeval_add(&now, CM_DELAY_SOON, 0); t = tevent_add_timer(talloc_parent(context), context, then, cm_timer_h, context); cm_log(3, "Will revisit %s('%s') soon.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname); break; case cm_time_soonish: then = tevent_timeval_add(&now, CM_DELAY_SOONISH, 0); t = tevent_add_timer(talloc_parent(context), context, then, cm_timer_h, context); cm_log(3, "Will revisit %s('%s') soonish.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname); break; case cm_time_delay: then = tevent_timeval_add(&now, delay, 0); t = tevent_add_timer(talloc_parent(context), context, then, cm_timer_h, context); cm_log(3, "Will revisit %s('%s') in %d seconds.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname, delay); break; case cm_time_no_time: if (fd != -1) { t = tevent_add_fd(talloc_parent(context), context, fd, TEVENT_FD_READ, cm_fd_h, context); cm_log(3, "Will revisit %s('%s') on " "traffic from %d.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname, fd); } else { cm_log(3, "Waiting for instructions for " "%s('%s').\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname); t = NULL; } break; } } return t; } static void * cm_service_ca(struct cm_context *context, struct timeval *current_time, int i, enum cm_ca_phase phase) { int ret, delay, fd; struct timeval now, then; enum cm_time when; void *t; if (current_time != NULL) { now = *current_time; } else { now = tevent_timeval_current(); } fd = -1; ret = cm_iterate_ca(context->cas[i], context, &cm_get_ca_by_index, &cm_get_n_cas, &cm_get_entry_by_index, &cm_get_n_entries, &cm_tdbush_property_emit_ca_changes, context->ca_events[i].iterate_state[phase], &when, &delay, &fd); t = NULL; if (ret == 0) { switch (when) { case cm_time_now: t = tevent_add_timer(talloc_parent(context), context, now, cm_timer_h, context); cm_log(3, "Will revisit %s('%s').%s now.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase)); break; case cm_time_soon: then = tevent_timeval_add(&now, CM_DELAY_SOON, 0); t = tevent_add_timer(talloc_parent(context), context, then, cm_timer_h, context); cm_log(3, "Will revisit %s('%s').%s soon.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase)); break; case cm_time_soonish: then = tevent_timeval_add(&now, CM_DELAY_SOONISH, 0); t = tevent_add_timer(talloc_parent(context), context, then, cm_timer_h, context); cm_log(3, "Will revisit %s('%s').%s soonish.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase)); break; case cm_time_delay: then = tevent_timeval_add(&now, delay, 0); t = tevent_add_timer(talloc_parent(context), context, then, cm_timer_h, context); cm_log(3, "Will revisit %s('%s').%s in %d seconds.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase), delay); break; case cm_time_no_time: if (fd != -1) { t = tevent_add_fd(talloc_parent(context), context, fd, TEVENT_FD_READ, cm_fd_h, context); cm_log(3, "Will revisit %s('%s').%s on " "traffic from %d.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase), fd); } else { cm_log(3, "Waiting for instructions for " "%s('%s').%s.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase)); t = NULL; } break; } } return t; } int cm_keep_going(struct cm_context *context) { return context->should_quit; } int cm_add_entry(struct cm_context *context, struct cm_store_entry *new_entry) { struct cm_store_entry **entries; struct cm_event *events; int i; time_t now; char timestamp[15]; /* Check for duplicates and count the number of entries we're already * managing. */ if (new_entry->cm_nickname != NULL) { for (i = 0; i < context->n_entries; i++) { if (strcmp(context->entries[i]->cm_nickname, new_entry->cm_nickname) == 0) { return -1; } } } else { do { /* Try to assign a new ID. */ now = cm_time(NULL); new_entry->cm_nickname = cm_store_timestamp_from_time(now, timestamp); /* Check for duplicates. */ for (i = 0; i < context->n_entries; i++) { if (strcmp(context->entries[i]->cm_nickname, new_entry->cm_nickname) == 0) { /* Busy wait 0.1s. Ugh. */ usleep(100000); break; } } } while (i < context->n_entries); new_entry->cm_nickname = talloc_strdup(new_entry, new_entry->cm_nickname); } /* Resize the entry array. */ events = NULL; entries = talloc_realloc(context, context->entries, struct cm_store_entry *, context->n_entries + 1); if (entries != NULL) { /* Resize the entry state array. */ events = talloc_realloc(context, context->entry_events, struct cm_event, context->n_entries + 1); if (events != NULL) { /* Add the new entry to the array. */ talloc_steal(entries, new_entry); entries[context->n_entries] = new_entry; /* Clear the new entry event. */ memset(&events[context->n_entries], 0, sizeof(events[context->n_entries])); /* Update the pointers. */ context->entries = entries; context->entry_events = events; /* Update the recorded count of entries. */ context->n_entries++; } else { /* At least don't sabotage things. */ context->entries = entries; entries = NULL; } } cm_reset_timeout(context); if ((entries != NULL) && (events != NULL)) { /* Prepare to set this entry in motion. */ i = context->n_entries - 1; if (cm_start_entry(context, context->entries[i]->cm_nickname) == FALSE) { cm_log(3, "Error starting %s('%s'), please retry.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname); } /* Save this entry to the store, too. */ cm_store_entry_save(new_entry); return 0; } return -1; } static int cm_find_entry_by_nickname(struct cm_context *context, const char *nickname) { int i; for (i = 0; i < context->n_entries; i++) { if (strcmp(context->entries[i]->cm_nickname, nickname) == 0) { return i; } } return -1; } static int cm_find_ca_by_nickname(struct cm_context *context, const char *nickname) { int i; for (i = 0; i < context->n_cas; i++) { if (strcmp(context->cas[i]->cm_nickname, nickname) == 0) { return i; } } return -1; } static void cm_gate_fd_h(struct tevent_context *ec, struct tevent_fd *fde, uint16_t flags, void *pvt) { struct cm_context *ctx = pvt; int length, status; const char *msg; talloc_free(ctx->gate.tfd); if (cm_subproc_ready(ctx->gate.state) == 0) { msg = cm_subproc_get_msg(ctx->gate.state, &length); if (length > 0) { cm_log(0, "Failed to start command '%s': %s.\n", ctx->gate.command, strerror((unsigned int) msg[0])); } else { status = cm_subproc_get_exitstatus(ctx->gate.state); if (WIFEXITED(status)) { cm_log(1, "Command '%s' exited, status %d.\n", ctx->gate.command, WEXITSTATUS(status)); } else { cm_log(0, "Command '%s' exited abnormally.\n", ctx->gate.command); } } ctx->should_quit++; ctx->gate.tfd = NULL; } else { cm_log(1, "Command '%s' output error data, but is still " "running.\n", ctx->gate.command); ctx->gate.tfd = tevent_add_fd(ec, ctx, ctx->gate.fd, TEVENT_FD_READ, cm_gate_fd_h, ctx); } } static int cm_gate_run(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data) { struct cm_context *ctx = data; char **argv; const char *error = NULL; unsigned char u; cm_subproc_mark_most_cloexec(fd, STDOUT_FILENO, STDERR_FILENO); argv = cm_subproc_parse_args(NULL, ctx->gate.command, &error); if (argv == NULL) { cm_log(1, "Error parsing '%s'.\n", ctx->gate.command); return -1; } cm_log(1, "Running gate command \"%s\" (\"%s\").\n", argv[0], ctx->gate.command); if (ctx->server_address != NULL) { setenv(CERTMONGER_PVT_ADDRESS_ENV, ctx->server_address, 1); } signal(SIGHUP, SIG_DFL); signal(SIGINT, SIG_DFL); signal(SIGTERM, SIG_DFL); execvp(argv[0], argv); u = errno; if (write(fd, &u, 1) != 1) { cm_log(1, "Error sending exec() error to parent.\n"); } return u; } int cm_start_all(struct cm_context *context) { int i; enum cm_ca_phase phase; if (context->gate.command != NULL) { context->gate.state = cm_subproc_start(cm_gate_run, context, NULL, NULL, context); if (context->gate.state == NULL) { cm_log(1, "Error starting '%s', please try again.\n", context->gate.command); return -1; } i = cm_subproc_get_fd(context->gate.state); if (i == -1) { cm_log(1, "Error starting '%s', please try again.\n", context->gate.command); return -1; } context->gate.fd = i; context->gate.tfd = tevent_add_fd(talloc_parent(context), context, i, TEVENT_FD_READ, cm_gate_fd_h, context); cm_log(3, "Command '%s' on FD %d.\n", context->gate.command, i); } for (i = 0; i < context->n_entries; i++) { if ((context->entry_events[i].iterate_state == NULL) && (cm_iterate_entry_init(context->entries[i], &context->entry_events[i].iterate_state)) != 0) { cm_log(1, "Error starting %s('%s'), " "please try again.\n", context->entries[i]->cm_busname, context->entries[i]->cm_nickname); } else { context->entry_events[i].next_event = cm_service_entry(context, NULL, i); } } for (i = 0; i < context->n_cas; i++) { for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if ((context->ca_events[i].iterate_state[phase] == NULL) && (cm_iterate_ca_init(context->cas[i], phase, &context->ca_events[i].iterate_state[phase])) != 0) { cm_log(1, "Error starting %s('%s')-%s, " "please try again.\n", context->cas[i]->cm_busname, context->cas[i]->cm_nickname, cm_store_ca_phase_as_string(phase)); } else { context->ca_events[i].next_event[phase] = cm_service_ca(context, NULL, i, phase); } } } cm_reset_timeout(context); return 0; } void cm_stop_all(struct cm_context *context) { int i; enum cm_ca_phase phase; for (i = 0; i < context->n_entries; i++) { talloc_free(context->entry_events[i].next_event); context->entry_events[i].next_event = NULL; cm_iterate_entry_done(context->entries[i], context->entry_events[i].iterate_state); context->entry_events[i].iterate_state = NULL; cm_store_entry_save(context->entries[i]); } for (i = 0; i < context->n_cas; i++) { for (phase = 0; phase < cm_ca_phase_invalid; phase++) { talloc_free(context->ca_events[i].next_event[phase]); context->ca_events[i].next_event[phase] = NULL; cm_iterate_ca_done(context->cas[i], context->ca_events[i].iterate_state[phase]); context->ca_events[i].iterate_state[phase] = NULL; } cm_store_ca_save(context->cas[i]); } if (context->gate.state != NULL) { cm_subproc_done(context->gate.state); } } dbus_bool_t cm_start_entry(struct cm_context *context, const char *nickname) { int i; i = cm_find_entry_by_nickname(context, nickname); if (i != -1) { if (cm_iterate_entry_init(context->entries[i], &context->entry_events[i].iterate_state) == 0) { context->entry_events[i].next_event = cm_service_entry(context, NULL, i); cm_log(3, "Started %s('%s').\n", context->entries[i]->cm_busname, nickname); return TRUE; } else { cm_log(3, "Error starting %s('%s'), please retry.\n", context->entries[i]->cm_busname, nickname); return FALSE; } } else { cm_log(3, "No entry matching nickname '%s'.\n", nickname); return FALSE; } } dbus_bool_t cm_stop_entry(struct cm_context *context, const char *nickname) { int i; i = cm_find_entry_by_nickname(context, nickname); if (i != -1) { talloc_free(context->entry_events[i].next_event); context->entry_events[i].next_event = NULL; cm_iterate_entry_done(context->entries[i], context->entry_events[i].iterate_state); context->entry_events[i].iterate_state = NULL; cm_store_entry_save(context->entries[i]); cm_log(3, "Stopped %s('%s').\n", context->entries[i]->cm_busname, nickname); return TRUE; } else { cm_log(3, "No entry matching nickname '%s'.\n", nickname); return FALSE; } } int cm_remove_entry(struct cm_context *context, const char *nickname) { int i, rv = -1; if (cm_stop_entry(context, nickname)) { i = cm_find_entry_by_nickname(context, nickname); if (i != -1) { if (cm_store_entry_delete(context->entries[i]) == 0) { /* Free the entry. */ talloc_free(context->entries[i]); /* Shorten up the arrays of entries and event * information. */ memmove(context->entries + i, context->entries + i + 1, (context->n_entries - i - 1) * sizeof(context->entries[i])); memmove(context->entry_events + i, context->entry_events + i + 1, (context->n_entries - i - 1) * sizeof(context->entry_events[i])); context->n_entries--; rv = 0; } else { rv = -1; } } } cm_reset_timeout(context); return rv; } dbus_bool_t cm_restart_entry(struct cm_context *context, const char *nickname) { return cm_stop_entry(context, nickname) && cm_start_entry(context, nickname); } dbus_bool_t cm_restart_entries_by_ca(struct cm_context *context, const char *nickname) { struct cm_store_entry *entry; dbus_bool_t status = FALSE, this; int i, n = 0; for (i = 0; i < context->n_entries; i++) { entry = context->entries[i]; if ((entry->cm_ca_nickname != NULL) && (strcmp(entry->cm_ca_nickname, nickname) == 0)) { this = cm_restart_entry(context, entry->cm_nickname); status = n++ ? this && status : this; } } return status; } struct cm_store_entry * cm_get_entry_by_busname(struct cm_context *context, const char *name) { int i; for (i = 0; i < context->n_entries; i++) { if (strcmp(context->entries[i]->cm_busname, name) == 0) { return context->entries[i]; } } return NULL; } struct cm_store_entry * cm_get_entry_by_nickname(struct cm_context *context, const char *nickname) { int i; for (i = 0; i < context->n_entries; i++) { if (strcmp(context->entries[i]->cm_nickname, nickname) == 0) { return context->entries[i]; } } return NULL; } struct cm_store_entry * cm_get_entry_by_index(struct cm_context *context, int i) { if (i < context->n_entries) { return context->entries[i]; } return NULL; } int cm_get_n_entries(struct cm_context *context) { return context->n_entries; } int cm_add_ca(struct cm_context *context, struct cm_store_ca *new_ca) { struct cm_store_ca **cas; struct cm_ca_event *events; int i; time_t now; char timestamp[15]; enum cm_ca_phase phase; /* Check for duplicates and count the number of CAs we're already * managing. */ if (new_ca->cm_nickname != NULL) { for (i = 0; i < context->n_cas; i++) { if (strcmp(context->cas[i]->cm_nickname, new_ca->cm_nickname) == 0) { return -1; } } } else { do { /* Try to assign a new nickname. */ now = cm_time(NULL); new_ca->cm_nickname = cm_store_timestamp_from_time(now, timestamp); /* Check for duplicates. */ for (i = 0; i < context->n_cas; i++) { if (strcmp(context->cas[i]->cm_nickname, new_ca->cm_nickname) == 0) { /* Busy wait 0.1s. Ugh. */ usleep(100000); break; } } } while (i < context->n_cas); new_ca->cm_nickname = talloc_strdup(new_ca, new_ca->cm_nickname); } /* Allocate storage for a new CA array. */ cas = talloc_realloc(context, context->cas, struct cm_store_ca *, context->n_cas + 1); events = talloc_realloc(context, context->ca_events, struct cm_ca_event, context->n_cas + 1); if ((cas != NULL) && (events != NULL)) { /* Save this entry to the store. */ cm_store_ca_save(new_ca); cas[context->n_cas] = new_ca; talloc_steal(cas, new_ca); context->cas = cas; memset(&events[context->n_cas], 0, sizeof(events[context->n_cas])); context->ca_events = events; /* Update the recorded count of CAs. */ context->n_cas++; /* Start the CA's data fetchers. */ for (phase = 0; phase < cm_ca_phase_invalid; phase++) { cm_start_ca(context, new_ca->cm_nickname, phase); } return 0; } if (cas != NULL) { context->cas = cas; } if (events != NULL) { context->ca_events = events; } return -1; } dbus_bool_t cm_start_ca(struct cm_context *context, const char *nickname, enum cm_ca_phase phase) { int i; i = cm_find_ca_by_nickname(context, nickname); if (i != -1) { if (cm_iterate_ca_init(context->cas[i], phase, &context->ca_events[i].iterate_state[phase]) == 0) { context->ca_events[i].next_event[phase] = cm_service_ca(context, NULL, i, phase); cm_log(3, "Started CA %s('%s')-%s.\n", context->cas[i]->cm_busname, nickname, cm_store_ca_phase_as_string(phase)); return TRUE; } else { cm_log(3, "Error starting CA %s('%s')-%s, please retry.\n", context->cas[i]->cm_busname, nickname, cm_store_ca_phase_as_string(phase)); return FALSE; } } else { cm_log(3, "No CA matching nickname '%s'.\n", nickname); return FALSE; } } dbus_bool_t cm_stop_ca(struct cm_context *context, const char *nickname, enum cm_ca_phase phase) { int i; i = cm_find_ca_by_nickname(context, nickname); if (i != -1) { talloc_free(context->ca_events[i].next_event[phase]); context->ca_events[i].next_event[phase] = NULL; cm_iterate_ca_done(context->cas[i], context->ca_events[i].iterate_state[phase]); context->ca_events[i].iterate_state[phase] = NULL; cm_store_ca_save(context->cas[i]); cm_log(3, "Stopped CA %s('%s')-%s.\n", context->cas[i]->cm_busname, nickname, cm_store_ca_phase_as_string(phase)); return TRUE; } else { cm_log(3, "No CA matching nickname '%s'.\n", nickname); return FALSE; } } dbus_bool_t cm_restart_ca(struct cm_context *context, const char *nickname, enum cm_ca_phase phase) { return cm_stop_ca(context, nickname, phase) && cm_start_ca(context, nickname, phase); } struct cm_store_ca * cm_get_ca_by_busname(struct cm_context *context, const char *name) { int i; for (i = 0; i < context->n_cas; i++) { if (strcmp(context->cas[i]->cm_busname, name) == 0) { return context->cas[i]; } } return NULL; } struct cm_store_ca * cm_get_ca_by_nickname(struct cm_context *context, const char *nickname) { int i; for (i = 0; i < context->n_cas; i++) { if (strcmp(context->cas[i]->cm_nickname, nickname) == 0) { return context->cas[i]; } } return NULL; } struct cm_store_ca * cm_get_ca_by_index(struct cm_context *context, int i) { if (i < context->n_cas) { return context->cas[i]; } return NULL; } int cm_get_n_cas(struct cm_context *context) { return context->n_cas; } int cm_remove_ca(struct cm_context *context, const char *nickname) { int i; enum cm_ca_phase phase; i = cm_find_ca_by_nickname(context, nickname); if (i != -1) { for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if (!cm_stop_ca(context, nickname, phase)) { break; } } if (phase != cm_ca_phase_invalid) { cm_log(3, "Error stopping CA '%s'-%s, please retry.\n", nickname, cm_store_ca_phase_as_string(phase)); return -1; } if (cm_store_ca_delete(context->cas[i]) == 0) { /* Free the entry. */ talloc_free(context->cas[i]); /* Shorten up the arrays of CAs and event * information. */ memmove(context->cas + i, context->cas + i + 1, (context->n_cas - i - 1) * sizeof(context->cas[i])); memmove(context->ca_events + i, context->ca_events + i + 1, (context->n_cas - i - 1) * sizeof(context->ca_events[i])); context->n_cas--; return 0; } else { return -1; } } return -1; } void * cm_get_conn_ptr(struct cm_context *context) { return context->conn_ptr; } void cm_set_conn_ptr(struct cm_context *context, void *ptr) { context->conn_ptr = ptr; } const char * cm_get_server_address(struct cm_context *context) { return context->server_address; } void cm_set_server_address(struct cm_context *context, const char *address) { context->server_address = talloc_strdup(context, address); } certmonger-0.79.19/src/cm.h0000644000175000017500000000557714511314133015007 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcm_h #define cmcm_h struct cm_context; struct cm_store_entry; struct cm_store_ca; struct tevent_context; enum cm_ca_phase; int cm_init(struct tevent_context *parent, struct cm_context **context, int idle_timeout, const char *gate_command); int cm_start_all(struct cm_context *context); void cm_reset_timeout(struct cm_context *context); int cm_keep_going(struct cm_context *context); void cm_stop_all(struct cm_context *context); int cm_get_n_entries(struct cm_context *context); struct cm_store_entry *cm_get_entry_by_index(struct cm_context *c, int i); struct cm_store_entry *cm_get_entry_by_nickname(struct cm_context *c, const char *nickname); struct cm_store_entry *cm_get_entry_by_busname(struct cm_context *c, const char *busname); int cm_add_entry(struct cm_context *context, struct cm_store_entry *new_entry); int cm_remove_entry(struct cm_context *context, const char *nickname); int cm_get_n_cas(struct cm_context *context); struct cm_store_ca *cm_get_ca_by_index(struct cm_context *c, int i); struct cm_store_ca *cm_get_ca_by_nickname(struct cm_context *c, const char *nickname); struct cm_store_ca *cm_get_ca_by_busname(struct cm_context *c, const char *busname); int cm_add_ca(struct cm_context *context, struct cm_store_ca *new_ca); int cm_remove_ca(struct cm_context *context, const char *nickname); dbus_bool_t cm_restart_entry(struct cm_context *c, const char *nickname); dbus_bool_t cm_restart_entries_by_ca(struct cm_context *c, const char *nickname); dbus_bool_t cm_stop_entry(struct cm_context *c, const char *nickname); dbus_bool_t cm_start_entry(struct cm_context *c, const char *nickname); dbus_bool_t cm_restart_ca(struct cm_context *c, const char *nickname, enum cm_ca_phase); dbus_bool_t cm_stop_ca(struct cm_context *c, const char *nickname, enum cm_ca_phase); dbus_bool_t cm_start_ca(struct cm_context *c, const char *nickname, enum cm_ca_phase); void *cm_get_conn_ptr(struct cm_context *context); void cm_set_conn_ptr(struct cm_context *context, void *ptr); const char *cm_get_server_address(struct cm_context *context); void cm_set_server_address(struct cm_context *context, const char *address); #endif certmonger-0.79.19/src/csrgen-int.h0000644000175000017500000000300114511314133016435 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcsrgenint_h #define cmcsrgenint_h struct cm_csrgen_state_pvt { /* Check if a CSR is ready. */ int (*ready)(struct cm_csrgen_state *state); /* Get a selectable-for-read descriptor which will either have data or * be closed when status changes. */ int (*get_fd)(struct cm_csrgen_state *state); /* Save the CSR to the entry. */ int (*save_csr)(struct cm_csrgen_state *state); /* Check if we need a PIN (or a new PIN) to get at the key material. */ int (*need_pin)(struct cm_csrgen_state *state); /* Check if we need the token to be inserted to get at the key * material. */ int (*need_token)(struct cm_csrgen_state *state); /* Clean up after CSR generation. */ void (*done)(struct cm_csrgen_state *state); }; int cm_csrgen_read_challenge_password(struct cm_store_entry *entry, char **password); #endif certmonger-0.79.19/src/csrgen-n.c0000644000175000017500000010133514511314133016104 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certext.h" #include "csrgen.h" #include "csrgen-int.h" #include "keygen.h" #include "keyiread-n.h" #include "log.h" #include "pin.h" #include "prefs-n.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-m.h" #include "util-n.h" struct cm_csrgen_state { struct cm_csrgen_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; /* Ad-hoc. */ static const SEC_ASN1Template cm_csrgen_n_cert_tmpattr_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(CERTAttribute), }, { .kind = SEC_ASN1_OBJECT_ID, .offset = offsetof(CERTAttribute, attrType), .sub = NULL, .size = sizeof(SECItem), }, { .kind = SEC_ASN1_SET_OF, .offset = offsetof(CERTAttribute, attrValue), .sub = &SEC_OctetStringTemplate, .size = 0, }, {0, 0, NULL, 0}, }; static const SEC_ASN1Template cm_csrgen_n_set_of_cert_tmpattr_template[] = { { .kind = SEC_ASN1_SET_OF, .offset = 0, .sub = cm_csrgen_n_cert_tmpattr_template, .size = 0, }, }; static const SEC_ASN1Template cm_csrgen_n_cert_pkac_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(CERTPublicKeyAndChallenge), }, { .kind = SEC_ASN1_ANY, .offset = offsetof(CERTPublicKeyAndChallenge, spki), .sub = NULL, .size = sizeof(SECItem), }, { .kind = SEC_ASN1_IA5_STRING, .offset = offsetof(CERTPublicKeyAndChallenge, challenge), .sub = &SEC_IA5StringTemplate, .size = sizeof(SECItem), }, {0, 0, NULL, 0}, }; static int compare_items(const void *a, const void *b) { return SECITEM_CompareItem(a, b); } static SECItem * cm_csrgen_n_attributes(struct cm_store_entry *entry, NSSInitContext *ctx, PLArenaPool *arena) { SECItem encoded_exts, *exts[2]; unsigned char *extensions; char *nickname; size_t extensions_length; CERTAttribute attr[3]; SECOidData *oid; SECItem *item, friendly, *friendlies[2], encoded, encattr[3], plain; SECItem *encattrs[4], **encattrs_ptr, password, *passwords[2], bmp; char *challenge_password; int i, n_attrs; i = 0; /* Build an attribute to hold the friendly name. */ oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_FRIENDLY_NAME); if (oid != NULL) { if (entry->cm_cert_nickname != NULL) { nickname = entry->cm_cert_nickname; } else if (entry->cm_key_nickname != NULL) { nickname = entry->cm_key_nickname; } else { nickname = entry->cm_nickname; } if (nickname != NULL) { memset(&bmp, 0, sizeof(bmp)); if ((cm_store_utf8_to_bmp_string(nickname, &bmp.data, &bmp.len) == 0) && (SEC_ASN1EncodeItem(arena, &friendly, &bmp, SEC_BMPStringTemplate) == &friendly)) { friendlies[0] = &friendly; friendlies[1] = NULL; attr[i].attrType = oid->oid; attr[i].attrValue = friendlies; i++; } free(bmp.data); } } /* Build the extension list. */ extensions = NULL; cm_certext_build_csr_extensions(entry, ctx, &extensions, &extensions_length); /* Build an attribute to hold the extensions. */ if ((extensions != NULL) && (extensions_length > 0)) { encoded_exts.data = extensions; encoded_exts.len = extensions_length; exts[0] = &encoded_exts; exts[1] = NULL; oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST); if (oid != NULL) { attr[i].attrType = oid->oid; attr[i].attrValue = exts; i++; } } /* Build an attribute to hold the challenge password. */ cm_csrgen_read_challenge_password(entry, &challenge_password); oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_CHALLENGE_PASSWORD); if (oid != NULL) { memset(&plain, 0, sizeof(plain)); plain.data = (unsigned char *) challenge_password; if (plain.data != NULL) { plain.len = strlen(challenge_password); if (SEC_ASN1EncodeItem(arena, &password, &plain, SEC_PrintableStringTemplate) == &password) { passwords[0] = &password; passwords[1] = NULL; attr[i].attrType = oid->oid; attr[i].attrValue = passwords; i++; } else if (SEC_ASN1EncodeItem(arena, &password, &plain, SEC_UTF8StringTemplate) == &password) { passwords[0] = &password; passwords[1] = NULL; attr[i].attrType = oid->oid; attr[i].attrValue = passwords; i++; } } } n_attrs = i; for (i = 0; i < n_attrs; i++) { memset(&encattr[i], 0, sizeof(encattr[i])); if (SEC_ASN1EncodeItem(arena, &encattr[i], &attr[i], cm_csrgen_n_cert_tmpattr_template) != &encattr[i]) { break; } } if (i == n_attrs) { qsort(&encattr[0], n_attrs, sizeof(encattr[0]), compare_items); for (i = 0; i < n_attrs; i++) { encattrs[i] = &encattr[i]; } encattrs[i] = NULL; encattrs_ptr = &encattrs[0]; if (SEC_ASN1EncodeItem(arena, &encoded, &encattrs_ptr, SEC_SetOfAnyTemplate) == &encoded) { item = SECITEM_ArenaDupItem(arena, &encoded); } else { cm_log(1, "Error encoding set of request attributes.\n"); item = NULL; } } else { item = NULL; } return item; } static int cm_csrgen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { FILE *status; SECStatus error; struct cm_keyiread_n_ctx_and_keys *keys; SECKEYPrivateKey *privkey; SECKEYPublicKey *pubkey; CERTSubjectPublicKeyInfo *spki; CERTPublicKeyAndChallenge pkac; CERTCertificateRequest *req; CERTCertificate *minicert; CERTValidity *validity; CERTSignedData sreq, spkac, sminicert; CERTName *name; PLArenaPool *arena; PRExplodedTime exploded; PRTime vstart, vend; SECItem ereq, esreq, epkac, espkac, eminicert, esminicert; SECItem *attrs, item, utf8, nowe; int ec; char *b64, *b642, *b643, *now, *p, *q, *challenge_password; const char *es, *spkihex, *spkidec; unsigned char spkidigest[CM_DIGEST_MAX + 1]; SECOidData *sigoid; /* Allocate an arena pool and a place to write status updates. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Out of memory?.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } status = fdopen(fd, "w"); if (status == NULL) { cm_log(1, "Internal error: %s.\n", strerror(errno)); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Start up NSS and find the key pair. */ keys = cm_keyiread_n_get_keys(entry, 0); if (keys == NULL) { cm_log(1, "Error finding key pair for %s('%s').\n", entry->cm_busname, entry->cm_nickname); PORT_FreeArena(arena, PR_TRUE); _exit(CM_SUB_STATUS_ERROR_NO_TOKEN); } /* Select the right key pair. */ if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { privkey = keys->privkey_next; pubkey = keys->pubkey_next; } else { privkey = keys->privkey; pubkey = keys->pubkey; } /* Select a subject name. */ name = NULL; if ((entry->cm_template_subject_der != NULL) && (strlen(entry->cm_template_subject_der) != 0)) { memset(&item, 0, sizeof(item)); item.len = strlen(entry->cm_template_subject_der) / 2; item.data = malloc(item.len); if (item.data != NULL) { item.len = cm_store_hex_to_bin(entry->cm_template_subject_der, item.data, item.len); name = PORT_ArenaZNew(arena, CERTName); if (name != NULL) { if (SEC_ASN1DecodeItem(arena, name, CERT_NameTemplate, &item) != SECSuccess) { name = NULL; } } } if (name == NULL) { cm_log(1, "Error parsing requested subject \"%s\".\n", entry->cm_template_subject_der); } } if ((name == NULL) && (entry->cm_template_subject != NULL) && (strlen(entry->cm_template_subject) != 0)) { name = CERT_AsciiToName(entry->cm_template_subject); if (name == NULL) { /* Force it. */ memset(&item, 0, sizeof(item)); item.data = (unsigned char *) entry->cm_template_subject; item.len = strlen(entry->cm_template_subject); memset(&utf8, 0, sizeof(utf8)); if (SEC_ASN1EncodeItem(arena, &utf8, &item, SEC_PrintableStringTemplate) == &utf8) { q = cm_store_hex_from_bin(entry, utf8.data, utf8.len); if (q != NULL) { p = talloc_asprintf(q, "CN=#%s", q); if (p != NULL) { name = CERT_AsciiToName(p); } talloc_free(q); } } } if (name == NULL) { cm_log(1, "Error parsing requested subject name \"%s\".\n", entry->cm_template_subject); } } if (name == NULL) { name = CERT_AsciiToName("CN=" CM_DEFAULT_CERT_SUBJECT_CN); if (name == NULL) { cm_log(1, "Error parsing requested subject name \"%s\".\n", "CN=" CM_DEFAULT_CERT_SUBJECT_CN); } } if (name == NULL) { if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Find the public key. */ if (pubkey == NULL) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error retrieving public key: %s.\n", es); } else { cm_log(1, "Error retrieving public key: %d.\n", ec); } if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Generate a subjectPublicKeyInfo. */ spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); if (spki == NULL) { ec = PORT_GetError(); if (ec == 0) { cm_log(1, "Error building spki value.\n"); } else { cm_log(1, "Error building spki value: %s.\n", PR_ErrorToName(ec)); } if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Build the request. */ req = CERT_CreateCertificateRequest(name, spki, NULL); if (req == NULL) { ec = PORT_GetError(); if (ec == 0) { cm_log(1, "Error building certificate request.\n"); } else { cm_log(1, "Error building certificate request: %s.\n", PR_ErrorToName(ec)); } if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Generate requested values for various extensions and a friendly * name. */ attrs = cm_csrgen_n_attributes(entry, keys->ctx, arena); if ((attrs == NULL) || (SEC_ASN1DecodeItem(arena, &req->attributes, cm_csrgen_n_set_of_cert_tmpattr_template, attrs) != SECSuccess)) { req->attributes = NULL; } /* req->arena = arena; req->subjectPublicKeyInfo = *spki; redundant? */ if (SEC_ASN1EncodeInteger(arena, &req->version, SEC_CERTIFICATE_REQUEST_VERSION) != &req->version) { cm_log(1, "Error encoding certificate request version.\n"); } /* Encode the request. */ if (SEC_ASN1EncodeItem(arena, &ereq, req, CERT_CertificateRequestTemplate) != &ereq) { cm_log(1, "Error encoding certificate request.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Build the PublicKeyAndChallenge. */ memset(&pkac, 0, sizeof(pkac)); if (SEC_ASN1EncodeItem(arena, &pkac.spki, spki, CERT_SubjectPublicKeyInfoTemplate) != &pkac.spki) { cm_log(1, "Error encoding subject public key info.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (cm_csrgen_read_challenge_password(entry, &challenge_password) != 0) { cm_log(1, "Error reading challenge password file.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_ERROR_AUTH); } pkac.challenge.data = (unsigned char *) challenge_password; pkac.challenge.len = challenge_password ? strlen(challenge_password) : 0; /* Encode the PublicKeyAndChallenge. */ if (SEC_ASN1EncodeItem(arena, &epkac, &pkac, cm_csrgen_n_cert_pkac_template) != &epkac) { cm_log(1, "Error encoding public key and challenge.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Sign the request using the private key. */ sigoid = SECOID_FindOIDByTag(cm_prefs_nss_sig_alg(privkey)); memset(&sreq, 0, sizeof(sreq)); sreq.data = ereq; if (SECOID_SetAlgorithmID(arena, &sreq.signatureAlgorithm, sigoid->offset, NULL) != SECSuccess) { cm_log(1, "Error setting up algorithm ID for signing the " "certificate request.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (SEC_SignData(&sreq.signature, sreq.data.data, sreq.data.len, privkey, sigoid->offset) != SECSuccess) { cm_log(1, "Error signing certificate request with the client's " "key using \"%s\": %s.\n", sigoid->desc, PR_ErrorToName(PORT_GetError())); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Sign the PublicKeyAndChallenge using the private key. */ memset(&spkac, 0, sizeof(spkac)); spkac.data = epkac; if (SECOID_SetAlgorithmID(arena, &spkac.signatureAlgorithm, sigoid->offset, NULL) != SECSuccess) { cm_log(1, "Error setting up algorithm ID for signing the " "certificate request.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (SEC_SignData(&spkac.signature, spkac.data.data, spkac.data.len, privkey, sigoid->offset) != SECSuccess) { cm_log(1, "Error signing public-key-and-challenge with " "the client's key using \"%s\": %s.\n", sigoid->desc, PR_ErrorToName(PORT_GetError())); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Encode the signed request. */ sreq.signature.len *= 8; if (SEC_ASN1EncodeItem(arena, &esreq, &sreq, CERT_SignedDataTemplate) != &esreq) { cm_log(1, "Error encoding signed certificate request.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Encode the signed public key and challenge. */ spkac.signature.len *= 8; if (SEC_ASN1EncodeItem(arena, &espkac, &spkac, CERT_SignedDataTemplate) != &espkac) { cm_log(1, "Error encoding signed public key and challenge.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Generate the SCEP transaction ID. */ spkidec = ""; memset(spkidigest, 0, sizeof(spkidigest)); if (PK11_HashBuf(cm_prefs_nss_dig_alg(), spkidigest + 1, pkac.spki.data, pkac.spki.len) == SECSuccess) { spkihex = cm_store_hex_from_bin(NULL, spkidigest + 1, cm_prefs_nss_dig_alg_len()); if (spkihex != NULL) { spkidec = util_dec_from_hex(spkihex); } } /* Generate a "mini" certificate. */ memset(&exploded, 0, sizeof(exploded)); PR_ExplodeTime(PR_Now(), PR_GMTParameters, &exploded); exploded.tm_usec = 0; exploded.tm_sec = 0; exploded.tm_min = 0; exploded.tm_hour = 0; vstart = PR_ImplodeTime(&exploded); exploded.tm_year += 100; vend = PR_ImplodeTime(&exploded); validity = CERT_CreateValidity(vstart, vend); now = talloc_asprintf(entry, "%04d%02d%02d000000Z", exploded.tm_year - 100, exploded.tm_month + 1, exploded.tm_mday); memset(&nowe, 0, sizeof(nowe)); nowe.type = siGeneralizedTime; nowe.data = (unsigned char *) now; nowe.len = strlen(now); validity->notBefore = nowe; now = talloc_asprintf(entry, "%04d%02d%02d000000Z", exploded.tm_year, exploded.tm_month + 1, exploded.tm_mday); memset(&nowe, 0, sizeof(nowe)); nowe.type = siGeneralizedTime; nowe.data = (unsigned char *) now; nowe.len = strlen(now); validity->notAfter = nowe; minicert = CERT_CreateCertificate(1, name, validity, req); SEC_ASN1EncodeInteger(arena, &minicert->version, cm_csrgen_version_for_testing_minicerts); if ((spkidigest[1] & 0x80) != 0) { minicert->serialNumber.data = spkidigest; minicert->serialNumber.len = cm_prefs_nss_dig_alg_len() + 1; } else { minicert->serialNumber.data = spkidigest + 1; minicert->serialNumber.len = cm_prefs_nss_dig_alg_len(); } if (SECOID_SetAlgorithmID(arena, &minicert->signature, sigoid->offset, NULL) != SECSuccess) { cm_log(1, "Unable to set signature algorithm ID.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } minicert->issuer = req->subject; minicert->subject = req->subject; minicert->subjectPublicKeyInfo = req->subjectPublicKeyInfo; minicert->extensions = NULL; memset(&eminicert, 0, sizeof(eminicert)); if (SEC_ASN1EncodeItem(arena, &eminicert, minicert, CERT_CertificateTemplate) != &eminicert) { cm_log(1, "Error encoding mini TBS certificate.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Sign the mini certificate using the private key. */ memset(&sminicert, 0, sizeof(sminicert)); sminicert.data = eminicert; if (SECOID_SetAlgorithmID(arena, &sminicert.signatureAlgorithm, sigoid->offset, NULL) != SECSuccess) { cm_log(1, "Error setting up algorithm ID for signing the " "mini certificate.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Sign the mini certificate using the private key. */ if (SEC_SignData(&sminicert.signature, sminicert.data.data, sminicert.data.len, privkey, sigoid->offset) != SECSuccess) { cm_log(1, "Error signing mini certificate with " "the client's key using \"%s\": %s.\n", sigoid->desc, PR_ErrorToName(PORT_GetError())); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } sminicert.signature.len *= 8; /* Encode the signed mini certificate. */ if (SEC_ASN1EncodeItem(arena, &esminicert, &sminicert, CERT_SignedDataTemplate) != &esminicert) { cm_log(1, "Error encoding signed mini certificate.\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Encode the request into base-64 and pass it to our caller. */ b64 = NSSBase64_EncodeItem(arena, NULL, -1, &esreq); b642 = NSSBase64_EncodeItem(arena, NULL, -1, &espkac); b643 = NSSBase64_EncodeItem(arena, NULL, -1, &esminicert); if ((b64 != NULL) && (b642 != NULL)) { fprintf(status, "-----BEGIN CERTIFICATE REQUEST-----\n"); p = b64; while (*p != '\0') { q = p + strcspn(p, "\r\n"); fprintf(status, "%.*s\n", (int) (q - p), p); p = q + strspn(q, "\r\n"); } fprintf(status, "-----END CERTIFICATE REQUEST-----\n"); p = b642; while (*p != '\0') { q = p + strcspn(p, "\r\n"); fprintf(status, "%.*s", (int) (q - p), p); p = q + strspn(q, "\r\n"); } fprintf(status, "\n%s\n", spkidec); p = b643; while (*p != '\0') { q = p + strcspn(p, "\r\n"); fprintf(status, "%.*s", (int) (q - p), p); p = q + strspn(q, "\r\n"); } fprintf(status, "\n"); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); util_set_db_entry_key_owner(entry->cm_key_storage_location, entry); _exit(0); } /* Clean up. */ CERT_DestroyValidity(validity); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Check if a CSR is ready. */ static int cm_csrgen_n_ready(struct cm_csrgen_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_csrgen_n_get_fd(struct cm_csrgen_state *state) { return cm_subproc_get_fd(state->subproc); } /* Save the CSR to the entry. */ static int cm_csrgen_n_save_csr(struct cm_csrgen_state *state) { int status; char *p, *q; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { return -1; } talloc_free(state->entry->cm_csr); state->entry->cm_csr = talloc_strdup(state->entry, cm_subproc_get_msg(state->subproc, NULL)); if (state->entry->cm_csr == NULL) { return ENOMEM; } p = strstr(state->entry->cm_csr, "-----END"); if (p != NULL) { p = strstr(p, "REQUEST-----"); if (p != NULL) { p += strcspn(p, "\r\n"); q = p + strspn(p, "\r\n"); p = q + strcspn(q, "\r\n"); state->entry->cm_spkac = talloc_strndup(state->entry, q, p - q); if (state->entry->cm_spkac == NULL) { return ENOMEM; } *q = '\0'; q = p + strspn(p, "\r\n"); p = q + strcspn(q, "\r\n"); if (p > q) { state->entry->cm_scep_tx = talloc_strndup(state->entry, q, p - q); if (state->entry->cm_scep_tx == NULL) { return ENOMEM; } } q = p + strspn(p, "\r\n"); p = q + strcspn(q, "\r\n"); if (p > q) { state->entry->cm_minicert = talloc_strndup(state->entry, q, p - q); if (state->entry->cm_minicert == NULL) { return ENOMEM; } } state->entry->cm_scep_nonce = NULL; state->entry->cm_scep_last_nonce = NULL; state->entry->cm_scep_req = NULL; state->entry->cm_scep_req_next = NULL; state->entry->cm_scep_gic = NULL; state->entry->cm_scep_gic_next = NULL; } } return 0; } /* Check if we need a PIN (or a new PIN) to access the key information. */ static int cm_csrgen_n_need_pin(struct cm_csrgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to access the key information. */ static int cm_csrgen_n_need_token(struct cm_csrgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Clean up after CSR generation. */ static void cm_csrgen_n_done(struct cm_csrgen_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start CSR generation using template information in the entry. */ struct cm_csrgen_state * cm_csrgen_n_start(struct cm_store_entry *entry) { struct cm_csrgen_state *state; state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = &cm_csrgen_n_ready; state->pvt.get_fd = &cm_csrgen_n_get_fd; state->pvt.save_csr = &cm_csrgen_n_save_csr; state->pvt.need_pin = &cm_csrgen_n_need_pin; state->pvt.need_token = &cm_csrgen_n_need_token; state->pvt.done = &cm_csrgen_n_done; state->entry = entry; state->subproc = cm_subproc_start(cm_csrgen_n_main, state, NULL, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/csrgen-o.c0000644000175000017500000004010514511314133016102 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certext.h" #include "csrgen.h" #include "csrgen-int.h" #include "keygen.h" #include "log.h" #include "pin.h" #include "prefs.h" #include "prefs-o.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-m.h" #include "util-o.h" #include "util.h" struct cm_csrgen_state { struct cm_csrgen_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; static int astring_type(const char *attr, const char *p, ssize_t n) { unsigned int i; if ((strcasecmp(attr, "CN") != 0) && (strcasecmp(attr, "commonName") != 0)) { return MBSTRING_UTF8; } if (n < 0) { n = strlen(p); } for (i = 0; i < n; i++) { if ((p[i] & 0x80) != 0) { return MBSTRING_UTF8; } } return V_ASN1_PRINTABLESTRING; } static X509_NAME * ldap_dn_to_X509_NAME(char *s) { LDAPDN dn = NULL; LDAPRDN rdn = NULL; LDAPAVA *attr = NULL; int ret = ldap_str2dn(s, &dn, LDAP_DN_FORMAT_LDAPV3); if (ret != LDAP_SUCCESS) return NULL; X509_NAME *x509name = X509_NAME_new(); if (x509name == NULL) return NULL; for (int i = 0; dn[i] != NULL; i++) { rdn = dn[i]; int set = 0; // add next AVA in new RDN for (int j = 0; rdn[j] != NULL; j++) { attr = rdn[j]; // process attribute type ASN1_OBJECT *obj = OBJ_txt2obj( attr->la_attr.bv_val, 0 /* allow dotted OIDs */); if (obj == NULL) { // OpenSSL requires upper-cased short names // i.e. "CN", "O", etc. // Convert to upper and try again. char *attr_upper = str_to_upper(attr->la_attr.bv_val); if (attr_upper != NULL) { obj = OBJ_txt2obj(attr_upper, 0); free(attr_upper); } } if (obj == NULL) { cm_log( 0, "Unrecognised attribute type: (%s). Continuing.\n", attr->la_attr.bv_val); } else { ret = X509_NAME_add_entry_by_OBJ( x509name, obj, astring_type( attr->la_attr.bv_val, attr->la_value.bv_val, attr->la_value.bv_len), (unsigned char *) attr->la_value.bv_val, attr->la_value.bv_len, -1, // append to RDN set); if (ret == 1) { set = -1; // add next AVA to previous RDN } else { cm_log( 0, "Failed to add AVA to CSR: (%s=%s). Continuing.\n", attr->la_attr.bv_val, attr->la_value.bv_val); } } } } ldap_dnfree(dn); return x509name; } /* Create a single-AVA X509_NAME, with given string as CN */ static X509_NAME * cn_to_X509_NAME(const char *s) { X509_NAME *n = X509_NAME_new(); if (n != NULL) { X509_NAME_add_entry_by_txt( n, "CN", astring_type("CN", s, -1), (unsigned char *) s, -1 /* compute value length internally */, -1, 0); } return n; } static int cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_pin_cb_data cb_data; FILE *keyfp, *status; X509_REQ *req; X509_NAME *subject; const X509_ALGOR *sig_alg; X509 *minicert; ASN1_INTEGER *serial, *version; ASN1_GENERALIZEDTIME *notBefore = NULL, *notAfter = NULL; NETSCAPE_SPKI spki; NETSCAPE_SPKAC spkac; EVP_PKEY *pkey; BIGNUM *serialbn; char buf[LINE_MAX], *s, *nickname, *pin, *password, *filename; unsigned char *extensions, *upassword, *bmp, *name, *up, *uq, md[CM_DIGEST_MAX]; char *spkidec = NULL, *mcb64, *nows; const char *default_cn = CM_DEFAULT_CERT_SUBJECT_CN, *spkihex = NULL; const unsigned char *nametmp; struct tm *now; time_t nowt; size_t extensions_len; ssize_t len; unsigned int bmpcount, mdlen; long error; int i; status = fdopen(fd, "w"); if (status == NULL) { _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { filename = util_build_next_filename(entry->cm_key_storage_location, entry->cm_key_next_marker); if (filename == NULL) { cm_log(1, "Error opening key file for reading: %s.\n", strerror(errno)); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } } else { filename = entry->cm_key_storage_location; } keyfp = fopen(filename, "r"); if (keyfp == NULL) { if (errno != ENOENT) { cm_log(1, "Error opening key file \"%s\" " "for reading: %s.\n", filename, strerror(errno)); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } util_set_fd_entry_key_owner(fileno(keyfp), filename, entry); if (filename != entry->cm_key_storage_location) { free(filename); } filename = NULL; util_o_init(); ERR_load_crypto_strings(); pkey = EVP_PKEY_new(); if (pkey == NULL) { cm_log(1, "Internal error generating CSR.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Internal error reading key encryption PIN.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; pkey = PEM_read_PrivateKey(keyfp, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); if (pkey == NULL) { error = errno; cm_log(1, "Error reading private key '%s': %s.\n", entry->cm_key_storage_location, strerror(error)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } _exit(CM_SUB_STATUS_ERROR_AUTH); /* XXX */ } else { if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to read private " "key '%s', though one was provided. " "Treating this as an error.\n", entry->cm_key_storage_location); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } _exit(CM_SUB_STATUS_ERROR_AUTH); /* XXX */ } } if (pkey != NULL) { req = X509_REQ_new(); if (req != NULL) { subject = NULL; if ((entry->cm_template_subject_der != NULL) && (strlen(entry->cm_template_subject_der) != 0)) { i = strlen(entry->cm_template_subject_der); name = malloc(i); if (name != NULL) { i = cm_store_hex_to_bin(entry->cm_template_subject_der, name, i); nametmp = name; subject = d2i_X509_NAME(NULL, &nametmp, i); } } if ((subject == NULL) && (entry->cm_template_subject != NULL) && (strlen(entry->cm_template_subject) != 0)) { subject = ldap_dn_to_X509_NAME(entry->cm_template_subject); if (subject == NULL) { subject = cn_to_X509_NAME(entry->cm_template_subject); } } if (subject == NULL) { subject = cn_to_X509_NAME(default_cn); } if (subject != NULL) { util_X509_REQ_set_subject_name(req, subject); } X509_REQ_set_pubkey(req, pkey); X509_REQ_set_version(req, SEC_CERTIFICATE_REQUEST_VERSION); /* Add attributes. */ extensions = NULL; cm_certext_build_csr_extensions(entry, NULL, &extensions, &extensions_len); if ((extensions != NULL) && (extensions_len> 0)) { X509_REQ_add1_attr_by_NID(req, NID_ext_req, V_ASN1_SEQUENCE, extensions, extensions_len); talloc_free(extensions); } if (entry->cm_cert_nickname != NULL) { nickname = entry->cm_cert_nickname; } else if (entry->cm_key_nickname != NULL) { nickname = entry->cm_key_nickname; } else { nickname = entry->cm_nickname; } if ((nickname != NULL) && (cm_store_utf8_to_bmp_string(nickname, &bmp, &bmpcount) == 0)) { X509_REQ_add1_attr_by_NID(req, NID_friendlyName, V_ASN1_BMPSTRING, bmp, bmpcount); free(bmp); } error = cm_csrgen_read_challenge_password(entry, &password); if (error != 0) { cm_log(1, "Error reading challenge password: %s.\n", strerror(error)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } _exit(CM_SUB_STATUS_ERROR_AUTH); /* XXX */ } upassword = (unsigned char *) password; if (password != NULL) { X509_REQ_add1_attr_by_NID(req, NID_pkcs9_challengePassword, V_ASN1_PRINTABLESTRING, upassword, strlen(password)); } X509_REQ_sign(req, pkey, cm_prefs_ossl_hash()); PEM_write_X509_REQ(status, req); /* Generate the SPKAC. */ memset(&spkac, 0, sizeof(spkac)); spkac.challenge = util_ASN1_IA5STRING_new(); if (password != NULL) { ASN1_STRING_set(spkac.challenge, password, strlen(password)); } else { ASN1_STRING_set(spkac.challenge, "", 0); } memset(&spki, 0, sizeof(spki)); spki.spkac = &spkac; util_X509_REQ_get0_signature(req, NULL, &sig_alg); util_NETSCAPE_SPKI_set_sig_alg(&spki, sig_alg); spki.signature = util_ASN1_BIT_STRING_new(); NETSCAPE_SPKI_set_pubkey(&spki, pkey); NETSCAPE_SPKI_sign(&spki, pkey, cm_prefs_ossl_hash()); s = NETSCAPE_SPKI_b64_encode(&spki); if (s != NULL) { fprintf(status, "%s", s); } /* Generate the SCEP transaction identifier. */ spkidec = NULL; len = i2d_PUBKEY(pkey, NULL); if (len > 0) { up = malloc(len); if (up != NULL) { uq = up; if (i2d_PUBKEY(pkey, &uq) == len) { if (EVP_Digest(up, uq - up, md, &mdlen, cm_prefs_ossl_hash(), NULL)) { spkihex = cm_store_hex_from_bin(NULL, md, mdlen); if (spkihex != NULL) { spkidec = util_dec_from_hex(spkihex); } } } free(up); } } fprintf(status, "\n%s\n", spkidec ? spkidec : ""); /* Generate a "mini" certificate. */ minicert = X509_new(); if (minicert == NULL) { cm_log(1, "Out of memory creating mini certificate.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } nowt = time(NULL); now = gmtime(&nowt); nows = talloc_asprintf(entry, "%04d%02d%02d000000Z", now->tm_year + 1900, now->tm_mon + 1, now->tm_mday); notBefore = util_ASN1_GENERALIZEDTIME_new(); ASN1_GENERALIZEDTIME_set_string(notBefore, nows); util_X509_set1_notBefore(minicert, notBefore); nows = talloc_asprintf(entry, "%04d%02d%02d000000Z", now->tm_year + 1900 + 100, now->tm_mon + 1, now->tm_mday); notAfter = util_ASN1_GENERALIZEDTIME_new(); ASN1_GENERALIZEDTIME_set_string(notAfter, nows); util_X509_set1_notAfter(minicert, notAfter); util_X509_set_issuer_name(minicert, subject); util_X509_set_subject_name(minicert, subject); version = util_ASN1_INTEGER_new(); if (version == NULL) { cm_log(1, "Out of memory creating mini certificate.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } ASN1_INTEGER_set(version, cm_csrgen_version_for_testing_minicerts); util_X509_set1_version(minicert, version); serial = util_ASN1_INTEGER_new(); if (serial == NULL) { cm_log(1, "Out of memory creating mini certificate.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } serialbn = NULL; if ((spkidec != NULL) && (BN_dec2bn(&serialbn, spkidec) != 0)) { if (BN_to_ASN1_INTEGER(serialbn, serial) != serial) { cm_log(1, "Error setting serial number.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } } else { ASN1_INTEGER_set(serial, 1); } X509_set_serialNumber(minicert, serial); X509_set_pubkey(minicert, pkey); X509_sign(minicert, pkey, cm_prefs_ossl_hash()); len = i2d_X509(minicert, NULL); mcb64 = NULL; if (len > 0) { up = malloc(len); if (up != NULL) { uq = up; if (i2d_X509(minicert, &uq) == len) { mcb64 = cm_store_base64_from_bin(entry, up, uq - up); } } } fprintf(status, "%s\n", mcb64 ? mcb64 : ""); } else { cm_log(1, "Error creating template certificate.\n"); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } } while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } free(spkidec); fclose(status); fclose(keyfp); _exit(0); } /* Check if a CSR is ready. */ static int cm_csrgen_o_ready(struct cm_csrgen_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_csrgen_o_get_fd(struct cm_csrgen_state *state) { return cm_subproc_get_fd(state->subproc); } /* Save the CSR to the entry. */ static int cm_csrgen_o_save_csr(struct cm_csrgen_state *state) { int status; char *p, *q; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { return -1; } talloc_free(state->entry->cm_csr); state->entry->cm_csr = talloc_strdup(state->entry, cm_subproc_get_msg(state->subproc, NULL)); if (state->entry->cm_csr == NULL) { return ENOMEM; } p = strstr(state->entry->cm_csr, "-----END"); if (p != NULL) { p = strstr(p, "REQUEST-----"); if (p != NULL) { p += strcspn(p, "\r\n"); q = p + strspn(p, "\r\n"); p = q + strcspn(q, "\r\n"); state->entry->cm_spkac = talloc_strndup(state->entry, q, p - q); if (state->entry->cm_spkac == NULL) { return ENOMEM; } *q = '\0'; q = p + strspn(p, "\r\n"); p = q + strcspn(q, "\r\n"); if (p > q) { state->entry->cm_scep_tx = talloc_strndup(state->entry, q, p - q); if (state->entry->cm_scep_tx == NULL) { return ENOMEM; } } *q = '\0'; q = p + strspn(p, "\r\n"); p = q + strcspn(q, "\r\n"); if (p > q) { state->entry->cm_minicert = talloc_strndup(state->entry, q, p - q); if (state->entry->cm_minicert == NULL) { return ENOMEM; } } state->entry->cm_scep_nonce = NULL; state->entry->cm_scep_last_nonce = NULL; state->entry->cm_scep_req = NULL; state->entry->cm_scep_req_next = NULL; state->entry->cm_scep_gic = NULL; state->entry->cm_scep_gic_next = NULL; } } return 0; } /* Check if we need a PIN (or a new PIN) to access the key information. */ static int cm_csrgen_o_need_pin(struct cm_csrgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to access the key information. */ static int cm_csrgen_o_need_token(struct cm_csrgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Clean up after CSR generation. */ static void cm_csrgen_o_done(struct cm_csrgen_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start CSR generation using template information in the entry. */ struct cm_csrgen_state * cm_csrgen_o_start(struct cm_store_entry *entry) { struct cm_csrgen_state *state; state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = &cm_csrgen_o_ready; state->pvt.get_fd = &cm_csrgen_o_get_fd; state->pvt.save_csr = &cm_csrgen_o_save_csr; state->pvt.need_pin = &cm_csrgen_o_need_pin; state->pvt.need_token = &cm_csrgen_o_need_token; state->pvt.done = &cm_csrgen_o_done; state->entry = entry; state->subproc = cm_subproc_start(cm_csrgen_o_main, state, NULL, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/csrgen.c0000644000175000017500000000757614511314133015665 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2014,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include "csrgen.h" #include "csrgen-int.h" #include "log.h" #include "store-int.h" int cm_csrgen_version_for_testing_minicerts = 0; int cm_csrgen_read_challenge_password(struct cm_store_entry *entry, char **password) { const char *filename, *value; struct stat st; int fd, l, err; if (password == NULL) { return EINVAL; } *password = NULL; err = 0; filename = entry->cm_template_challenge_password_file; value = entry->cm_template_challenge_password; if ((filename != NULL) && (strlen(filename) > 0)) { fd = open(filename, O_RDONLY); if (fd != -1) { if ((fstat(fd, &st) == 0) && (st.st_size > 0)) { *password = talloc_zero_size(entry, st.st_size + 1); if (*password != NULL) { if (read(fd, *password, st.st_size) != -1) { l = strcspn(*password, "\r\n"); if (l == 0) { talloc_free(*password); *password = NULL; } else { (*password)[l] = '\0'; } } else { err = errno; cm_log(-1, "Error reading \"%s\": " "%s.\n", filename, strerror(err)); talloc_free(*password); *password = NULL; } } } else { err = errno; cm_log(-1, "Error determining size of \"%s\": " "%s.\n", filename, strerror(err)); } close(fd); } else { err = errno; cm_log(-1, "Error reading challenge password from " "\"%s\": %s.\n", filename, strerror(err)); } } if ((password != NULL) && (*password == NULL) && (err == 0)) { if (value != NULL) { *password = talloc_strdup(entry, value); } } return err; } struct cm_csrgen_state * cm_csrgen_start(struct cm_store_entry *entry) { switch (entry->cm_key_storage_type) { case cm_key_storage_none: cm_log(1, "Can't generate new CSR for %s('%s') without the " "key, and we don't know where that is or should be.\n", entry->cm_busname, entry->cm_nickname); break; #ifdef HAVE_OPENSSL case cm_key_storage_file: return cm_csrgen_o_start(entry); break; #endif #ifdef HAVE_NSS case cm_key_storage_nssdb: return cm_csrgen_n_start(entry); break; #endif } return NULL; } int cm_csrgen_ready(struct cm_csrgen_state *state) { struct cm_csrgen_state_pvt *pvt = (struct cm_csrgen_state_pvt *) state; return pvt->ready(state); } int cm_csrgen_get_fd(struct cm_csrgen_state *state) { struct cm_csrgen_state_pvt *pvt = (struct cm_csrgen_state_pvt *) state; return pvt->get_fd(state); } int cm_csrgen_save_csr(struct cm_csrgen_state *state) { struct cm_csrgen_state_pvt *pvt = (struct cm_csrgen_state_pvt *) state; return pvt->save_csr(state); } int cm_csrgen_need_pin(struct cm_csrgen_state *state) { struct cm_csrgen_state_pvt *pvt = (struct cm_csrgen_state_pvt *) state; return pvt->need_pin(state); } int cm_csrgen_need_token(struct cm_csrgen_state *state) { struct cm_csrgen_state_pvt *pvt = (struct cm_csrgen_state_pvt *) state; return pvt->need_token(state); } void cm_csrgen_done(struct cm_csrgen_state *state) { struct cm_csrgen_state_pvt *pvt = (struct cm_csrgen_state_pvt *) state; pvt->done(state); } certmonger-0.79.19/src/csrgen.h0000644000175000017500000000336214511314133015657 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmcsrgen_h #define cmcsrgen_h struct cm_csrgen_state; struct cm_store_entry; extern int cm_csrgen_version_for_testing_minicerts; /* Start CSR generation using template information in the entry. */ struct cm_csrgen_state *cm_csrgen_start(struct cm_store_entry *entry); struct cm_csrgen_state *cm_csrgen_n_start(struct cm_store_entry *entry); struct cm_csrgen_state *cm_csrgen_o_start(struct cm_store_entry *entry); /* Check if a CSR is ready. */ int cm_csrgen_ready(struct cm_csrgen_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_csrgen_get_fd(struct cm_csrgen_state *state); /* Check if we need a PIN (or a new PIN) to generate a CSR. */ int cm_csrgen_need_pin(struct cm_csrgen_state *state); /* Check if we need the right token to be present to generate a CSR. */ int cm_csrgen_need_token(struct cm_csrgen_state *state); /* Save the CSR to the entry. */ int cm_csrgen_save_csr(struct cm_csrgen_state *state); /* Clean up after CSR generation. */ void cm_csrgen_done(struct cm_csrgen_state *state); #endif certmonger-0.79.19/src/dogtag-ipa.c0000644000175000017500000000254014511314133016402 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include "prefs.h" #include "util.h" #include "dogtag-ipa.h" #define IPACONFIG "/etc/ipa/default.conf" #define IPASECTION "dogtag" void cm_dogtag_ipa_hostver(const char **host, const char **dogtag_version) { static char *ipaconfig; if (ipaconfig == NULL) { ipaconfig = read_config_file(IPACONFIG); } if (ipaconfig != NULL) { *host = get_config_entry(ipaconfig, "global", "host"); if (*dogtag_version == NULL) { *dogtag_version = get_config_entry(ipaconfig, "global", "dogtag_version"); } } else { *host = NULL; *dogtag_version = NULL; } } certmonger-0.79.19/src/dogtag-ipa.h0000644000175000017500000000146714511314133016416 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmdogtagipa_h #define cmdogtagipa_h void cm_dogtag_ipa_hostver(const char **host, const char **dogtag_version); #endif certmonger-0.79.19/src/dogtag.c0000644000175000017500000006103114511314133015633 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "prefs.h" #include "store.h" #include "submit-d.h" #include "submit-e.h" #include "submit-h.h" #include "submit-u.h" #include "util.h" #include "util-m.h" #include "util-n.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif #ifdef DOGTAG_IPA_RENEW_AGENT #include "dogtag-ipa.h" #endif static char * statevar(const char *state, const char *what) { const char *p; char *q; int len; p = state; len = strlen(what); while ((p != NULL) && (*p != '\0')) { if ((strncmp(p, what, len) == 0) && (p[len] == '=')) { p += (len + 1); len = strcspn(p, "&\r\n"); q = malloc(len + 1); if (q != NULL) { memcpy(q, p, len); q[len] = '\0'; } return q; } p += strcspn(p, "&"); while (*p == '&') { p++; } } return NULL; } static char * serial_hex_from_cert(const char *cert) { CERTCertificate *c; char *ret = NULL, *pem; if ((cert != NULL) && (strlen(cert) > 0)) { pem = talloc_strdup(NULL, cert); if (pem != NULL) { c = CERT_DecodeCertFromPackage(pem, strlen(pem)); if (c != NULL) { ret = cm_store_hex_from_bin(NULL, c->serialNumber.data, c->serialNumber.len); CERT_DestroyCertificate(c); } } } return ret; } int main(int argc, const char **argv) { const char *eeurl = NULL, *agenturl = NULL, *url = NULL, *url2 = NULL; const char *method = NULL, *method2 = NULL; const char *ssldir = NULL, *cainfo = NULL, *capath = NULL; const char *sslcert = NULL, *sslkey = NULL; const char *sslpin = NULL, *sslpinfile = NULL; const char *serial = NULL, *template = NULL; const char *uid = NULL, *pwd = NULL, *pwdfile = NULL; const char *udn = NULL, *pin = NULL, *pinfile = NULL; char *csr = NULL; char *poptarg; struct { char *name; char *value; } *aoptions = NULL, *soptions = NULL; size_t num_aoptions = 0, num_soptions = 0, j; char *savedstate = NULL; char *p, *q, *params = NULL, *params2 = NULL; const char *lasturl = NULL, *lastparams = NULL; const char *tmp = NULL, *results = NULL; struct cm_submit_h_context *hctx; void *ctx; int c, verbose = 0, force_new = 0, force_renew = 0, i; #ifdef DOGTAG_IPA_RENEW_AGENT const char *host = NULL, *dogtag_version = NULL; int eeport, agentport; #endif enum { op_none, op_submit, op_check, op_approve, op_retrieve, op_profiles } op = op_submit; dbus_bool_t can_agent, use_agent_approval = FALSE, missing_args = FALSE; dbus_bool_t use_agent_submission = FALSE; struct dogtag_default **defaults; enum cm_external_status ret; NSSInitContext *nctx; const char *es; const char *mode = CM_OP_SUBMIT, *csrfile; poptContext pctx; const struct poptOption popts[] = { {"ee-url", 'E', POPT_ARG_STRING, &eeurl, 0, "end-entity services location", "URL"}, {"agent-url", 'A', POPT_ARG_STRING, &agenturl, 0, "agent services location", "URL"}, {"cafile", 'i', POPT_ARG_STRING, &cainfo, 0, NULL, "FILENAME"}, {"capath", 'C', POPT_ARG_STRING, &capath, 0, NULL, "DIRECTORY"}, {"dbdir", 'd', POPT_ARG_STRING, &ssldir, 0, "database containing agent or client creds", "DIRECTORY"}, {"nickname", 'n', POPT_ARG_STRING, &sslcert, 0, "nickname of agent or client creds", "NAME"}, {"certfile", 'c', POPT_ARG_STRING, &sslcert, 0, "agent or client certificate", "FILENAME"}, {"keyfile", 'k', POPT_ARG_STRING, &sslkey, 0, "agent or client key", "FILENAME"}, {"sslpinfile", 'p', POPT_ARG_STRING, &sslpinfile, 0, "agent or client key pinfile", "FILENAME"}, {"sslpin", 'P', POPT_ARG_STRING, &sslpin, 0, "agent or client key pin", NULL}, {"hex-serial", 's', POPT_ARG_STRING, NULL, 's', "request renewal for certificate by serial number (hexadecimal)", "NUMBER"}, {"serial", 'D', POPT_ARG_STRING, &serial, 'D', "request renewal for certificate by serial number", "NUMBER"}, {"submit-option", 'o', POPT_ARG_STRING, NULL, 'o', "key-value pair to send to server", NULL}, {"approval-option", 'O', POPT_ARG_STRING, NULL, 'O', "key-value pair to set in certificate", NULL}, {"profile", 'T', POPT_ARG_STRING, &template, 0, "enrollment profile", "NAME"}, {"profile-list", 't', POPT_ARG_NONE, NULL, 't', "list enrollment profiles", NULL}, {"state", 'S', POPT_ARG_STRING, &savedstate, 0, "previously-provided state data", "STATE-VALUE"}, #ifdef DOGTAG_IPA_RENEW_AGENT {"dogtag-version", 'V', POPT_ARG_STRING, &dogtag_version, 'V', NULL, "NUMBER"}, #endif {"force-new", 'N', POPT_ARG_NONE, NULL, 'N', "prefer to obtain a new certificate", NULL}, {"force-renew", 'R', POPT_ARG_NONE, NULL, 'R', "prefer to renew a certificate", NULL}, {"agent-submit", 'a', POPT_ARG_NONE, NULL, 'a', "submit enrollment or renewal request using agent or client creds", NULL}, {"uid", 'u', POPT_ARG_STRING, &uid, 0, "submit enrollment or renewal request using user name", "USERNAME"}, {"udn", 'U', POPT_ARG_STRING, &udn, 0, "submit enrollment or renewal request using user DN", "USERDN"}, {"userpwd", 'W', POPT_ARG_STRING, &pwd, 0, "submit password with enrollment or renewal request", NULL}, {"userpwdfile", 'w', POPT_ARG_STRING, &pwdfile, 0, "submit password from file with enrollment or renewal request", "FILENAME"}, {"userpin", 'Y', POPT_ARG_STRING, &pin, 0, "submit pin with enrollment or renewal request", NULL}, {"userpinfile", 'y', POPT_ARG_STRING, &pinfile, 0, "submit pin from file with enrollment or renewal request", "FILENAME"}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; if (getenv(CM_SUBMIT_OPERATION_ENV) != NULL) { mode = getenv(CM_SUBMIT_OPERATION_ENV); } if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0)) { /* fall through */ } else if (strcasecmp(mode, CM_OP_FETCH_PROFILES) == 0) { op = op_profiles; } else if (strcasecmp(mode, CM_OP_IDENTIFY) == 0) { #ifdef DOGTAG_IPA_RENEW_AGENT printf("Dogtag (IPA,renew,agent) (%s %s)\n", PACKAGE_NAME, PACKAGE_VERSION); #else printf("Dogtag (%s %s)\n", PACKAGE_NAME, PACKAGE_VERSION); #endif return 0; } else { /* unsupported request */ return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); #endif savedstate = getenv(CM_SUBMIT_COOKIE_ENV); pctx = poptGetContext(argv[0], argc, argv, popts, 0); if (pctx == NULL) { return CM_SUBMIT_STATUS_UNCONFIGURED; } poptSetOtherOptionHelp(pctx, "[options] -E EE-URL -A AGENT-URL [csrfile]"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': serial = util_dec_from_hex(poptGetOptArg(pctx)); break; case 'O': poptarg = poptGetOptArg(pctx); if (strchr(poptarg, '=') == NULL) { printf(_("Profile params (-O) must be in the form of param=value.\n")); poptPrintUsage(pctx, stdout, 0); free(soptions); free(aoptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } aoptions = realloc(aoptions, ++num_aoptions * sizeof(*aoptions)); if (aoptions == NULL) { printf(_("Out of memory.\n")); free(soptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } p = strdup(poptarg); if (p == NULL) { printf(_("Out of memory.\n")); free(aoptions); free(soptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } i = strcspn(p, "="); aoptions[num_aoptions - 1].name = p; p[i] = '\0'; aoptions[num_aoptions - 1].value = p + i + 1; break; case 'o': poptarg = poptGetOptArg(pctx); if (strchr(poptarg, '=') == NULL) { printf(_("Submit params (-o) must be in the form of param=value.\n")); poptPrintUsage(pctx, stdout, 0); free(soptions); free(aoptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } soptions = realloc(soptions, ++num_soptions * sizeof(*soptions)); if (soptions == NULL) { printf(_("Out of memory.\n")); free(aoptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } p = strdup(poptarg); if (p == NULL) { printf(_("Out of memory.\n")); free(soptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } i = strcspn(p, "="); soptions[num_soptions - 1].name = p; p[i] = '\0'; soptions[num_soptions - 1].value = p + i + 1; break; case 't': op = op_profiles; break; case 'v': verbose++; break; #ifdef DOGTAG_IPA_RENEW_AGENT case 'V': dogtag_version = poptGetOptArg(pctx); break; #endif case 'N': force_new++; force_renew = 0; break; case 'R': force_renew++; force_new = 0; break; case 'a': use_agent_submission = TRUE; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); free(soptions); free(aoptions); return CM_SUBMIT_STATUS_UNCONFIGURED; } umask(S_IRWXG | S_IRWXO); if (isatty(STDERR_FILENO)) cm_log_set_method(cm_log_stderr); else cm_log_set_method(cm_log_syslog); cm_log_set_level(verbose); nctx = NSS_InitContext(CM_DEFAULT_CERT_STORAGE_LOCATION, NULL, NULL, NULL, NULL, NSS_INIT_NOCERTDB | NSS_INIT_READONLY | NSS_INIT_NOROOTINIT); if (nctx == NULL) { cm_log(1, "Unable to initialize NSS.\n"); _exit(1); } es = util_n_fips_hook(); if (es != NULL) { cm_log(1, "Error putting NSS into FIPS mode: %s\n", es); _exit(1); } ctx = talloc_new(NULL); #ifdef DOGTAG_IPA_RENEW_AGENT cm_dogtag_ipa_hostver(&host, &dogtag_version); if ((dogtag_version != NULL) && (atof(dogtag_version) >= 10)) { eeport = 8080; agentport = 8443; } else { eeport = 9180; agentport = 9443; } if (eeurl == NULL) { eeurl = cm_prefs_dogtag_ee_url(); if ((eeurl == NULL) && (host != NULL)) { eeurl = talloc_asprintf(ctx, "http://%s:%d/ca/ee/ca", host, eeport); } } if (agenturl == NULL) { agenturl = cm_prefs_dogtag_agent_url(); if ((agenturl == NULL) && (host != NULL)) { agenturl = talloc_asprintf(ctx, "https://%s:%d/ca/agent/ca", host, agentport); } } #endif if (template == NULL) { template = getenv(CM_SUBMIT_PROFILE_ENV); if (template == NULL) { template = cm_prefs_dogtag_profile(); if (template == NULL) { /* Maybe we should ask the server for which * profiles it supports, but for now we just * assume that this one hasn't been removed. */ template = "caServerCert"; } } } if (serial == NULL) { tmp = getenv(CM_SUBMIT_CERTIFICATE_ENV); if (tmp != NULL) { if (cm_prefs_dogtag_renew()) { serial = serial_hex_from_cert(tmp); if (serial != NULL) { serial = util_dec_from_hex(serial); } } } } if (cainfo == NULL) { cainfo = cm_prefs_dogtag_ca_info(); } if (capath == NULL) { capath = cm_prefs_dogtag_ca_path(); } if (ssldir == NULL) { ssldir = cm_prefs_dogtag_ssldir(); } if (sslcert == NULL) { sslcert = cm_prefs_dogtag_sslcert(); } if (sslkey == NULL) { sslkey = cm_prefs_dogtag_sslkey(); } if ((sslpinfile == NULL) && (sslpin == NULL)) { sslpinfile = cm_prefs_dogtag_sslpinfile(); } #ifdef DOGTAG_IPA_RENEW_AGENT if ((cainfo == NULL) && (capath == NULL)) { cainfo = "/etc/ipa/ca.crt"; } if (((ssldir == NULL) && (sslcert == NULL)) || ((sslkey == NULL) && (sslcert == NULL))) { printf(_("NSS database and nickname or certfile and keyfile " "must be provided.\n")); missing_args = TRUE; } #endif if ((sslcert != NULL) && (strlen(sslcert) > 0)) { can_agent = TRUE; } else { can_agent = FALSE; } if (use_agent_approval && !can_agent) { printf(_("No agent credentials specified, and no " "default known.\n")); missing_args = TRUE; } if (use_agent_submission && !can_agent) { printf(_("No agent credentials specified, and no " "default known.\n")); missing_args = TRUE; } if (force_renew && (serial == NULL)) { printf(_("Requested renewal, but no serial number provided.\n")); missing_args = TRUE; } if (eeurl == NULL) { printf(_("No end-entity URL (-E) given, and no default known.\n")); missing_args = TRUE; } #ifdef DOGTAG_IPA_RENEW_AGENT if (agenturl == NULL) { printf(_("No agent URL (-A) given, and no default known.\n")); missing_args = TRUE; } #endif if (template == NULL) { printf(_("No profile/template (-T) given, and no default known.\n")); missing_args = TRUE; } if (aoptions != NULL) { if (agenturl == NULL) { printf(_("No agent URL (-A) given, and no default " "known.\n")); missing_args = TRUE; } if (!can_agent) { printf(_("No agent credentials specified, and no " "default known.\n")); missing_args = TRUE; } } if (missing_args) { poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } if (NSS_ShutdownContext(nctx) != SECSuccess) { printf(_("Error shutting down NSS.\n")); return CM_SUBMIT_STATUS_UNREACHABLE; } /* Figure out where we are in the multi-step process. */ if ((savedstate != NULL) && ((p = statevar(savedstate, "state")) != NULL) && ((q = statevar(savedstate, "requestId")) != NULL)) { if (strcmp(p, "check") == 0) { op = op_check; } if ((strcmp(p, "review") == 0) || (strcmp(p, "approve") == 0)) { op = op_approve; } if ((strcmp(p, "fetch") == 0) || (strcmp(p, "retrieve") == 0)) { op = op_retrieve; } params = talloc_asprintf(ctx, "requestId=%s", q); free(p); free(q); } else { params = ""; } /* Read the client password and/or PIN, if we need to. */ if ((pwdfile != NULL) && (pwd == NULL)) { pwd = cm_submit_u_from_file(pwdfile); if (pwd != NULL) { pwd = talloc_strndup(ctx, pwd, strcspn(pwd, "\r\n")); } } if ((pinfile != NULL) && (pin == NULL)) { pin = cm_submit_u_from_file(pinfile); if (pin != NULL) { pin = talloc_strndup(ctx, pin, strcspn(pin, "\r\n")); } } /* Figure out which form and arguments to use. */ switch (op) { case op_none: printf(_("Internal error: unknown state.\n")); return CM_SUBMIT_STATUS_UNCONFIGURED; break; case op_submit: method = DOGTAG_PROFILE_SUBMIT_METHOD; url = talloc_asprintf(ctx, "%s/%s", eeurl, use_agent_submission ? DOGTAG_PROFILE_SUBMIT_AGENT_RESOURCE : DOGTAG_PROFILE_SUBMIT_RESOURCE); template = cm_submit_u_url_encode(template); if ((serial != NULL) && (strlen(serial) > 0) && !force_new) { /* Renew-by-serial. */ serial = cm_submit_u_url_encode(serial); params = talloc_asprintf(ctx, "profileId=%s&" "serial_num=%s&" "renewal=true&" "xml=true", template, serial); } else { /* Fresh enrollment. Read the CSR from the * environment, or from the command-line, that we're * going to submit for signing. */ csrfile = poptGetArg(pctx); if (csrfile != NULL) { csr = cm_submit_u_from_file(csrfile); } else { csr = getenv(CM_SUBMIT_CSR_ENV); if (csr != NULL) { csr = strdup(csr); } } if ((csr == NULL) || (strlen(csr) == 0)) { if (csrfile != NULL) { printf(_("Unable to read signing request from file \"%s\".\n"), csrfile); } else { printf(_("Unable to read signing request from environment variable \"%s\".\n"), CM_SUBMIT_CSR_ENV); } poptPrintUsage(pctx, stdout, 0); free(csr); return CM_SUBMIT_STATUS_UNCONFIGURED; } csr = cm_submit_u_url_encode(csr); params = talloc_asprintf(ctx, "profileId=%s&" "cert_request_type=pkcs10&" "cert_request=%s&" "xml=true", template, csr); free(csr); } /* Check for creds specified as options. */ for (j = 0; j < num_soptions; j++) { if (strcmp(soptions[j].name, "uid") == 0) { uid = NULL; } if (strcmp(soptions[j].name, "udn") == 0) { udn = NULL; } if (strcmp(soptions[j].name, "pwd") == 0) { pwd = NULL; } if (strcmp(soptions[j].name, "pin") == 0) { pin = NULL; } } /* Add client creds. */ if (uid != NULL) { uid = cm_submit_u_url_encode(uid); params = talloc_asprintf(ctx, "%s&uid=%s", params, uid); } if (udn != NULL) { udn = cm_submit_u_url_encode(udn); params = talloc_asprintf(ctx, "%s&udn=%s", params, udn); } if (pwd != NULL) { pwd = cm_submit_u_url_encode(pwd); params = talloc_asprintf(ctx, "%s&pwd=%s", params, pwd); } if (pin != NULL) { pin = cm_submit_u_url_encode(pin); params = talloc_asprintf(ctx, "%s&pin=%s", params, pin); } /* Add parameters specified on command line */ for (j = 0; j < num_soptions; j++) { p = cm_submit_u_url_encode(soptions[j].name); q = cm_submit_u_url_encode(soptions[j].value); params = talloc_asprintf(ctx, "%s&%s=%s", params, p, q); free(p); free(q); } use_agent_approval = FALSE; break; case op_check: /* Check if the certificate has been issued or rejected. */ method = DOGTAG_CHECK_REQUEST_METHOD; url = talloc_asprintf(ctx, "%s/%s", eeurl, DOGTAG_CHECK_REQUEST_RESOURCE); params = talloc_asprintf(ctx, "%s&" "xml=true", params); use_agent_approval = FALSE; break; case op_approve: if (agenturl == NULL) { printf(_("No agent URL (-A) given, and no default " "known.\n")); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } if ((sslcert == NULL) || (strlen(sslcert) == 0)) { printf(_("No agent credentials (-n) given, but they " "are needed.\n")); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Reading profile defaults for this certificate, then applying * them and issuing a new certificate. */ method = DOGTAG_PROFILE_REVIEW_METHOD; url = talloc_asprintf(ctx, "%s/%s", agenturl, DOGTAG_PROFILE_REVIEW_RESOURCE); method2 = DOGTAG_PROFILE_PROCESS_METHOD; url2 = talloc_asprintf(ctx, "%s/%s", agenturl, DOGTAG_PROFILE_PROCESS_RESOURCE); params = talloc_asprintf(ctx, "%s&" "xml=true", params); params2 = talloc_asprintf(ctx, "%s&" "op=approve", params); use_agent_approval = TRUE; break; case op_retrieve: /* Retrieving the new certificate. */ method = DOGTAG_DISPLAY_CERT_METHOD; url = talloc_asprintf(ctx, "%s/%s", eeurl, DOGTAG_DISPLAY_CERT_RESOURCE); params = talloc_asprintf(ctx, "%s&" "importCert=true&" "xml=true", params); use_agent_approval = FALSE; break; case op_profiles: /* Retrieving the list of profiles. */ method = DOGTAG_PROFILE_LIST_METHOD; url = talloc_asprintf(ctx, "%s/%s", eeurl, DOGTAG_PROFILE_LIST_RESOURCE); if (strlen(params) > 0) { params = talloc_asprintf(ctx, "%s&" "xml=true", params); } else { params = "xml=true"; } use_agent_approval = FALSE; break; } /* Read the PIN, if we need to. */ if ((sslpinfile != NULL) && (sslpin == NULL)) { sslpin = cm_submit_u_from_file(sslpinfile); if (sslpin != NULL) { sslpin = talloc_strndup(ctx, sslpin, strcspn(sslpin, "\r\n")); } } if (ssldir != NULL) { setenv("SSL_DIR", ssldir, 1); } /* Submit the form(s). */ hctx = NULL; while (url != NULL) { hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL, NULL, cainfo, capath, sslcert, sslkey, sslpin, cm_submit_h_negotiate_off, cm_submit_h_delegate_off, use_agent_approval || use_agent_submission ? cm_submit_h_clientauth_on : cm_submit_h_clientauth_off, cm_submit_h_env_modify_off, verbose > 1 ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); lasturl = url; lastparams = params; cm_submit_h_run(hctx); if (verbose > 0) { fprintf(stderr, "%s \"%s?%s\"\n", method, url, params); fprintf(stderr, "code = %d\n", cm_submit_h_result_code(hctx)); fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx)); syslog(LOG_DEBUG, "%s %s?%s\n", method, url, params); } results = cm_submit_h_results(hctx, NULL); if (verbose > 0) { fprintf(stderr, "results = \"%s\"\n", results); syslog(LOG_DEBUG, "%s", results); } if (cm_submit_h_result_code(hctx) != 0) { break; } /* If there's a next form, get ready to submit it. */ switch (op) { case op_approve: /* We just reviewed the request. Read the defaults and * add them to the set of parameters for our next form * submission. */ if (results != NULL) { defaults = cm_submit_d_xml_defaults(ctx, results); } else { defaults = NULL; } for (i = 0; (defaults != NULL) && (defaults[i] != NULL); i++) { /* Check if this default is one of the * parameters we've been explicitly provided. */ for (j = 0; j < num_aoptions; j++) { if (strcmp(defaults[i]->name, aoptions[j].name) == 0) { break; } } /* If we have a non-default value for it, skip * this default. */ if (j < num_aoptions) { continue; } p = cm_submit_u_url_encode(defaults[i]->name); q = cm_submit_u_url_encode(defaults[i]->value); if (verbose > 0) { fprintf(stderr, "setting \"%s\" to " "default value \"%s\"\n", p, q); } params2 = talloc_asprintf(ctx, "%s&%s=%s", params2, p, q); }; /* Add parameters specified on command line */ for (j = 0; j < num_aoptions; j++) { p = cm_submit_u_url_encode(aoptions[j].name); q = cm_submit_u_url_encode(aoptions[j].value); params2 = talloc_asprintf(ctx, "%s&%s=%s", params2, p, q); if (verbose > 0) { fprintf(stderr, "setting \"%s\" to " "specified value \"%s\"\n", p, q); } } break; case op_none: case op_submit: case op_check: case op_retrieve: case op_profiles: /* No second form for these. */ break; } url = url2; url2 = NULL; params = params2; params2 = NULL; method = method2; method2 = NULL; } /* Figure out what to output. */ if (cm_submit_h_result_code(hctx) != 0) { if (cm_submit_h_result_code_text(hctx) != NULL) { printf(_("Error %d connecting to %s: %s.\n"), cm_submit_h_result_code(hctx), lasturl, cm_submit_h_result_code_text(hctx)); } else { printf(_("Error %d connecting to %s.\n"), cm_submit_h_result_code(hctx), lasturl); } talloc_free(ctx); return CM_SUBMIT_STATUS_UNREACHABLE; } if (results == NULL) { printf(_("Internal error: no response to \"%s?%s\".\n"), lasturl, lastparams); talloc_free(ctx); return CM_SUBMIT_STATUS_REJECTED; } switch (op) { case op_none: printf(_("Internal error: unknown state.\n")); talloc_free(ctx); return CM_SUBMIT_STATUS_UNCONFIGURED; break; case op_submit: ret = cm_submit_d_submit_eval(ctx, results, lasturl, can_agent, &p, &q); if (p != NULL) { fprintf(stdout, "%s", p); } if (q != NULL) { fprintf(stderr, "%s", q); } talloc_free(ctx); return ret; break; case op_check: ret = cm_submit_d_check_eval(ctx, results, lasturl, can_agent, &p, &q); if (p != NULL) { fprintf(stdout, "%s", p); } if (q != NULL) { fprintf(stderr, "%s", q); } talloc_free(ctx); return ret; break; case op_approve: if (url2 == NULL) { ret = cm_submit_d_approve_eval(ctx, results, lasturl, can_agent, &p, &q); if (p != NULL) { fprintf(stdout, "%s", p); } if (q != NULL) { fprintf(stderr, "%s", q); } talloc_free(ctx); return ret; } else { ret = cm_submit_d_review_eval(ctx, results, lasturl, can_agent, &p, &q); if (p != NULL) { fprintf(stdout, "%s", p); } if (q != NULL) { fprintf(stderr, "%s", q); } talloc_free(ctx); return ret; } break; case op_retrieve: ret = cm_submit_d_fetch_eval(ctx, results, lasturl, can_agent, &p, &q); if (p != NULL) { fprintf(stdout, "%s", p); } if (q != NULL) { fprintf(stderr, "%s", q); } talloc_free(ctx); return ret; break; case op_profiles: ret = cm_submit_d_profiles_eval(ctx, results, lasturl, can_agent, &p, &q); if (p != NULL) { fprintf(stdout, "%s", p); } if (q != NULL) { fprintf(stderr, "%s", q); } talloc_free(ctx); return ret; break; } talloc_free(ctx); return CM_SUBMIT_STATUS_UNCONFIGURED; } certmonger-0.79.19/src/env-session.c0000644000175000017500000001061614511314133016642 0ustar gitgit00000000000000/* * Copyright (C) 2011,2012,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "env.h" #include "log.h" #include "tdbus.h" static char * cm_env_homedir(const char *subdir, const char *subfile) { struct passwd *pwd; char *home; char *ret; int len; dbus_bool_t free_home; home = getenv("HOME"); if (home == NULL) { pwd = getpwuid(getuid()); if (pwd != NULL) { home = pwd->pw_name; } } free_home = FALSE; if (home != NULL) { home = realpath(home, NULL); free_home = (home != NULL); } if (home != NULL) { len = strlen(home); if (subdir != NULL) { len += (strlen(subdir) + 1); } if (subfile != NULL) { len += (strlen(subfile) + 1); } ret = malloc(len + 1); if (ret != NULL) { strcpy(ret, home); if (subdir != NULL) { strcat(ret, "/"); strcat(ret, subdir); } if (subfile != NULL) { strcat(ret, "/"); strcat(ret, subfile); } } } else { ret = NULL; } if (free_home) { free(home); } return ret; } char * cm_env_home_dir(void) { return cm_env_homedir(NULL, NULL); } static void cm_env_ensure_dir(char *path) { char *p, *q, *tmp; int i; if (path != NULL) { tmp = strdup(path); if (tmp != NULL) { p = tmp + strlen(tmp); for (q = tmp + 1; q < p; q++) { if (*q == '/') { *q = '\0'; i = mkdir(tmp, S_IRWXU); if ((i != 0) && (errno != EEXIST)) { cm_log(0, "Error ensuring " "that directory '%s' " "exists: %s.\n", tmp, strerror(errno)); _exit(1); } *q = '/'; } } i = mkdir(tmp, S_IRWXU); if ((i != 0) && (errno != EEXIST)) { cm_log(0, "Error ensuring " "that directory '%s' " "exists: %s.\n", tmp, strerror(errno)); _exit(1); } free(tmp); } } } char * cm_env_config_dir(void) { static char *ret = NULL; if (ret == NULL) { ret = getenv(CM_STORE_CONFIG_DIRECTORY_ENV); if (ret == NULL) { ret = cm_env_homedir(CM_STORE_SESSION_CONFIG_DIRECTORY, NULL); } if (ret != NULL) { cm_env_ensure_dir(ret); } } return ret; } char * cm_env_request_dir(void) { static char *ret = NULL; if (ret == NULL) { ret = getenv(CM_STORE_REQUESTS_DIRECTORY_ENV); if (ret == NULL) { ret = cm_env_homedir(CM_STORE_SESSION_REQUESTS_DIRECTORY, NULL); } if (ret != NULL) { cm_env_ensure_dir(ret); } } return ret; } char * cm_env_ca_dir(void) { static char *ret = NULL; if (ret == NULL) { ret = getenv(CM_STORE_CAS_DIRECTORY_ENV); if (ret == NULL) { ret = cm_env_homedir(CM_STORE_SESSION_CAS_DIRECTORY, NULL); } if (ret != NULL) { cm_env_ensure_dir(ret); } } return ret; } char * cm_env_local_ca_dir(void) { static char *ret = NULL; if (ret == NULL) { ret = getenv(CM_STORE_LOCAL_CA_DIRECTORY_ENV); if (ret == NULL) { ret = cm_env_homedir(CM_STORE_SESSION_LOCAL_CA_DIRECTORY, NULL); } if (ret != NULL) { cm_env_ensure_dir(ret); } } return ret; } char * cm_env_tmp_dir(void) { char *ret; ret = getenv(CM_TMPDIR_ENV); if ((ret == NULL) || (strlen(ret) == 0)) { ret = getenv("TMPDIR"); if ((ret == NULL) || (strlen(ret) == 0)) { ret = _PATH_VARTMP; } cm_env_ensure_dir(ret); } return ret; } char * cm_env_whoami(void) { return "certmonger-session"; } enum cm_tdbus_type cm_env_default_bus(void) { return cm_tdbus_session; } dbus_bool_t cm_env_default_fork(void) { return FALSE; } int cm_env_default_bus_timeout(void) { return CM_DEFAULT_IDLE_TIMEOUT; } char * cm_env_lock_file(void) { return cm_env_config(NULL, "lock"); } certmonger-0.79.19/src/env-shared.c0000644000175000017500000000264114511314133016424 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include "env.h" char * cm_env_config(const char *subdir, const char *subfile) { const char *config; char *ret; int len; if ((subdir == NULL) && (subfile == NULL)) { return NULL; } config = cm_env_config_dir(); if (config != NULL) { len = strlen(config); if (subdir != NULL) { len += (strlen(subdir) + 1); } if (subfile != NULL) { len += (strlen(subfile) + 1); } ret = malloc(len + 1); if (ret != NULL) { strcpy(ret, config); if (subdir != NULL) { strcat(ret, "/"); strcat(ret, subdir); } if (subfile != NULL) { strcat(ret, "/"); strcat(ret, subfile); } } } else { ret = NULL; } return ret; } certmonger-0.79.19/src/env-system.c0000644000175000017500000000444414511314133016505 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include "env.h" #include "tdbus.h" char * cm_env_home_dir(void) { return CM_HOMEDIR; } char * cm_env_config_dir(void) { char *ret; ret = getenv(CM_STORE_CONFIG_DIRECTORY_ENV); if (ret == NULL) { ret = CM_STORE_CONFIG_DIRECTORY; } return ret; } char * cm_env_request_dir(void) { char *ret; ret = getenv(CM_STORE_REQUESTS_DIRECTORY_ENV); if (ret == NULL) { ret = CM_STORE_REQUESTS_DIRECTORY; } return ret; } char * cm_env_ca_dir(void) { char *ret; ret = getenv(CM_STORE_CAS_DIRECTORY_ENV); if (ret == NULL) { ret = CM_STORE_CAS_DIRECTORY; } return ret; } char * cm_env_local_ca_dir(void) { static char *ret = NULL; if (ret == NULL) { ret = getenv(CM_STORE_LOCAL_CA_DIRECTORY_ENV); if (ret == NULL) { ret = CM_STORE_LOCAL_CA_DIRECTORY; } } return ret; } char * cm_env_tmp_dir(void) { char *ret; ret = getenv(CM_TMPDIR_ENV); if ((ret == NULL) || (strlen(ret) == 0)) { ret = CM_TMPDIR; if ((ret == NULL) || (strlen(ret) == 0)) { ret = getenv("TMPDIR"); if ((ret == NULL) || (strlen(ret) == 0)) { ret = _PATH_VARTMP; } } } return ret; } char * cm_env_whoami(void) { return "certmonger"; } enum cm_tdbus_type cm_env_default_bus(void) { return cm_tdbus_system; } dbus_bool_t cm_env_default_fork(void) { return TRUE; } int cm_env_default_bus_timeout(void) { return 0; } char * cm_env_lock_file(void) { char *ret; ret = getenv(CM_STORE_SYSTEM_LOCK_FILE_ENV); if (ret == NULL) { ret = CM_STORE_SYSTEM_LOCK_FILE; } return ret; } certmonger-0.79.19/src/env.h0000644000175000017500000000220414511314133015160 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmenv_h #define cmenv_h char *cm_env_config_dir(void); char *cm_env_config(const char *subdir, const char *subfile); char *cm_env_lock_file(void); char *cm_env_request_dir(void); char *cm_env_local_ca_dir(void); char *cm_env_ca_dir(void); char *cm_env_tmp_dir(void); char *cm_env_home_dir(void); char *cm_env_whoami(void); enum cm_tdbus_type cm_env_default_bus(void); dbus_bool_t cm_env_default_fork(void); int cm_env_default_bus_timeout(void); #endif certmonger-0.79.19/src/getcert-add-ca.1.in0000644000175000017500000000323614511314133017460 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 24, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert add\-ca [options] .SH DESCRIPTION Adds a CA configuration to \fIcertmonger\fR, which can subsequently be used to enroll certificates. .SH OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR The nickname to give to this CA configuration. This same value can later be passed in to \fIgetcert\fR's \fIrequest\fR, \fIresubmit\fR, and \fIstart\-tracking\fR commands using the \fB\-c\fR flag. .TP \fB\-e\fR \fICOMMAND\fR, \fB\-\-command\fR=\fICOMMAND\fR The helper command to run for communicating with the CA. The helper will be used to pass signing requests to the CA, relay the CA's responses back to the \fIcertmonger\fR service, and to read information about the CA. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-add-scep-ca.1.in0000644000175000017500000000665714511314133020422 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 24, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert add\-scep\-ca [options] .SH DESCRIPTION Adds a CA configuration to \fIcertmonger\fR, which can subsequently be used to enroll certificates. The configuration will use the bundled \fIscep\-submit\fR helper. The \fIadd\-scep\-ca\fR command is more or less a wrapper for the \fIadd\-ca\fR command. .SH OPTIONS .TP All user\-provided certificate files must be in PEM format. .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR The nickname to give to this CA configuration. This same value can later be passed in to \fIgetcert\fR's \fIrequest\fR, \fIresubmit\fR, and \fIstart\-tracking\fR commands using the \fB\-c\fR flag. .TP \fB\-u\fR \fIURL\fR, \fB\-\-url\fR=\fIURL\fR The location of the SCEP server's enrollment interface. This option must be specified. .TP \fB\-R\fR \fIFILE\fR, \fB\-\-ca\-cert\fR=\fIFILE\fR The location of a PEM\-formatted copy of the CA's certificate used to verify the TLS connection the SCEP server. This option must be specified if the URL is an \fIhttps\fR location. .TP \fB\-N\fR \fIFILE\fR, \fB\-\-signingca\fR=\fIFILE\fR The location of a PEM\-formatted copy of the SCEP server's CA certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes. .TP \fB\-r\fR \fIFILE\fR, \fB\-\-ra\-cert\fR=\fIFILE\fR The location of a PEM\-formatted copy of the SCEP server's RA's certificate. A discovered value is normally supplied by the certmonger daemon, but one can be specified for troubleshooting purposes. .TP \fB\-I\fR \fIFILE\fR, \fB\-\-other\-certs\fR=\fIFILE\fR The location of a file containing other PEM\-formatted certificates which may be needed in order to properly verify signed responses sent by the SCEP server back to the client. A discovered set is normally supplied by the certmonger daemon, but can be specified for troubleshooting purposes. .TP \fB\-i\fR \fIID\fR, \fB\-\-id\fR=\fIID\fR A CA identifier value which will passed to the server when the \fIscep\-submit\fR helper is used to retrieve copies of the server's certificates. .TP \fB\-n\fR, \fB\-\-non\-renewal\fR The SCEP Renewal feature allows a client with a previously\-issued certificate to use that certificate and the associated private key to request a new certificate for a different key pair, and can be used to support \fIcertmonger\fR's rekeying feature if the SCEP server advertises support for it. This option forces the \fIscep\-submit\fR helper to issue requests without making use of this feature. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-list-cas.1.in0000644000175000017500000000207314511314133020064 0ustar gitgit00000000000000.TH CERTMONGER 1 "November 3, 2009" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert list\-cas [options] .SH DESCRIPTION Queries \fIcertmonger\fR for a list of known CAs. .SH OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR List only information about the CA which has the specified nickname. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-list.1.in0000644000175000017500000003123114511314133017316 0ustar gitgit00000000000000.TH CERTMONGER 1 "June 28, 2016" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert list [options] .SH DESCRIPTION Queries \fIcertmonger\fR for a list of certificates which it is monitoring or attempting to obtain. .SH ENROLLMENT OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR List only entries which use the specified CA. The name of the CA should correspond to one listed by \fIgetcert list\-cas\fR. .SH LISTING OPTIONS .TP \fB\-r\fR, \fB\-\-requests\-only\fR List only entries which are either currently being enrolled or refreshed. .TP \fB\-t\fR, \fB\-\-tracking\-only\fR List only entries which are not currently being enrolled or refreshed. .TP \fB\-u\fR, \fB\-\-utc\fR Display timestamps in UTC instead of local time. .TP \fB\-d\fR \fBDIR\fR, \fB\-\-dbdir\fR=\fIDIR\fR List only entries which use an NSS database in the specified directory for storing the certificate. .TP \fB\-n\fR \fINAME\fR, \fB\-\-nickname\fR=\fINAME\fR List only tracking requests which use an NSS database and the specified nickname for storing the certificate. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR List only tracking requests which specify that the certificate should be stored in the specified file. .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR List only tracking requests which use this request nickname. .SH STATES .TP NEED_KEY_PAIR The service is about to generate a new key pair. .TP GENERATING_KEY_PAIR The service is currently generating a new key pair. .TP NEED_KEY_GEN_PERMS The service encountered a filesystem permission error while attempting to save the newly\-generated key pair. .TP NEED_KEY_GEN_PIN The service is missing the PIN which is required to access an NSS database in order to save the newly\-generated key pair, or it has an incorrect PIN for a database. .TP NEED_KEY_GEN_TOKEN The service was unable to find a suitable token to use for generating the new key pair. .TP HAVE_KEY_PAIR The service has successfully generated a new key pair. .TP NEED_KEYINFO The service needs to read information about the key pair. .TP READING_KEYINFO The service is currently reading information about the key pair. .TP NEED_KEYINFO_READ_PIN The service is missing the PIN which is required to access an NSS database in order to read information about the newly\-generated key pair, or it has an incorrect PIN for a database, or has an incorrect password for accessing a key stored in encrypted PEM format. .TP NEED_KEYINFO_READ_TOKEN The service was unable to find the token in which the key pair is supposed to be stored. .TP HAVE_KEYINFO The service has successfully read information about the key pair. .TP NEED_CSR The service is about to generate a new signing request. .TP GENERATING_CSR The service is generating a signing request. .TP NEED_CSR_GEN_PIN The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format. .TP NEED_CSR_GEN_TOKEN The service was unable to find the token in which the key pair is supposed to be stored. .TP HAVE_CSR The service has successfully generated a signing request. .TP NEED_SCEP_DATA The service is about to generate data specifically needed for connecting to a CA using SCEP. .TP GENERATING_SCEP_DATA The service is generating data specifically needed for connecting to a CA using SCEP. .TP NEED_SCEP_GEN_PIN The service is missing the PIN which is required to access an NSS database in order to use the key pair, or it has an incorrect PIN for a database, or has an incorrect password for reading a key stored in encrypted PEM format. .TP NEED_SCEP_GEN_TOKEN The service was unable to find the token in which the key pair is supposed to be stored. .TP NEED_SCEP_ENCRYPTION_CERT The service is waiting until it can retrieve a copy of the CA's certificate before it can generate data required for connecting to the CA using SCEP. .TP NEED_SCEP_RSA_CLIENT_KEY The CA should be contacted using SCEP, but SCEP requires the client key pair to be an RSA key pair, and it is not. .TP HAVE_SCEP_DATA The service has successfully generated data for use in SCEP. .TP NEED_TO_SUBMIT The service is about to submit a signing request to a CA for signing. .TP SUBMITTING The service is currently submitting a signing request to a CA for signing. .TP NEED_CA The service can't submit a request to a CA because it doesn't know which CA to use. .TP CA_UNREACHABLE The service was unable to contact the CA, but it will try again later. .TP CA_UNCONFIGURED The service is missing configuration which will be needed in order to successfully contact the CA. .TP CA_REJECTED The CA rejected the signing request. .TP CA_WORKING The CA has not yet approved or rejected the request. The service will check on the status of the request later. .TP NEED_TO_SAVE_CERT The CA approved the signing request, and the service is about to save the issued certificate to the location where it has been told to save it. .TP PRE_SAVE_CERT The service is running a configured pre\-saving command before saving the newly\-issued certificate to the location where it has been told to save it. .TP START_SAVING_CERT The service is starting to save the issued certificate to the location where it has been told to save it. .TP SAVING_CERT The service is attempting to save the issued certificate to the location where it has been told to save it. .TP NEED_CERTSAVE_PERMS The service encountered a filesystem permission error while attempting to save the newly\-issued certificate to the location where it has been told to save it. .TP NEED_CERTSAVE_TOKEN The service is unable to find the token in which the newly\-issued certificate is to be stored. .TP NEED_CERTSAVE_PIN The service is missing the PIN which is required to access an NSS database in order to save the newly\-issued certificate to the location where it has been told to save it. .TP NEED_TO_SAVE_CA_CERTS The service is about to save the certificate of the issuing CA to the locations where it has been told to save them. .TP START_SAVING_CA_CERTS The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them. .TP SAVING_CA_CERTS The service is saving the certificate of the issuing CA to the locations where it has been told to save them. .TP NEED_TO_SAVE_ONLY_CA_CERTS The service is about to save the certificate of the issuing CA to the locations where it has been told to save them. .TP START_SAVING_ONLY_CA_CERTS The service is starting to save the certificate of the issuing CA to the locations where it has been told to save them. .TP SAVING_ONLY_CA_CERTS The service is saving the certificate of the issuing CA to the locations where it has been told to save them. .TP NEED_CA_CERT_SAVE_PERMS NEED_ONLY_CA_CERT_SAVE_PERMS The service encountered a filesystem permission error while attempting to save the certificate of the issuing CA to the locations where it has been told to save them. .TP NEED_TO_READ_CERT The service is about to read the issued certificate from the location where it has been told to save it. .TP READING_CERT The service is reading the issued certificate from the location where it has been told to save it. .TP SAVED_CERT The service has finished finished saving the issued certificate and the issuer's certificate to the locations where it has been told to save them. .TP POST_SAVED_CERT The service is running a configured post\-saving command after saving the newly\-issued certificate to the location where it has been told to save them. .TP MONITORING The service is monitoring the certificate and waiting for its not\-valid\-after date to approach. This is expected to be the status most often seen. .TP NEED_TO_NOTIFY_VALIDITY The service is about to notify the system administrator that the certificate's not\-valid\-after date is approaching. .TP NOTIFYING_VALIDITY The service is notifying the system administrator that the certificate's not\-valid\-after date is approaching. .TP NEED_TO_NOTIFY_REJECTION The service is about to notify the system administrator that the CA rejected the signing request. .TP NOTIFYING_REJECTION The service is notifying the system administrator that the CA rejected the signing request. .TP NEED_TO_NOTIFY_ISSUED_SAVE_FAILED The service is needs to notify the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it. .TP NOTIFYING_ISSUED_SAVE_FAILED The service is is notifying the system administrator that the CA issued a certificate, but that there was a problem saving the certificate to the location where the service was told to save it. .TP NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED The service is needs to notify the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it. .TP NOTIFYING_ISSUED_CA_SAVE_FAILED The service is notifying the system administrator that the CA issued a certificate, and the issued certificate was saved to the location where the service has been told to save it, but that there was a problem saving the CA's certificate to the locations where the service was told to save it. .TP NEED_TO_NOTIFY_ISSUED_SAVED The service is needs to notify the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it. .TP NOTIFYING_ISSUED_SAVED The service is notifying the system administrator that the CA issued a certificate and it has been saved to the location where the service has been told to save it. .TP NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED The service needs to notify the system administrator that there was a problem saving the CA's certificates to the specified location. .TP NOTIFYING_ONLY_CA_SAVE_FAILED The service is notifying the system administrator that there was a problem saving the CA's certificates to the specified location. .TP NEED_GUIDANCE An unhandled error was encountered while attempting to contact the CA, or there is the service has just been told to monitor a certificate which does not exist and for which it has no location specified for storing a key pair that could be used to generate a signing request to obtain one. .TP NEWLY_ADDED The service has just been told to track a certificate, or to generate a signing request to obtain one. .TP NEWLY_ADDED_START_READING_KEYINFO The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if there is already a key pair present. .TP NEWLY_ADDED_READING_KEYINFO The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if there is already a key pair present. .TP NEWLY_ADDED_NEED_KEYINFO_READ_PIN The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because it is missing the PIN which is required to access an NSS database, or because it has an incorrect PIN for a database. .TP NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN The service has just been told to track a certificate, or to generate a signing request to obtain one, and was unable to check if a key pair was present because the token which should be used for storing the key pair is not present. .TP NEWLY_ADDED_START_READING_CERT The service has just been told to track a certificate, or to generate a signing request to obtain one, and is about to check if a certificate is already present in the specified location. .TP NEWLY_ADDED_READING_CERT The service has just been told to track a certificate, or to generate a signing request to obtain one, and is checking if a certificate is already present in the specified location. .TP NEWLY_ADDED_DECIDING The service has just been told to track a certificate, or to generate a signing request to obtain one, and is determining its next course of action. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-modify-ca.1.in0000644000175000017500000000251214511314133020213 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 24, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert modify\-ca [options] .SH DESCRIPTION Modifies the helper command in a \fIcertmonger\fR CA configuration. .SH OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR The nickname of the CA configuration to modify. .TP \fB\-e\fR \fICOMMAND\fR, \fB\-\-command\fR=\fICOMMAND\fR The new helper command to run for communicating with the CA. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-refresh-ca.1.in0000644000175000017500000000233414511314133020364 0ustar gitgit00000000000000.TH CERTMONGER 1 "May 29, 2014" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert refresh\-ca [options] .SH DESCRIPTION Forces \fIcertmonger\fR to refresh information specific to a CA, such as locally\-stored copies of its certificates. .SH OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR Refresh information about the CA which has the specified nickname. .TP \fB\-a\fR, \fB\-\-all\fR Refresh information about all known CAs. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-refresh.1.in0000644000175000017500000000447514511314133020013 0ustar gitgit00000000000000.TH CERTMONGER 1 "July 24, 2014" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert refresh [options] .SH DESCRIPTION Forces \fIcertmonger\fR to immediately check on the status of an enrollment request for which it was either unable to contact a CA or for which it is waiting for the CA. .SH SPECIFYING REQUESTS BY NICKNAME .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR Check on the status of the signing request which has this nickname. If this option is not specified, and a tracking entry which matches the certificate storage options which are specified already exists, that entry will be used. If not specified, the location of the certificate should be specified with either a combination of the \fB\-d\fR and \fB\-n\fR options, or with the \fB\-f\fR option. .SH SPECIFYING REQUESTS BY CERTIFICATE LOCATION .TP \fB\-d\fR \rIDIR\fR, \fB\-\-dbdir\fR=\fIDIR\fR The certificate is in the NSS database in the specified directory. .TP \fB\-n\fR \fINAME\fR, \fB\-\-nickname\fR=\fINAME\fR The certificate in the NSS database named with \fB\-d\fR has the specified nickname. Only valid with \fB\-d\fR. .TP \fB\-t\fR \fITOKEN\fR, \fB\-\-token\fR=\fITOKEN\fR If the NSS database has more than one token available, the certificate is stored in this token. This argument only rarely needs to be specified. Only valid with \fB\-d\fR. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR The certificate is stored in the named file. .SH OPTIONS .TP \fB\-a\fR, \fB\-\-all\fR Refresh information about all requests for which the service will need to attempt to contact the CA again. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-rekey.1.in0000644000175000017500000001620114511314133017462 0ustar gitgit00000000000000.TH CERTMONGER 1 "July 31, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert rekey [options] .SH DESCRIPTION Tells \fIcertmonger\fR to generate a new key pair, generate a signing request for the public key, and submit the signing request to a CA for signing, in order to replace both a certificate and its private key. .SH SPECIFYING REQUESTS BY NICKNAME .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR The new key pair will be generated and the new certificate will be obtained for the tracking request which has this nickname. If this option is not specified, and a tracking entry which matches the key and certificate storage options which are specified already exists, that entry will be used. If not specified, the location of the certificate should be specified with either a combination of the \fB\-d\fR and \fB\-n\fR options, or with the \fB\-f\fR option. .SH SPECIFYING REQUESTS BY CERTIFICATE LOCATION .TP \fB\-d\fR \fIDIR\fR, \fB\-\-dbdir\fR=\fIDIR\fR The certificate is in the NSS database in the specified directory. .TP \fB\-n\fR \fINAME\fR, \fB\-\-nickname\fR=\fINAME\fR The certificate in the NSS database named with \fB\-d\fR has the specified nickname. Only valid with \fB\-d\fR. .TP \fB\-t\fR \fITOKEN\fR, \fB\-\-token\fR=\fITOKEN\fR If the NSS database has more than one token available, the certificate is stored in this token. This argument only rarely needs to be specified. Only valid with \fB\-d\fR. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR The certificate is stored in the named file. .SH KEY GENERATION OPTIONS .TP \fB\-G\fR \fITYPE\fR, \fB\-\-key\-type\fR=\fITYPE\fR In case a new key pair needs to be generated, this option specifies the type of the keys to be generated. If not specified, the current key type will be used. .TP \fB\-g\fR \fIBITS\fR, \fB\-\-key\-size\fR=\fIBITS\fR This option specifies the size of the new key to be generated. If not specified, a key of the same size as the existing key will be generated. .SH ENROLLMENT OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR Submit the new signing request to the specified CA rather than the one which was previously associated with this certificate. The name of the CA should correspond to one listed by \fIgetcert list\-cas\fR. .TP \fB\-T\fR \fINAME, \fB\-\-profile\fR=\fINAME\fR Request a certificate using the named profile, template, or certtype, from the specified CA. .TP \fB\-\-ms\-template\-spec\fR \fISPEC\fR Include a V2 Certificate Template extension in the signing request. This datum includes an Object Identifier, a major version number (positive integer) and an optional minor version number. The format is: \fB:[:]\fR. .TP \fB\-X\fR \fINAME\fR, \fB\-\-issuer\fR=\fINAME\fR Request a certificate using the named issuer from the specified CA. .TP \fB\-I\fR \fINAME\fR, \fB\-\-new\-id\fR=\fINAME\fR Assign the specified nickname to this task, replacing the previous nickname. .SH SIGNING REQUEST OPTIONS .TP \fB\-N\fR \fINAME\fR, \fB\-\-subject\-name\fR=\fINAME\fR Change the subject name to include in the signing request. .TP \fB\-u\fR \fIkeyUsage\fR, \fB\-\-key\-usage\fR=\fIkeyUsage\fR Add an extensionRequest for the specified keyUsage to the signing request. The keyUsage value is expected to be one of these names: digitalSignature nonRepudiation keyEncipherment dataEncipherment keyAgreement keyCertSign cRLSign encipherOnly decipherOnly .TP \fB\-U\fR \fIEKU\fR, \fB\-\-extended\-key\-usage\fR=\fIEKU\fR Change the extendedKeyUsage value specified in an extendedKeyUsage extension part of the extensionRequest attribute in the signing request. The EKU value is expected to be an object identifier (OID). .TP \fB\-K\fR \fINAME\fB, \fB\-\-ca\fR=\fINAME\fR Change the Kerberos principal name specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-E\fR \fIEMAIL\fR, \fB\-\-email\fR=\fIEMAIL\fR Change the email address specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-D\fR \fIDNSNAME\fR, \fB\-\-dns\fR=\fIDNSNAME\fR Change the DNS name specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-A\fR \fIADDRESS\fR, \fB\-\-ip\-address\fR=\fIADDRESS\fR Change the IP address specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-l\fR \fIFILE\fR, \fB\-\-challenge\-password\-file\fR=\fINAME\fR Add an optional ChallengePassword value, read from the file, to the signing request. A ChallengePassword is often required when the CA is accessed using SCEP. .TP \fB\-L\fR \fIPIN\fR, \fB\-\-challenge\-password\fR=\fIPIN\fR Add the argument value to the signing request as a ChallengePassword attribute. A ChallengePassword is often required when the CA is accessed using SCEP. .SH OTHER OPTIONS .TP \fB\-B\fR \fICOMMAND\fR, \fB\-\-before\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user before saving the certificates. .TP \fB\-C\fR \fICOMMAND\fR, \fB\-\-after\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user after saving the certificates. .TP \fB\-a\fR \fIDIR\fR, \fB\-\-ca\-dbdir\fR=\fIDIR\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, save them to the specified NSS database. .TP \fB\-F\fR \fIFILE\fR, \fB\-\-ca\-file\fR=\fIFILE\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, and when the local copies of the CA's root certificates are updated, save them to the specified file. .TP \fB\-\-for\-ca\fR Request a CA certificate. .TP \fB\-\-not\-for\-ca\fR Request a non\-CA certificate (the default). .TP \fB\-\-ca\-path\-length\fR=\fILENGTH\fR Path length for CA certificate. Only valid with \-\-for\-ca. .TP \fB\-w\fR, \fB\-\-wait\fR Wait for the new certificate to be issued and saved, or for the attempt to obtain one using the new key to fail. .TP \fB\-\-wait\-timeout\fR=\fITIMEOUT\fR Maximum time to wait for the certificate to be issued. .TP \fB\-v\fR \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-remove-ca.1.in0000644000175000017500000000243114511314133020221 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 24, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert remove\-ca [options] .SH DESCRIPTION Remove a CA configuration from \fIcertmonger\fR. Enrollment requests which reference the CA will behave as though they have no assigned CA. .SH OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR The nickname of the CA configuration to remove. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-request.1.in0000644000175000017500000002407214511314133020040 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 9, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert request [options] .SH DESCRIPTION Tells \fIcertmonger\fR to use an existing key pair (or to generate one if one is not already found in the specified location), to generate a signing request using the key pair, and to submit them for signing to a CA. .SH KEY AND CERTIFICATE STORAGE OPTIONS .TP \fB\-d\fR \fIDIR\fR, \fR\-\-dbdir\fR=\fIDIR\fR Use an NSS database in the specified directory for storing this certificate and key. .TP \fB\-n\fR \fINAME\fR, \fR\-\-nickname\fR=\fINAME\fR Use the key with this nickname to generate the signing request. If no such key is found, generate one. Give the enrolled certificate this nickname, too. Only valid with \fB\-d\fR. .TP \fB\-t\fR \fITOKEN\fR, \fB\-\-token\fR=\fITOKEN\fR If the NSS database has more than one token available, use the token with this name for storing and accessing the certificate and key. This argument only rarely needs to be specified. Only valid with \fB\-d\fR. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR Store the issued certificate in this file. For safety's sake, do not use the same file specified with the \fB\-k\fR option. .TP \fB\-k\fR \fIFILE\fR, \fB\-\-keyfile\fR=\fIFILE\fR Use the key stored in this file to generate the signing request. If no such file is found, generate a new key pair and store them in the file. Only valid with \fB\-f\fR. .SH KEY ENCRYPTION OPTIONS .TP \fB\-p\fR \fIFILE\fR, \fB\-\-pinfile\fR=\fIFILE\fR Encrypt private key files or databases using the PIN stored in the named file as the passphrase. .TP \fB\-P\fR \fIPIN\fR, \fB\-\-pin\fR=\fIPIN\fR Encrypt private key files or databases using the specified PIN as the passphrase. Because command\-line arguments to running processes are trivially discoverable, use of this option is not recommended except for testing. .SH KEY GENERATION OPTIONS .TP \fB\-G\fR \fITYPE\fR, \fB\-\-key\-type\fR=\fITYPE\fR In case a new key pair needs to be generated, this option specifies the type of the keys to be generated. If not specified, a reasonable default (currently \fIRSA\fR) will be used. .TP \fB\-g\fR \fIBITS\fR, \fB\-\-key\-size\fR=\fIBITS\fR In case a new key pair needs to be generated, this option specifies the size of the key. If not specified, a reasonable default (currently @CM_DEFAULT_PUBKEY_SIZE@ bits) will be used. See \fBcertmonger.conf\fR(5) for configuration of the default. .SH TRACKING OPTIONS .TP \fB\-r\fR, \fB\-\-renew\fR Attempt to obtain a new certificate from the CA when the expiration date of a certificate nears. This is the default setting. .TP \fB\-R\fR, \fB\-\-no\-renew\fR Don't attempt to obtain a new certificate from the CA when the expiration date of a certificate nears. If this option is specified, an expired certificate will simply stay expired. .TP \fB\-I\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR Assign the specified nickname to this task. If this option is not specified, a name will be assigned automatically. .SH ENROLLMENT OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR Enroll with the specified CA rather than a possible default. The name of the CA should correspond to one listed by \fIgetcert list\-cas\fR. .TP \fB\-T\fR \fINAME\fR, \fB\-\-profile\fR=\fINAME\fR Request a certificate using the named profile, template, or certtype, from the specified CA. .TP \fB\-\-ms\-template\-spec\fR \fISPEC\fR Include a V2 Certificate Template extension in the signing request. This datum includes an Object Identifier, a major version number (positive integer) and an optional minor version number. The format is: \fB:[:]\fR. .TP \fB\-X\fR \fINAME\fR, \fB\-\-issuer\fR=\fINAME\fR Request a certificate using the named issuer from the specified CA. .SH SIGNING REQUEST OPTIONS If none of \fB\-N\fR, \fB\-U\fR, \fB\-K\fR, \fB\-E\fR, and \fB\-D\fR are specified, a default group of settings will be used to request an SSL server certificate for the current host, with the \fIhost\fR Kerberos service as an additional name. The options \fB\-K\fR, \fB\-E\fR, \fB\-D\fR and \fB\-A\fR may be provided multiple times to set multiple subjectAltName of the same type. .TP \fB\-N\fR \fINAME\fR, , \fB\-\-subject\-name\fR=\fINAME\fR Set the subject name to include in the signing request. The default used is CN=\fIhostname\fR, where \fIhostname\fR is the local hostname. .TP \fB\-u\fR \fIkeyUsage\fR, \fB\-\-key\-usage\fR=\fIkeyUsage\fR Add an extensionRequest for the specified keyUsage to the signing request. The keyUsage value is expected to be one of these names: digitalSignature nonRepudiation keyEncipherment dataEncipherment keyAgreement keyCertSign cRLSign encipherOnly decipherOnly .TP \fB\-U\fR \fIEKU\fR, \fB\-\-extended\-key\-usage\fR=\fIEKU\fR Add an extensionRequest for the specified extendedKeyUsage to the signing request. The EKU value is expected to be an object identifier (OID), but some specific names are also recognized. These are some names and their associated OID values: id\-kp\-serverAuth 1.3.6.1.5.5.7.3.1 id\-kp\-clientAuth 1.3.6.1.5.5.7.3.2 id\-kp\-codeSigning 1.3.6.1.5.5.7.3.3 id\-kp\-emailProtection 1.3.6.1.5.5.7.3.4 id\-kp\-timeStamping 1.3.6.1.5.5.7.3.8 id\-kp\-OCSPSigning 1.3.6.1.5.5.7.3.9 id\-pkinit\-KPClientAuth 1.3.6.1.5.2.3.4 id\-pkinit\-KPKdc 1.3.6.1.5.2.3.5 id\-ms\-kp\-sc\-logon 1.3.6.1.4.1.311.20.2.2 .TP \fB\-K\fR \fINAME\fR, \fB\-\-principal\fR=\fINAME\fR Add an extensionRequest for a subjectAltName, with the specified Kerberos principal name as its value, to the signing request. .TP \fB\-E\fR \fIEMAIL\fR, \fB\-\-email\fR=\fIEMAIL\fR Add an extensionRequest for a subjectAltName, with the specified email address as its value, to the signing request. .TP \fB\-D\fR \fIDNSNAME\fR, \fB\-\-dns\fR=\fIDNSNAME\fR Add an extensionRequest for a subjectAltName, with the specified DNS name as its value, to the signing request. .TP \fB\-A\fR \fIADDRESS\fR, \fB\-\-ip\-address\fR=\fIADDRESS\fR Add an extensionRequest for a subjectAltName, with the specified IP address as its value, to the signing request. .TP \fB\-l\fR \fIFILE\fR, \fB\-\-challenge\-password\-file\fR=\fIFILE\fR Add an optional ChallengePassword value, read from the file, to the signing request. A ChallengePassword is often required when the CA is accessed using SCEP. .TP \fB\-L\fR \fIPIN\fR, \fB\-\-challenge\-password\fR=\fIPIN\fR Add the argument value to the signing request as a ChallengePassword attribute. A ChallengePassword is often required when the CA is accessed using SCEP. .SH OTHER OPTIONS .TP \fB\-B\fR \fICOMMAND\fR, \fB\-\-before\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user before saving the certificates. .TP \fB\-C\fR \fICOMMAND\fR, \fB\-\-after\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user after saving the certificates. .TP \fB\-a\fR \fIDIR\fR, \fB\-\-ca\-dbdir\fR=\fIDIR\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, save them to the specified NSS database. .TP \fB\-F\fR \fIFILE\fR, \fB\-\-ca\-file\fR=\fIFILE\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, and when the local copies of the CA's root certificates are updated, save them to the specified file. .TP \fB\-\-for\-ca\fR Request a CA certificate. .TP \fB\-\-not\-for\-ca\fR Request a non\-CA certificate (the default). .TP \fB\-\-ca\-path\-length\fR=\fILENGTH\fR Path length for CA certificate. Only valid with \-\-for\-ca. .TP \fB\-w\fR, \fB\-\-wait\fR Wait for the certificate to be issued and saved, or for the attempt to obtain one to fail. .TP \fB\-\-wait\-timeout\fR=\fITIMEOUT\fR Maximum time to wait for the certificate to be issued. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .TP \fB\-o\fR \fIOWNER\fR, \fB\-\-key\-owner\fR=\fIOWNER\fR After generation set the owner on the private key file or database to OWNER. .TP \fB\-m\fR \fIMODE\fR, \fB\-\-key\-perms\fR=\fIMODE\fR After generation set the file permissions on the private key file or database to MODE. .TP \fB\-O\fR \fIOWNER\fR, \fR\-\-cert\-owner\fR=\fIOWNER\fR After generation set the owner on the certificate file or database to OWNER. .TP \fB\-M\fR \fIMODE\fR, \fR\-\-cert\-perms\fR=\fIMODE\fR After generation set the file permissions on the certificate file or database to MODE. .SH BUS OPTIONS \fB\-s\fR, \fB\-\-session\fR Connect to certmonger on the session bus rather than the system bus. .TP \fB\-S\fR, \fB\-\-system\fR Connect to certmonger on the system bus rather than the session bus. This is the default. .SH NOTES Locations specified for key and certificate storage need to be accessible to the \fIcertmonger\fR daemon process. When run as a system daemon on a system which uses a mandatory access control mechanism such as SELinux, the system policy must ensure that the daemon is allowed to access the locations where certificates and keys that it will manage will be stored (these locations are typically labeled as \fIcert_t\fR or an equivalent). More SELinux\-specific information can be found in the \fIselinux.txt\fR documentation file for this package. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-resubmit.1.in0000644000175000017500000001621414511314133020201 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 9, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert resubmit [options] .SH DESCRIPTION Tells \fIcertmonger\fR to generate (or regenerate) a signing request and submit (or resubmit) the signing request to a CA for signing. .SH SPECIFYING REQUESTS BY NICKNAME .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR Resubmit a signing request for the tracking request which has this nickname. If this option is not specified, and a tracking entry which matches the key and certificate storage options which are specified already exists, that entry will be used. If not specified, the location of the certificate should be specified with either a combination of the \fB\-d\fR and \fB\-n\fR options, or with the \fB\-f\fR option. .SH SPECIFYING REQUESTS BY CERTIFICATE LOCATION .TP \fB\-d\fR \fIDIR\fR, \fR\-\-dbdir\fR=\fIDIR\fR The certificate is in the NSS database in the specified directory. .TP \fB\-n\fR \fINAME\fR, \fR\-\-nickname\fR=\fINAME\fR The certificate in the NSS database named with \fB\-d\fR has the specified nickname. Only valid with \fB\-d\fR. .TP \fB\-t\fR \fITOKEN\fR, \fB\-\-token\fR=\fITOKEN\fR If the NSS database has more than one token available, the certificate is stored in this token. This argument only rarely needs to be specified. Only valid with \fB\-d\fR. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR The certificate is stored in the named file. .SH ENROLLMENT OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR Submit the new signing request to the specified CA rather than the one which was previously associated with this certificate. The name of the CA should correspond to one listed by \fIgetcert list\-cas\fR. .TP \fB\-T\fR \fINAME\fR, \fB\-\-profile\fR=\fINAME\fR Request a certificate using the named profile, template, or certtype, from the specified CA. .TP \fB\-\-ms\-template\-spec\fR \fISPEC\fR Include a V2 Certificate Template extension in the signing request. This datum includes an Object Identifier, a major version number (positive integer) and an optional minor version number. The format is: \fB:[:]\fR. .TP \fB\-X\fR \fINAME\fR, \fB\-\-issuer\fR=\fINAME\fR Request a certificate using the named issuer from the specified CA. .TP \fB\-I\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR Assign the specified nickname to this task, replacing the previous nickname. .SH SIGNING REQUEST OPTIONS .TP \fB\-N\fR \fINAME\fR, \fB\-\-subject\-name\fR=\fINAME\fR Change the subject name to include in the signing request. .TP \fB\-u\fR \fIkeyUsage\fR, \fB\-\-key\-usage\fR=\fIkeyUsage\fR Add an extensionRequest for the specified keyUsage to the signing request. The keyUsage value is expected to be one of these names: digitalSignature nonRepudiation keyEncipherment dataEncipherment keyAgreement keyCertSign cRLSign encipherOnly decipherOnly .TP \fB\-U\fR \fIEKU\fR, \fB\-\-extended\-key\-usage\fR=\fIEKU\fR Change the extendedKeyUsage value specified in an extendedKeyUsage extension part of the extensionRequest attribute in the signing request. The EKU value is expected to be an object identifier (OID). .TP \fB\-K\fR \fINAME\fR, \fB\-\-principal\fR=\fINAME\fR Change the Kerberos principal name specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-E\fR \fIEMAIL\fR, \fB\-\-email\fR=\fIEMAIL\fR Change the email address specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-D\fR \fIDNSNAME\fR, \fB\-\-dns\fR=\fIDNSNAME\fR Change the DNS name specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-A\fR \fIADDRESS\fR, \fB\-\-ip\-address\fR=\fIADDRESS\fR Change the IP address specified as part of a subjectAltName extension part of the extensionRequest attribute in the signing request. .TP \fB\-l\fR \fIFILE\fR, \fB\-\-challenge\-password\-file\fR=\fIFILE\fR Add an optional ChallengePassword value, read from the file, to the signing request. A ChallengePassword is often required when the CA is accessed using SCEP. .TP \fB\-L\fR \fIPIN\fR, \fB\-\-challenge\-password\fR=\fIPIN\fR Add the argument value to the signing request as a ChallengePassword attribute. A ChallengePassword is often required when the CA is accessed using SCEP. .SH OTHER OPTIONS .TP \fB\-B\fR \fICOMMAND\fR, \fB\-\-before\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user before saving the certificates. .TP \fB\-C\fR \fICOMMAND\fR, \fB\-\-after\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user after saving the certificates. .TP \fB\-a\fR \fIDIR\fR, \fB\-\-ca\-dbdir\fR=\fIDIR\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, save them to the specified NSS database. .TP \fB\-F\fR \fIFILE\fR, \fB\-\-ca\-file\fR=\fIFILE\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, and when the local copies of the CA's root certificates are updated, save them to the specified file. .TP \fB\-\-for\-ca\fR Request a CA certificate. .TP \fB\-\-not\-for\-ca\fR Request a non\-CA certificate (the default). .TP \fB\-\-ca\-path\-length\fR=\fILENGTH\fR Path length for CA certificate. Only valid with \-\-for\-ca. .TP \fB\-w\fR, \fB\-\-wait\fR Wait for the certificate to be reissued and saved, or for the attempt to obtain one to fail. .TP \fB\-\-wait\-timeout\fR=\fITIMEOUT\fR Maximum time to wait for the certificate to be issued. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .TP \fB\-o\fR \fIOWNER\fR, \fB\-\-key\-owner\fR=\fIOWNER\fR After generation set the owner on the private key file or database to OWNER. .TP \fB\-m\fR \fIMODE\fR, \fB\-\-key\-perms\fR=\fIMODE\fR After generation set the file permissions on the private key file or database to MODE. .TP \fB\-O\fR \fIOWNER\fR, \fB\-\-cert\-owner\fR=\fIOWNER\fR After generation set the owner on the certificate file or database to OWNER. .TP \fB\-M\fR \fIMODE\fR, \fB\-\-cert\-perms\fR=\fIMODE\fR After generation set the file permissions on the certificate file or database to MODE. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-start-tracking.1.in0000644000175000017500000002222214511314133021300 0ustar gitgit00000000000000.TH CERTMONGER 1 "February 9, 2015" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert start\-tracking [options] .SH DESCRIPTION Tells \fIcertmonger\fR to monitor an already\-issued certificate. Optionally, when the certificate nears expiration, use an existing key pair (or to generate one if one is not already found in the specified location), to generate a signing request using the key pair and to submit them for signing to a CA. .SH SPECIFYING EXISTING REQUESTS .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR Modify the request which has this nickname. If this option is not specified, and a tracking entry which matches the key and certificate storage options which are specified already exists, that entry will be modified. Otherwise, a new tracking entry will be added. .SH KEY AND CERTIFICATE STORAGE OPTIONS .TP \fB\-d\fR \fIDIR\fR, \fR\-\-dbdir\fR=\fIDIR\fR Use an NSS database in the specified directory for reading this certificate and, if possible, the corresponding key. .TP \fB\-n\fR \fINAME\fR, \fR\-\-nickname\fR=\fINAME\fR Use the certificate with this nickname, and if a private key with the same nickname or which corresponds to the certificate is available, to use it, too. Only valid with \fB\-d\fR. .TP \fB\-t\fR \fITOKEN\fR, \fB\-\-token\fR=\fITOKEN\fR If the NSS database has more than one token available, use the token with this name for accessing the certificate and key. This argument only rarely needs to be specified. Only valid with \fB\-d\fR. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR Read the certificate from this file. For safety's sake, do not use the same file specified with the \fB\-k\fR option. .TP \fB\-k\fR \fIFILE\fR, \fB\-\-keyfile\fR=\fIFILE\fR Use the key stored in this file to generate a signing request for refreshing the certificate. If no such file is found when needed, generate a new key pair and store them in the file. Only valid with \fB\-f\fR. .SH KEY ENCRYPTION OPTIONS .TP \fB\-p\fR \fIFILE\fR, \fB\-\-pinfile\fR=\fIFILE\fR The private key files or databases are encrypted using the PIN stored in the named file as the passphrase. .TP \fB\-P\fR \fIPIN\fR, \fB\-\-pin\fR=\fIPIN\fR The private key files or databases are encrypted using the specified PIN as the passphrase. Because command\-line arguments to running processes are trivially discoverable, use of this option is not recommended except for testing. .SH TRACKING OPTIONS .TP \fB\-I\fR \fINAME\fR, \fB\-\-new\-id\fR=\fINAME\fR Assign the specified nickname to this task. If this option is not specified, a name will be assigned automatically. .TP \fB\-r\fR, \fB\-\-renew\fR Attempt to obtain a new certificate from the CA when the expiration date of a certificate nears. This is the default setting. .TP \fB\-R\fR, \fB\-\-no\-renew\fR Don't attempt to obtain a new certificate from the CA when the expiration date of a certificate nears. If this option is specified, an expired certificate will simply stay expired. .SH ENROLLMENT OPTIONS .TP \fB\-c\fR \fINAME\fR, \fB\-\-ca\fR=\fINAME\fR Enroll with the specified CA rather than a possible default. The name of the CA should correspond to one listed by \fIgetcert list\-cas\fR. Only useful in combination with \fB\-r\fR. .TP \fB\-T\fR \fINAME\fR, \fB\-\-profile\fR=\fINAME\fR Request a certificate using the named profile, template, or certtype, from the specified CA. .TP \fB\-\-ms\-template\-spec\fR \fISPEC\fR Include a V2 Certificate Template extension in the signing request. This datum includes an Object Identifier, a major version number (positive integer) and an optional minor version number. The format is: \fB:[:]\fR. .TP \fB\-X\fR \fINAME\fR, \fB\-\-issuer\fR=\fINAME\fR Request a certificate using the named issuer from the specified CA. .SH SIGNING REQUEST OPTIONS If and when \fIcertmonger\fR attempts to obtain a new certificate to replace the one being monitored, the values to be added to the signing request will be taken from the current certificate, unless preferred values are set using one or more of \fB\-u\R, \fB\-U\fR, \fB\-K\fR, \fB\-E\fR, and \fB\-D\fR. .TP \fB\-u\fR \fIkeyUsage\fR, \fB\-\-key\-usage\fR=\fIkeyUsage\fR Add an extensionRequest for the specified keyUsage to the signing request. The keyUsage value is expected to be one of these names: digitalSignature nonRepudiation keyEncipherment dataEncipherment keyAgreement keyCertSign cRLSign encipherOnly decipherOnly .TP \fB\-U\fR \fIEKU\fR, \fB\-\-extended\-key\-usage\fR=\fIEKU\fR Add an extensionRequest for the specified extendedKeyUsage to the signing request. The EKU value is expected to be an object identifier (OID). .TP \fB\-K\fR \fINAME\fR, \fB\-\-principal\fR=\fINAME\fR Add an extensionRequest for a subjectAltName, with the specified Kerberos principal name as its value, to the signing request. .TP \fB\-E\fR \fIEMAIL\fR, \fB\-\-email\fR=\fIEMAIL\fR Add an extensionRequest for a subjectAltName, with the specified email address as its value, to the signing request. .TP \fB\-D\fR \fIDNSNAME\fR, \fB\-\-dns\fR=\fIDNSNAME\fR Add an extensionRequest for a subjectAltName, with the specified DNS name as its value, to the signing request. .TP \fB\-A\fR \fIADDRESS\fR, \fB\-\-ip\-address\fR=\fIADDRESS\fR Add an extensionRequest for a subjectAltName, with the specified IP address as its value, to the signing request. .TP \fB\-l\fR \fIFILE\fR, \fB\-\-challenge\-password\-file\fR=\fIFILE\fR Add an optional ChallengePassword value, read from the file, to the signing request. A ChallengePassword is often required when the CA is accessed using SCEP. .TP \fB\-L\fR \fIPASSWORD\fR, \fB\-\-challenge\-password\fR=\fIPASSWORD\fR Add the argument value to the signing request as a ChallengePassword attribute. A ChallengePassword is often required when the CA is accessed using SCEP. .SH OTHER OPTIONS .TP \fB\-B\fR \fICOMMAND\fR, \fB\-\-before\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user before saving the certificates. .TP \fB\-C\fR \fICOMMAND\fR, \fB\-\-after\-command\fR=\fICOMMAND\fR When ever the certificate or the CA's certificates are saved to the specified locations, run the specified command as the client user after saving the certificates. .TP \fB\-a\fR \fIDIR\fR, \fB\-\-ca\-dbdir\fR=\fIDIR\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, save them to the specified NSS database. .TP \fB\-F\fR \fIFILE\fR, \fB\-\-ca\-file\fR=\fIFILE\fR When ever the certificate is saved to the specified location, if root certificates for the CA are available, and when the local copies of the CA's root certificates are updated, save them to the specified file. .TP \fB\-w\fR, \fB\-\-wait\fR Wait for the certificate to become valid or to be reissued and saved, or for the attempt to obtain a new one to fail. .TP \fB\-\-wait\-timeout\fR=\fITIMEOUT\fR Maximum time to wait for the certificate to be issued. .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .TP \fB\-o\fR \fIOWNER\fR, \fB\-\-key\-owner\fR=\fIOWNER\fR After generation set the owner on the private key file or database to OWNER. .TP \fB\-m\fR \fIMODE\fR, \fB\-\-key\-perms\fR=\fIMODE\fR After generation set the file permissions on the private key file or database to MODE. .TP \fB\-O\fR \fIOWNER\fR, \fR\-\-cert\-owner\fR=\fIOWNER\fR After generation set the owner on the certificate file or database to OWNER. .TP \fB\-M\fR \fIMODE\fR, \fR\-\-cert\-perms\fR=\fIMODE\fR After generation set the file permissions on the certificate file or database to MODE. .SH BUS OPTIONS .TP \fB\-s\fR, \fB\-\-session\fR Connect to certmonger on the session bus rather than the system bus. .TP \fB\-S\fR, \fB\-\-system\fR Connect to certmonger on the system bus rather than the session bus. This is the default. .SH NOTES Locations specified for key and certificate storage need to be accessible to the \fIcertmonger\fR daemon process. When run as a system daemon on a system which uses a mandatory access control mechanism such as SELinux, the system policy must ensure that the daemon is allowed to access the locations where certificates and keys that it will manage will be stored (these locations are typically labeled as \fIcert_t\fR or an equivalent). More SELinux\-specific information can be found in the \fIselinux.txt\fR documentation file for this package. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-status.1.in0000644000175000017500000000401414511314133017665 0ustar gitgit00000000000000.TH CERTMONGER 1 "June 13, 2014" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert status [options] .SH DESCRIPTION Queries \fIcertmonger\fR for a status of a particular certificate request and sets an exit status to reflect that status. .SH SELECTION OPTIONS .TP \fB\-d\fR \fIDIR\fR, \fR\-\-dbdir\fR=\fIDIR\fR Check that status of a certificate in the named NSS database. Must be specified with the \fB\-n\fR option. .TP \fB\-n\fR \fINAME\fR, \fR\-\-nickname\fR=\fINAME\fR Check that status of a certificate in with the specified nickname. Must be specified with the \fB\-d\fR option. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR Check that status of a certificate stored in the specified PEM file. .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR Check that status of a certificate with the specified request nickname. .SH EXIT STATUS .TP 0 Certificate is issued and valid. .TP 1 There was an error communicating with the \fBcertmonger\fR(8) daemon, or there is no such certificate known to it. .TP 2. Certificate signing request was rejected by the CA. .TP 3. CA could not be reached, but attempts to communicate with it will be retried. .TP 4. Configuration error. .TP 5. Client is working on the request, or waiting for the server. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert-stop-tracking.1.in0000644000175000017500000000472014511314133021133 0ustar gitgit00000000000000.TH CERTMONGER 1 "November 3, 2009" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert stop\-tracking [options] .SH DESCRIPTION Tells \fIcertmonger\fR to stop monitoring or attempting to obtain or refresh a certificate. .SH TRACKING OPTIONS .TP \fB\-i\fR \fINAME\fR, \fB\-\-id\fR=\fINAME\fR The certificate was tracked using the request with the specified nickname. If this option is not specified, some combination of \fB\-d\fR and \fB\-n\fR or \fB\-f\fR can be used to specify which certificate should henceforth be forgotten. .SH KEY AND CERTIFICATE STORAGE OPTIONS .TP \fB\-d\fR \fIDIR\fR, \fR\-\-dbdir\fR=\fIDIR\fR The certificate is the one stored in the specified NSS database. .TP \fB\-n\fR \fINAME\fR, \fR\-\-nickname\fR=\fINAME\fR The certificate is the one which has this nickname. Only valid with \fB\-d\fR. .TP \fB\-t\fR \fITOKEN\fR, \fB\-\-token\fR=\fITOKEN\fR If the NSS database has more than one token available, the certificate is stored in this token. This argument only rarely needs to be specified. Only valid with \fB\-d\fR. .TP \fB\-f\fR \fIFILE\fR, \fB\-\-certfile\fR=\fIFILE\fR The certificate is or was to be stored in this file. .TP \fB\-k\fR \fIFILE\fR, \fB\-\-keyfile\fR=\fIFILE\fR The private key is or was to be stored in this file. Only valid with \fB\-f\fR. .SH OTHER OPTIONS .TP \fB\-v\fR, \fB\-\-verbose\fR Be verbose about errors. Normally, the details of an error received from the daemon will be suppressed if the client can make a diagnostic suggestion. .SH BUS OPTIONS .TP \fB\-s\fR, \fB\-\-session\fR Connect to certmonger on the session bus rather than the system bus. .TP \fB\-S\fR, \fB\-\-system\fR Connect to certmonger on the system bus rather than the session bus. This is the default. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert.1.in0000644000175000017500000000474714511314133016361 0ustar gitgit00000000000000.TH CERTMONGER 1 "November 3, 2009" "certmonger Manual" .SH NAME getcert .SH SYNOPSIS getcert request [options] getcert start\-tracking [options] getcert stop\-tracking [options] getcert resubmit [options] getcert rekey [options] getcert refresh [options] getcert list [options] getcert status [options] getcert add\-ca [options] getcert add\-scep-ca [options] getcert list\-cas [options] getcert modify\-ca [options] getcert refresh\-ca [options] getcert remove\-ca [options] .SH DESCRIPTION The \fIgetcert\fR tool issues requests to a @CM_DBUS_NAME@ service on behalf of the invoking user. It can ask the service to begin enrollment, optionally generating a key pair to use, it can ask the service to begin monitoring a certificate in a specified location for expiration, and optionally to refresh it when expiration nears, it can list the set of certificates that the service is already monitoring, or it can list the set of CAs that the service is capable of using. If no command is given as the first command\-line argument, \fIgetcert\fR will print short usage information for each of its functions. If \fIgetcert\fR is invoked by a user with UID 0, and there is no system bus available, \fIgetcert\fR will attempt to launch a temporary copy of the \fIcertmonger\fR daemon to handle its requests. .SH COMMON ARGUMENTS If \fI@CERTMONGER_PVT_ADDRESS_ENV@\fR is set in the environment, \fIgetcert\fR contacts the service directly at the specified location. All commands can take either the \fB\-s\fR or \fB\-S\fR arguments, which instruct \fIgetcert\fR to contact the @CM_DBUS_NAME@ service on the session or system bus, if no value is set. By default, \fIgetcert\fR consults the @CM_DBUS_NAME@ service attached to the system bus. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/getcert.c0000644000175000017500000052212114511314133016025 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "cm.h" #include "kudict.h" #include "oiddict.h" #include "store.h" #include "store-int.h" #include "submit-e.h" #include "submit-u.h" #include "tdbus.h" #include "tdbusm.h" #include "util-o.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif #define N_(_msg) (_msg) #define HELP_TYPE_COMMAND _("COMMAND") #define HELP_TYPE_DIRECTORY _("DIRECTORY") #define HELP_TYPE_EKU _("LIST") #define HELP_TYPE_EMAIL _("ADDRESS") #define HELP_TYPE_FILENAME _("FILENAME") #define HELP_TYPE_HOSTNAME _("HOSTNAME") #define HELP_TYPE_ID _("ID") #define HELP_TYPE_IP _("ADDRESS") #define HELP_TYPE_KEYSIZE _("BITS") #define HELP_TYPE_KU _("LIST") #define HELP_TYPE_MODE _("MODE") #define HELP_TYPE_NAME _("NAME") #define HELP_TYPE_PRINCIPAL _("PRINCIPAL") #define HELP_TYPE_SUBJECT _("SUBJECT") #define HELP_TYPE_URL _("URL") #define HELP_TYPE_USER _("USERNAME[:GROUPNAME]") #ifdef FORCE_CA #define DEFAULT_CA FORCE_CA #else #define DEFAULT_CA NULL #endif static void help(const char *cmd, const char *category); static char *thumbprint(const char *s, SECOidTag tag, int bits); static struct { const char *argv0, *verb; DBusConnection *conn; void *tctx; } globals = { .conn = NULL, .tctx = NULL }; static char *find_ca_by_name(void *parent, enum cm_tdbus_type bus, const char *nickname, int verbose); static char *find_request_by_name(void *parent, enum cm_tdbus_type bus, const char *path, int verbose); static char *find_ca_name(void *parent, enum cm_tdbus_type bus, const char *path, int verbose); static char *find_request_name(void *parent, enum cm_tdbus_type bus, const char *path, int verbose); /* Ensure that a pathname is an absolute pathname. */ static char * ensure_path_is_absolute(void *parent, const char *path) { char buf[PATH_MAX + 1], *ret; if (path[0] == '/') { return talloc_strdup(parent, path); } else { if (getcwd(buf, sizeof(buf)) == buf) { ret = talloc_asprintf(parent, "%s/%s", buf, path); printf(_("Path \"%s\" is not absolute, " "attempting to " "use \"%s\" instead.\n"), path, ret); return ret; } else { printf(_("Path \"%s\" is not absolute, and " "there was an error determining the " "name of the current directory.\n"), path); exit(1); } } } /* Ensure that a pathname is a directory. */ static int ensure_path_is_directory(char *path) { struct stat st; int err; if (stat(path, &st) == 0) { if (S_ISDIR(st.st_mode)) { if (access(path, R_OK | W_OK) == 0) { return 0; } else { err = errno; printf(_("Path \"%s\": insufficient " "permissions.\n"), path); errno = err; return -1; } } else { printf(_("Path \"%s\" is not a directory.\n"), path); return -1; } } else { err = errno; printf(_("Path \"%s\": %s.\n"), path, strerror(errno)); errno = err; return -1; } } /* Ensure that a pathname is at least in a directory which exists. */ static int ensure_parent_is_directory(void *parent, const char *path) { char *tmp, *p; tmp = talloc_strdup(parent, path); if (tmp != NULL) { p = strrchr(tmp, '/'); if (p != NULL) { if (p > tmp) { *p = '\0'; } else { *(p + 1) = '\0'; } return ensure_path_is_directory(tmp); } } return -1; } /* Ensure that a pathname is a regular file or missing. */ static int ensure_path_is_regular(const char *path) { struct stat st; if (stat(path, &st) == 0) { if (S_ISREG(st.st_mode)) { return 0; } } else { if (errno == ENOENT) { return 0; } } printf(_("Path \"%s\" is not a regular file.\n"), path); return -1; } /* Ensure that we have a suitable NSS database location. */ static char * ensure_nss(void *parent, const char *path, char **nss_scheme) { char *ret; *nss_scheme = NULL; if (strncmp(path, "sql:", 4) == 0) { *nss_scheme = talloc_strdup(parent, "sql"); path += 4; } else if (strncmp(path, "dbm:", 4) == 0) { *nss_scheme = talloc_strdup(parent, "dbm"); path += 4; } else if (strncmp(path, "rdb:", 4) == 0) { *nss_scheme = talloc_strdup(parent, "rdb"); path += 4; } else if (strncmp(path, "extern:", 7) == 0) { *nss_scheme = talloc_strdup(parent, "extern"); path += 7; } ret = ensure_path_is_absolute(parent, path); if (ret != NULL) { ret = cm_store_canonicalize_path(parent, ret); } if (ret != NULL) { if (ensure_path_is_directory(ret) != 0) { ret = NULL; } } if (ret == NULL) { exit(1); } return ret; } /* Ensure that we have a suitable location for a PEM file. */ static char * ensure_pem(void *parent, const char *path) { char *ret; ret = ensure_path_is_absolute(parent, path); if (ret != NULL) { ret = cm_store_canonicalize_path(parent, ret); } if (ret != NULL) { if (ensure_parent_is_directory(parent, ret) != 0) { ret = NULL; } } if (ret != NULL) { if (ensure_path_is_regular(ret) != 0) { ret = NULL; } } if (ret == NULL) { exit(1); } return ret; } /* Escape any shell special characters. */ static char * shell_escape(void *parent, const char *s) { const char *specials = "|&;()<>\"' \t", *p; char *ret, *q; ret = talloc_size(parent, strlen(s) * 2 + 1); if (ret != NULL) { for (p = s, q = ret; *p != '\0'; p++) { if (strchr(specials, *p) != NULL) { *q++ = '\\'; } *q++ = *p; } *q++ = '\0'; } return ret; } /* Add a string to a list. */ static void add_string(void *parent, char ***dest, const char *value) { char **tmp; int i; for (i = 0; ((*dest) != NULL) && ((*dest)[i] != NULL); i++) { continue; } tmp = talloc_array_ptrtype(parent, tmp, i + 2); if (tmp == NULL) { printf(_("Out of memory.\n")); exit(1); } if (*dest) memcpy(tmp, *dest, sizeof(tmp[0]) * i); tmp[i] = talloc_strdup(tmp, value); i++; tmp[i] = NULL; *dest = tmp; } /* Connect to the bus, or not. */ static void prep_bus(enum cm_tdbus_type which, const char *mode, int verbose, int argc, const char **argv) { DBusError err; char *nargv[7] = { CM_CERTMONGER_DAEMON_PATH, "-n", "-L", "-c", }; char *cmd = NULL; int i; if ((which != cm_tdbus_system) || (globals.conn != NULL) || (getuid() != 0)) { return; } memset(&err, 0, sizeof(err)); globals.conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err); if (globals.conn != NULL) { return; } if (!dbus_error_has_name(&err, DBUS_ERROR_NO_SERVER) && !dbus_error_has_name(&err, DBUS_ERROR_FILE_NOT_FOUND)) { return; } cmd = talloc_asprintf(NULL, "%s/%s %s", CM_GETCERT_DIR, globals.argv0, globals.verb); for (i = 1; i < argc; i++) { cmd = talloc_strdup_append(cmd, " "); cmd = talloc_strdup_append(cmd, shell_escape(cmd, argv[i])); } nargv[4] = cmd; if (verbose > 0) { nargv[5] = talloc_asprintf(cmd, "-d%d", verbose); } if (verbose) { printf(_("No system bus running.\n")); printf(_("Running as UID 0.\n")); printf(_("Launching temporary dedicated service daemon.\n")); } execv(nargv[0], nargv); } /* Connect to the bus and set up as much of the request as we can. */ static DBusMessage * prep_req(enum cm_tdbus_type which, const char *path, const char *interface, const char *method) { DBusMessage *msg; const char *busaddr; if (globals.conn == NULL) { switch (which) { case cm_tdbus_session: globals.conn = dbus_bus_get(DBUS_BUS_SESSION, NULL); break; case cm_tdbus_system: globals.conn = dbus_bus_get(DBUS_BUS_SYSTEM, NULL); break; case cm_tdbus_private: busaddr = getenv(CERTMONGER_PVT_ADDRESS_ENV); if (busaddr != NULL) { globals.conn = dbus_connection_open_private(busaddr, NULL); } break; } if (globals.conn == NULL) { printf(_("Error connecting to D-Bus.\n")); printf(_("Please verify that the message bus (D-Bus) service is running.\n")); exit(1); } } msg = dbus_message_new_method_call(CM_DBUS_NAME, path, interface, method); if (msg == NULL) { printf(_("Error creating DBus request message.\n")); exit(1); } return msg; } /* Produce a useful error about popt. */ static const char * make_popt_error(poptContext ctx, int code) { char *p; switch (code) { case POPT_ERROR_NOARG: p = talloc_asprintf(NULL, _("missing argument for %s"), poptBadOption(ctx, 0)); if (p != NULL) { return p; } return _("missing argument"); break; case POPT_ERROR_BADOPT: p = talloc_asprintf(NULL, _("unrecognized option %s"), poptBadOption(ctx, 0)); if (p != NULL) { return p; } return _("unrecognized option"); break; case POPT_ERROR_OPTSTOODEEP: return _("aliases nested too deeply"); break; case POPT_ERROR_BADQUOTE: return _("bad parameter quoting"); break; case POPT_ERROR_ERRNO: return strerror(errno); break; case POPT_ERROR_BADNUMBER: return _("invalid numeric value"); break; case POPT_ERROR_OVERFLOW: return _("number too large or too small"); break; case POPT_ERROR_BADOPERATION: return _("bad operation"); break; case POPT_ERROR_NULLARG: return _("internal error"); break; case POPT_ERROR_MALLOC: return _("out of memory"); break; #ifdef POPT_ERROR_BADCONFIG case POPT_ERROR_BADCONFIG: return _("error in popt configuration file"); break; #endif } return poptStrerror(code); } /* Try to offer some advice based on the error. */ static enum { hint_unknown, hint_found } print_hint(const char *error, const char *message) { char *text = NULL; void *ctx; ctx = talloc_new(NULL); text = cm_tdbusm_hint(ctx, error, message); if ((text == NULL) && (strncmp(error, CM_DBUS_ERROR_BASE, strlen(CM_DBUS_ERROR_BASE)) == 0)) { text = talloc_asprintf(ctx, "%s\n", _(message)); } if (text != NULL) { printf("%s", _(text)); } talloc_free(ctx); return text ? hint_found : hint_unknown; } /* Send our request and return the response. If there's an error, exit. */ static DBusMessage * send_req(DBusMessage *req, int verbose) { DBusMessage *rep; DBusError err; memset(&err, 0, sizeof(err)); rep = dbus_connection_send_with_reply_and_block(globals.conn, req, 30 * 1000, &err); if (rep == NULL) { if (dbus_error_is_set(&err)) { if (err.name != NULL) { if ((print_hint(err.name, err.message) == hint_unknown) || verbose) { if ((err.message != NULL) && verbose) { printf(_("Error %s: %s\n"), err.name, err.message); } else { printf(_("Error %s\n"), err.name); } } } else { if (err.message != NULL) { printf(_("Error: %s\n"), err.message); } else { printf(_("Received error response from " "local %s service.\n"), CM_DBUS_NAME); } } } else { printf(_("No response received from %s service.\n"), CM_DBUS_NAME); } exit(1); } dbus_message_unref(req); return rep; } /* Send the specified, argument-less method call to the named object and return * the reply message. */ static DBusMessage * query_rep(enum cm_tdbus_type which, const char *path, const char *interface, const char *method, int verbose) { return send_req(prep_req(which, path, interface, method), verbose); } /* Send the specified, argument-less method call to the named object, and * return a sole boolean response. */ static dbus_bool_t query_rep_b(enum cm_tdbus_type which, const char *path, const char *interface, const char *method, int verbose, void *parent) { DBusMessage *rep; dbus_bool_t b; rep = query_rep(which, path, interface, method, verbose); if (cm_tdbusm_get_b(rep, parent, &b) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); return b; } /* Send the specified, argument-less method call to the named object, and * return the single string from the response. */ static char * query_rep_s(enum cm_tdbus_type which, const char *path, const char *interface, const char *method, int verbose, void *parent) { DBusMessage *rep; char *s; rep = query_rep(which, path, interface, method, verbose); if (cm_tdbusm_get_s(rep, parent, &s) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); return s; } /* Send the specified, argument-less method call to the named object, and * return the array of strings from the response. */ static char ** query_rep_as(enum cm_tdbus_type which, const char *path, const char *interface, const char *method, int verbose, void *parent) { DBusMessage *rep; char **as; rep = query_rep(which, path, interface, method, verbose); if (cm_tdbusm_get_as(rep, parent, &as) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); return as; } /* Send the specified, argument-less method call to the named object, and * return the array of paths from the response. */ static char ** query_rep_ap(enum cm_tdbus_type which, const char *path, const char *interface, const char *method, int verbose, void *parent) { DBusMessage *rep; char **ap; rep = query_rep(which, path, interface, method, verbose); if (cm_tdbusm_get_ap(rep, parent, &ap) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); return ap; } /* Send the specified, argument-less method call to the named object, and * return from two to four strings from the response. */ static void query_rep_sososos(enum cm_tdbus_type which, const char *path, const char *interface, const char *method, int verbose, void *parent, char **s1, char **s2, char **s3, char **s4) { DBusMessage *rep; rep = query_rep(which, path, interface, method, verbose); if (cm_tdbusm_get_sososos(rep, parent, s1, s2, s3, s4) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); } /* Send a query for the value of the specified property to the named object and * return the reply message. */ static DBusMessage * query_prop(enum cm_tdbus_type which, const char *path, const char *interface, const char *prop, int verbose) { DBusMessage *req; req = prep_req(which, path, DBUS_INTERFACE_PROPERTIES, "Get"); cm_tdbusm_set_ss(req, interface, prop); return send_req(req, verbose); } /* Read a string property. */ static char * query_prop_s(enum cm_tdbus_type which, const char *path, const char *interface, const char *prop, int verbose, void *parent) { DBusMessage *rep; char *s; rep = query_prop(which, path, interface, prop, verbose); if (cm_tdbusm_get_vs(rep, parent, &s) != 0) { s = ""; } dbus_message_unref(rep); return s; } /* Read an array-of-strings property. */ static char ** query_prop_as(enum cm_tdbus_type which, const char *path, const char *interface, const char *prop, int verbose, void *parent) { DBusMessage *rep; char **as; rep = query_prop(which, path, interface, prop, verbose); if (cm_tdbusm_get_as(rep, parent, &as) != 0) { as = NULL; } dbus_message_unref(rep); return as; } /* Read a numeric property. */ static long query_prop_n(enum cm_tdbus_type which, const char *path, const char *interface, const char *prop, int verbose, void *parent) { DBusMessage *rep; DBusMessage *res; long n; rep = prep_req(which, path, DBUS_INTERFACE_PROPERTIES, "Get"); cm_tdbusm_set_ss(rep, interface, prop); res = send_req(rep, verbose); if (cm_tdbusm_get_vn(res, parent, &n) != 0) { n = 0; } dbus_message_unref(res); return n; } /* Evaluate a single request's status. */ static int evaluate_status(const char *state, dbus_bool_t stuck) { if (strcmp(state, cm_store_state_as_string(CM_MONITORING)) == 0) { return CM_SUBMIT_STATUS_ISSUED; } if (strcmp(state, cm_store_state_as_string(CM_CA_REJECTED)) == 0) { return CM_SUBMIT_STATUS_REJECTED; } if (strcmp(state, cm_store_state_as_string(CM_CA_WORKING)) == 0) { return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } if (strcmp(state, cm_store_state_as_string(CM_CA_UNREACHABLE)) == 0) { return CM_SUBMIT_STATUS_UNREACHABLE; } if (stuck) { return CM_SUBMIT_STATUS_UNCONFIGURED; } return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } /* Read the status of a single request, and return a status value. */ static int waitfor(void *parent, enum cm_tdbus_type bus, const char *path, int timeout, int verbose) { DBusMessage *rep; char *state, *old_state = NULL; dbus_bool_t stuck; int i = 0; while (timeout != 0) { rep = query_rep(bus, path, CM_DBUS_REQUEST_INTERFACE, "get_status", verbose); if (cm_tdbusm_get_sb(rep, globals.tctx, &state, &stuck) != 0) { printf(_("Error parsing server response.\n")); exit(1); } if (verbose && ((old_state == NULL) || (strcmp(old_state, state) != 0))) { printf(_("State %s, stuck: %s.\n"), state, stuck ? "yes" : "no"); } if (strcmp(state, cm_store_state_as_string(CM_MONITORING)) == 0) { return CM_SUBMIT_STATUS_ISSUED; } if (strcmp(state, cm_store_state_as_string(CM_CA_REJECTED)) == 0) { return CM_SUBMIT_STATUS_REJECTED; } if (strcmp(state, cm_store_state_as_string(CM_CA_WORKING)) == 0) { return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } if (strcmp(state, cm_store_state_as_string(CM_CA_UNREACHABLE)) == 0) { return CM_SUBMIT_STATUS_UNREACHABLE; } if (stuck) { return CM_SUBMIT_STATUS_UNCONFIGURED; } old_state = talloc_strdup(parent, state); /* FIXME: we should be waiting for signals that the state * property has changed and then asking if we're stuck, not * just polling using a timer. But that would require a whole * event loop. */ usleep(125000); if (timeout > 0) { i++; if ((i % 8) == 0) { timeout--; i = 0; } } } return CM_SUBMIT_STATUS_WAIT; } /* Add a new request. */ static int request(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char subject_default[LINE_MAX]; char *nss_scheme, *dbdir = NULL, *token = NULL, *nickname = NULL; char *keytype = NULL, *keyfile = NULL, *certfile = NULL, *capath; char **anchor_dbs = NULL, **anchor_files = NULL; char *pin = NULL, *pinfile = NULL, *cpass = NULL, *cpassfile = NULL; int keysize = 0, auto_renew = 1, verbose = 0, ku = 0, kubit, c, i, j; char *ca = DEFAULT_CA, *subject = NULL, **eku = NULL, *oid, *id = NULL; char *profile = NULL, *issuer = NULL, kustring[16]; char *ms_template_spec = NULL; char **principal = NULL, **dns = NULL, **email = NULL, **ipaddr = NULL; char *key_owner = NULL, *key_perms = NULL; char *cert_owner = NULL, *cert_perms = NULL; char *nss_user = NULL; struct cm_tdbusm_dict param[52]; const struct cm_tdbusm_dict *params[51]; DBusMessage *req, *rep; int waitreq = 0, timeout = -1; int is_ca = 0, path_length = -1; dbus_bool_t b; char *p; krb5_context kctx; krb5_error_code kret; krb5_principal kprinc; char *krealm, *kuprinc, *precommand = NULL, *postcommand = NULL; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"dbdir", 'd', POPT_ARG_STRING, NULL, 'd', _("NSS database for key and cert"), HELP_TYPE_DIRECTORY}, {"nickname", 'n', POPT_ARG_STRING, NULL, 'n', _("nickname for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"token", 't', POPT_ARG_STRING, NULL, 't', _("optional token name for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"keyfile", 'k', POPT_ARG_STRING, NULL, 'k', _("PEM file for private key"), HELP_TYPE_FILENAME}, {"certfile", 'f', POPT_ARG_STRING, NULL, 'f', _("PEM file for certificate (only valid with -k)"), HELP_TYPE_FILENAME}, {"pinfile", 'p', POPT_ARG_STRING, NULL, 'p', _("file which holds the private key encryption PIN"), HELP_TYPE_FILENAME}, {"pin", 'P', POPT_ARG_STRING, NULL, 'P', _("private key encryption PIN"), NULL}, {"key-owner", 'o', POPT_ARG_STRING, NULL, 'o', _("owner information for private key"), HELP_TYPE_USER}, {"key-perms", 'm', POPT_ARG_STRING, NULL, 'm', _("file permissions for private key"), HELP_TYPE_MODE}, {"cert-owner", 'O', POPT_ARG_STRING, NULL, 'O', _("owner information for certificate"), HELP_TYPE_USER}, {"cert-perms", 'M', POPT_ARG_STRING, NULL, 'M', _("file permissions for certificate"), HELP_TYPE_MODE}, {"nss-user", 'Z', POPT_ARG_STRING, NULL, 'Z', _("user to save NSS private and public keys as"), HELP_TYPE_USER}, {"ca-dbdir", 'a', POPT_ARG_STRING, NULL, 'a', _("NSS database in which to store the CA's certificates"), HELP_TYPE_DIRECTORY}, {"ca-file", 'F', POPT_ARG_STRING, NULL, 'F', _("file in which to store the CA's certificates"), HELP_TYPE_FILENAME}, {"before-command", 'B', POPT_ARG_STRING, NULL, 'B', _("command to run before saving the certificate"), HELP_TYPE_COMMAND}, {"after-command", 'C', POPT_ARG_STRING, NULL, 'C', _("command to run after saving the certificate"), HELP_TYPE_COMMAND}, {"id", 'I', POPT_ARG_STRING, NULL, 'I', _("nickname to assign to the request"), HELP_TYPE_ID}, {"key-type", 'G', POPT_ARG_STRING, NULL, 'G', _("type of key to be generated if one is not already in place"), NULL}, {"key-size", 'g', POPT_ARG_STRING, NULL, 'g', _("size of key to be generated if one is not already in place"), HELP_TYPE_KEYSIZE}, {"renew", 'r', POPT_ARG_NONE, NULL, 'r', _("attempt to renew the certificate when expiration nears (default)"), NULL}, {"no-renew", 'R', POPT_ARG_NONE, NULL, 'R', _("don't attempt to renew the certificate when expiration nears"), NULL}, #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &ca, 0, _("use the specified CA configuration rather than the default"), HELP_TYPE_NAME}, #endif {"profile", 'T', POPT_ARG_STRING, NULL, 'T', _("ask the CA to process the request using the named profile or template"), HELP_TYPE_NAME}, {"ms-template-spec", 0, POPT_ARG_STRING, NULL, 'Y', _("include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])"), HELP_TYPE_NAME}, {"issuer", 'X', POPT_ARG_STRING, NULL, 'X', _("ask the CA to process the request using the named issuer"), HELP_TYPE_NAME}, {"subject-name", 'N', POPT_ARG_STRING, NULL, 'N', _("set requested subject name (default: CN=)"), HELP_TYPE_SUBJECT}, {"key-usage", 'u', POPT_ARG_STRING, NULL, 'u', _("set requested key usage value"), HELP_TYPE_KU}, {"extended-key-usage", 'U', POPT_ARG_STRING, NULL, 'U', _("set requested extended key usage OID"), HELP_TYPE_EKU}, {"principal", 'K', POPT_ARG_STRING, NULL, 'K', _("set requested principal name"), HELP_TYPE_PRINCIPAL}, {"dns", 'D', POPT_ARG_STRING, NULL, 'D', _("set requested DNS name"), HELP_TYPE_HOSTNAME}, {"email", 'E', POPT_ARG_STRING, NULL, 'E', _("set requested email address"), HELP_TYPE_EMAIL}, {"ip-address", 'A', POPT_ARG_STRING, NULL, 'A', _("set requested IP address"), HELP_TYPE_IP}, {"challenge-password-file", 'l', POPT_ARG_STRING, NULL, 'l', _("file which holds an optional challenge password value"), HELP_TYPE_FILENAME}, {"challenge-password", 'L', POPT_ARG_STRING, NULL, 'L', _("an optional challenge password value"), NULL}, {"for-ca", 0, POPT_ARG_VAL, &is_ca, 1, _("request a CA certificate"), NULL}, {"not-for-ca", 0, POPT_ARG_VAL, &is_ca, 0, _("request a non-CA certificate"), NULL}, {"ca-path-length", 0, POPT_ARG_INT, &path_length, 0, _("path length for CA certificate"), NULL}, {"wait", 'w', POPT_ARG_NONE, NULL, 'w', _("try to wait for the certificate to be issued"), NULL}, {"wait-timeout", 0, POPT_ARG_INT, &timeout, 0, _("maximum time to wait for the certificate to be issued"), NULL}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; memset(subject_default, '\0', sizeof(subject_default)); strcpy(subject_default, "CN="); if (gethostname(subject_default + 3, sizeof(subject_default) - 4) != 0) { strcpy(subject_default, "CN=localhost"); } subject = subject_default; kctx = NULL; if ((kret = krb5_init_context(&kctx)) != 0) { kctx = NULL; printf(_("Error initializing Kerberos library: %s.\n"), error_message(kret)); return 1; } krealm = NULL; if (krb5_get_default_realm(kctx, &krealm) != 0) { krealm = NULL; } if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "request"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 'd': nss_scheme = NULL; dbdir = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (dbdir != NULL)) { dbdir = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, dbdir); } break; case 't': token = talloc_strdup(globals.tctx, poptarg); break; case 'n': nickname = talloc_strdup(globals.tctx, poptarg); break; case 'k': keyfile = ensure_pem(globals.tctx, poptarg); break; case 'o': key_owner = talloc_strdup(globals.tctx, poptarg); break; case 'm': key_perms = talloc_strdup(globals.tctx, poptarg); break; case 'O': cert_owner = talloc_strdup(globals.tctx, poptarg); break; case 'M': cert_perms = talloc_strdup(globals.tctx, poptarg); break; case 'f': certfile = ensure_pem(globals.tctx, poptarg); break; case 'G': if ((strcasecmp(poptarg, "RSA") != 0) #ifdef CM_ENABLE_DSA && (strcasecmp(poptarg, "DSA") != 0) #endif #ifdef CM_ENABLE_EC && (strcasecmp(poptarg, "ECDSA") != 0) && (strcasecmp(poptarg, "EC") != 0) #endif ) { printf(_("No support for generating \"%s\" keys.\n"), poptarg); printf(_("Known key types include:")); printf(" RSA"); #ifdef CM_ENABLE_DSA printf(" DSA"); #endif #ifdef CM_ENABLE_EC printf(" EC"); #endif printf("\n"); return 1; } keytype = talloc_strdup(globals.tctx, poptarg); break; case 'g': keysize = atoi(poptarg); break; case 'I': id = talloc_strdup(globals.tctx, poptarg); break; case 'r': auto_renew++; break; case 'R': auto_renew = 0; break; case 'c': ca = talloc_strdup(globals.tctx, poptarg); break; case 'T': profile = talloc_strdup(globals.tctx, poptarg); break; case 'Y': ms_template_spec = talloc_strdup(globals.tctx, poptarg); break; case 'X': issuer = talloc_strdup(globals.tctx, poptarg); break; case 'Z': nss_user = talloc_strdup(globals.tctx, poptarg); break; case 'N': subject = talloc_strdup(globals.tctx, poptarg); break; case 'u': kubit = cm_ku_from_name(poptarg); if (kubit == -1) { printf(_("Unrecognized keyUsage \"%s\".\n"), poptarg); return 1; } ku |= (1 << kubit); break; case 'U': oid = cm_oid_from_name(globals.tctx, poptarg); if ((oid == NULL) || (strspn(oid, "0123456789.") != strlen(oid))) { printf(_("Could not evaluate OID \"%s\".\n"), poptarg); return 1; } add_string(globals.tctx, &eku, oid); break; case 'K': kprinc = NULL; if (strlen(poptarg) > 0) { if ((kret = krb5_parse_name(kctx, poptarg, &kprinc)) != 0) { printf(_("Error parsing Kerberos " "principal name \"%s\": " "%s.\n"), poptarg, error_message(kret)); return 1; } kuprinc = NULL; if ((kret = krb5_unparse_name(kctx, kprinc, &kuprinc)) != 0) { printf(_("Error unparsing Kerberos " "principal name \"%s\": " "%s.\n"), poptarg, error_message(kret)); return 1; } add_string(globals.tctx, &principal, kuprinc); krb5_free_principal(kctx, kprinc); } else { add_string(globals.tctx, &principal, ""); } break; case 'D': add_string(globals.tctx, &dns, poptarg); break; case 'E': add_string(globals.tctx, &email, poptarg); break; case 'A': add_string(globals.tctx, &ipaddr, poptarg); break; case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'p': pinfile = talloc_strdup(globals.tctx, poptarg); break; case 'P': pin = talloc_strdup(globals.tctx, poptarg); break; case 'l': cpassfile = talloc_strdup(globals.tctx, poptarg); break; case 'L': cpass = talloc_strdup(globals.tctx, poptarg); break; case 'B': precommand = talloc_strdup(globals.tctx, poptarg); break; case 'C': postcommand = talloc_strdup(globals.tctx, poptarg); break; case 'a': p = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (p != NULL)) { p = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, p); } if (p != NULL) { add_string(globals.tctx, &anchor_dbs, p); } else { fprintf(stderr, _("%s: invalid value -- '%s'\n"), "request", poptarg); help(argv0, "request"); return 1; } break; case 'F': add_string(globals.tctx, &anchor_files, ensure_pem(globals.tctx, poptarg)); break; case 'w': waitreq++; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; default: if (c == ':') { fprintf(stderr, _("%s: option requires an argument -- '%c'\n"), "request", optopt); } else { fprintf(stderr, _("%s: invalid option -- '%c'\n"), "request", optopt); } help(argv0, "request"); return 1; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "request"); return 1; } if (poptPeekArg(pctx) != NULL) { while (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra argument \"%s\".\n"), poptGetArg(pctx)); } printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "request"); return 1; } if (((dbdir != NULL) && (nickname == NULL)) || ((dbdir == NULL) && (nickname != NULL))) { printf(_("Database location or nickname specified " "without the other.\n")); help(argv0, "request"); return 1; } if ((dbdir != NULL) && (certfile != NULL)) { printf(_("Database directory and certificate file " "both specified.\n")); help(argv0, "request"); return 1; } if ((dbdir == NULL) && (nickname == NULL) && (certfile == NULL)) { printf(_("None of database directory and nickname or " "certificate file specified.\n")); help(argv0, "request"); return 1; } if ((certfile != NULL) && (keyfile != NULL) && (strcmp(certfile, keyfile) == 0)) { printf(_("Key and certificate can not both be saved to the " "same file.\n")); help(argv0, "request"); return 1; } prep_bus(bus, "request", verbose, argc, argv); i = 0; /* If the caller supplied _no_ naming information, substitute our own * defaults. */ if ((subject == subject_default) && (eku == NULL) && (principal == NULL) && (dns == NULL) && (email == NULL) && (ipaddr == NULL)) { add_string(globals.tctx, &eku, "id-kp-serverAuth"); if (krealm != NULL) { add_string(globals.tctx, &principal, talloc_asprintf(globals.tctx, "host/%s@%s", subject + 3, krealm)); } add_string(globals.tctx, &dns, subject + 3); } #ifdef WITH_IPA if ((ca != NULL) && (strcmp(ca, "IPA") == 0)) { if (principal == NULL) { printf(_("The IPA backend requires the use of the -K option (principal name) when any of the -N (subject name), -E (email address), -A (IP address), -D (DNS name), or -U (extendedKeyUsage) options is used.\n")); help(argv0, "request"); return 1; } } #endif if ((dbdir != NULL) && (nickname != NULL)) { param[i].key = "KEY_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "NSSDB"; params[i] = ¶m[i]; i++; param[i].key = "KEY_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = dbdir; params[i] = ¶m[i]; i++; param[i].key = "KEY_NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nickname; params[i] = ¶m[i]; i++; if (token != NULL) { param[i].key = "KEY_TOKEN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = token; params[i] = ¶m[i]; i++; } param[i].key = "CERT_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "NSSDB"; params[i] = ¶m[i]; i++; param[i].key = "CERT_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = dbdir; params[i] = ¶m[i]; i++; param[i].key = "CERT_NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nickname; params[i] = ¶m[i]; i++; if (token != NULL) { param[i].key = "CERT_TOKEN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = token; params[i] = ¶m[i]; i++; } } else if (certfile != NULL) { if (keyfile != NULL) { param[i].key = "KEY_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "FILE"; params[i] = ¶m[i]; i++; param[i].key = "KEY_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = keyfile; params[i] = ¶m[i]; i++; } else { param[i].key = "KEY_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "NONE"; params[i] = ¶m[i]; i++; } param[i].key = "CERT_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "FILE"; params[i] = ¶m[i]; i++; param[i].key = "CERT_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = certfile; params[i] = ¶m[i]; i++; } if (pin != NULL) { param[i].key = "KEY_PIN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pin; params[i] = ¶m[i]; i++; } if (pinfile != NULL) { param[i].key = "KEY_PIN_FILE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pinfile; params[i] = ¶m[i]; i++; } if (cpass != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpass; params[i] = ¶m[i]; i++; } if (cpassfile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpassfile; params[i] = ¶m[i]; i++; } param[i].key = CM_DBUS_PROP_TEMPLATE_IS_CA; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = is_ca; params[i] = ¶m[i]; i++; param[i].key = CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = path_length; params[i] = ¶m[i]; i++; param[i].key = "TRACK"; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = TRUE; params[i] = ¶m[i]; i++; param[i].key = "RENEW"; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = auto_renew > 0; params[i] = ¶m[i]; i++; if (key_owner != NULL) { param[i].key = CM_DBUS_PROP_KEY_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = key_owner; params[i] = ¶m[i]; i++; } if (key_perms != NULL) { param[i].key = CM_DBUS_PROP_KEY_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(key_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (cert_owner != NULL) { param[i].key = CM_DBUS_PROP_CERT_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cert_owner; params[i] = ¶m[i]; i++; } if (cert_perms != NULL) { param[i].key = CM_DBUS_PROP_CERT_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(cert_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (nss_user != NULL) { param[i].key = CM_DBUS_PROP_NSS_USER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nss_user; params[i] = ¶m[i]; i++; } if (keytype != NULL) { param[i].key = "KEY_TYPE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = keytype; params[i] = ¶m[i]; i++; } if (keysize > 0) { param[i].key = "KEY_SIZE"; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = keysize; params[i] = ¶m[i]; i++; } if (id != NULL) { param[i].key = "NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = id; params[i] = ¶m[i]; i++; } if (ca != NULL) { capath = find_ca_by_name(globals.tctx, bus, ca, verbose); if (capath == NULL) { printf(_("No CA with name \"%s\" found.\n"), ca); return 1; } param[i].key = "CA"; param[i].value_type = cm_tdbusm_dict_p; param[i].value.s = capath; params[i] = ¶m[i]; i++; } else { capath = NULL; } param[i].key = CM_DBUS_PROP_TEMPLATE_SUBJECT; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = subject; params[i] = ¶m[i]; i++; if (principal != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PRINCIPAL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = principal; params[i] = ¶m[i]; i++; } if (dns != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_HOSTNAME; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = dns; params[i] = ¶m[i]; i++; } if (email != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_EMAIL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = email; params[i] = ¶m[i]; i++; } if (ipaddr != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_IP_ADDRESS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = ipaddr; params[i] = ¶m[i]; i++; } if (ku != 0) { for (j = 0; (ku >> j) != 0; j++) { kustring[j] = ((ku >> j) & 1) ? '1' : '0'; } kustring[j] = '\0'; param[i].key = CM_DBUS_PROP_TEMPLATE_KU; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = kustring; params[i] = ¶m[i]; i++; } if (eku != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_EKU; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = eku; params[i] = ¶m[i]; i++; } if (profile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PROFILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = profile; params[i] = ¶m[i]; i++; } if (ms_template_spec != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = ms_template_spec; params[i] = ¶m[i]; i++; } if (issuer != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_ISSUER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = issuer; params[i] = ¶m[i]; i++; } if (precommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = precommand; params[i] = ¶m[i]; i++; } if (postcommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_POSTSAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = postcommand; params[i] = ¶m[i]; i++; } if (anchor_files != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_FILES; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_files; params[i] = ¶m[i]; i++; } if (anchor_dbs != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_NSSDBS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_dbs; params[i] = ¶m[i]; i++; } params[i] = NULL; req = prep_req(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "add_request"); if (cm_tdbusm_set_d(req, params) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_bp(rep, globals.tctx, &b, &p) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (b) { nickname = find_request_name(globals.tctx, bus, p, verbose); printf(_("New signing request \"%s\" added.\n"), nickname ? nickname : p); if (waitreq) { return waitfor(globals.tctx, bus, p, timeout, verbose); } } else { printf(_("New signing request could not be added.\n")); exit(1); } return 0; } static char * find_request_name(void *parent, enum cm_tdbus_type bus, const char *path, int verbose) { return query_rep_s(bus, path, CM_DBUS_REQUEST_INTERFACE, "get_nickname", verbose, parent); } static char * find_ca_name(void *parent, enum cm_tdbus_type bus, const char *path, int verbose) { return query_rep_s(bus, path, CM_DBUS_CA_INTERFACE, "get_nickname", verbose, parent); } static char * find_request_by_name(void *parent, enum cm_tdbus_type bus, const char *name, int verbose) { char **requests; int i, which; char *thisname; requests = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_requests", verbose, globals.tctx); which = -1; for (i = 0; (requests != NULL) && (requests[i] != NULL); i++) { thisname = find_request_name(parent, bus, requests[i], verbose); if (thisname != NULL) { if (strcasecmp(name, thisname) == 0) { which = i; } talloc_free(thisname); } } if (which != -1) { return requests[which]; } return NULL; } static const char * find_request_by_storage(void *parent, enum cm_tdbus_type bus, const char *dbdir, const char *nickname, const char *token, const char *certfile, int verbose) { char **requests; int i, which; char *cert_stype, *cert_sloc, *cert_nick, *cert_tok; requests = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_requests", verbose, globals.tctx); which = -1; for (i = 0; (requests != NULL) && (requests[i] != NULL); i++) { query_rep_sososos(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_cert_storage_info", verbose, parent, &cert_stype, &cert_sloc, &cert_nick, &cert_tok); if (strcasecmp(cert_stype, "NSSDB") == 0) { if (dbdir == NULL) { continue; } if ((cert_sloc == NULL) || (strcmp(dbdir, cert_sloc) != 0)) { continue; } if (nickname == NULL) { continue; } if ((cert_nick == NULL) || (strcmp(nickname, cert_nick) != 0)) { continue; } if ((token != NULL) && ((cert_tok == NULL) || (strcmp(token, cert_tok) != 0))) { continue; } } else if (strcasecmp(cert_stype, "FILE") == 0) { if (certfile == NULL) { continue; } if (strcmp(certfile, cert_sloc) != 0) { continue; } } if (which != -1) { /* Multiple matches? We have to give up. */ return NULL; } which = i; } if (which != -1) { return requests[which]; } return NULL; } static char * find_ca_by_name(void *parent, enum cm_tdbus_type bus, const char *name, int verbose) { char **cas; int i, which; char *thisname; cas = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_known_cas", verbose, globals.tctx); which = -1; for (i = 0; (cas != NULL) && (cas[i] != NULL); i++) { thisname = find_ca_name(parent, bus, cas[i], verbose); if (thisname != NULL) { if (strcasecmp(name, thisname) == 0) { which = i; } talloc_free(thisname); } } if (which != -1) { return cas[which]; } return NULL; } static int add_basic_request(enum cm_tdbus_type bus, char *id, char *dbdir, char *nickname, char *token, char *keyfile, char *certfile, char *key_owner, char *cert_owner, char *key_perms, char *cert_perms, char *nss_user, char *pin, char *pinfile, char *cpass, char *cpassfile, char *ca, char *profile, char *issuer, char *ms_template_spec, char **principal, char *precommand, char *postcommand, char **anchor_dbs, char **anchor_files, int is_ca, int path_length, dbus_bool_t auto_renew_stop, int waitreq, int timeout, int verbose) { DBusMessage *req, *rep; int i; struct cm_tdbusm_dict param[32]; const struct cm_tdbusm_dict *params[32]; dbus_bool_t b; const char *capath; char *p; i = 0; if (id != NULL) { param[i].key = "NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = id; params[i] = ¶m[i]; i++; } if ((dbdir != NULL) && (nickname != NULL)) { param[i].key = "KEY_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "NSSDB"; params[i] = ¶m[i]; i++; param[i].key = "KEY_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = dbdir; params[i] = ¶m[i]; i++; param[i].key = "KEY_NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nickname; params[i] = ¶m[i]; i++; if (token != NULL) { param[i].key = "KEY_TOKEN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = token; params[i] = ¶m[i]; i++; } param[i].key = "CERT_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "NSSDB"; params[i] = ¶m[i]; i++; param[i].key = "CERT_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = dbdir; params[i] = ¶m[i]; i++; param[i].key = "CERT_NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nickname; params[i] = ¶m[i]; i++; if (token != NULL) { param[i].key = "CERT_TOKEN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = token; params[i] = ¶m[i]; i++; } if (nss_user != NULL) { param[i].key = CM_DBUS_PROP_NSS_USER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nss_user; params[i] = ¶m[i]; i++; } } else if (certfile != NULL) { if (keyfile != NULL) { param[i].key = "KEY_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "FILE"; params[i] = ¶m[i]; i++; param[i].key = "KEY_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = keyfile; params[i] = ¶m[i]; i++; } param[i].key = "CERT_STORAGE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = "FILE"; params[i] = ¶m[i]; i++; param[i].key = "CERT_LOCATION"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = certfile; params[i] = ¶m[i]; i++; } if (pin != NULL) { param[i].key = "KEY_PIN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pin; params[i] = ¶m[i]; i++; } if (pinfile != NULL) { param[i].key = "KEY_PIN_FILE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pinfile; params[i] = ¶m[i]; i++; } if (key_owner != NULL) { param[i].key = CM_DBUS_PROP_KEY_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = key_owner; params[i] = ¶m[i]; i++; } if (key_perms != NULL) { param[i].key = CM_DBUS_PROP_KEY_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(key_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (cert_owner != NULL) { param[i].key = CM_DBUS_PROP_CERT_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cert_owner; params[i] = ¶m[i]; i++; } if (cert_perms != NULL) { param[i].key = CM_DBUS_PROP_CERT_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(cert_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (cpass != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpass; params[i] = ¶m[i]; i++; } if (cpassfile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpassfile; params[i] = ¶m[i]; i++; } param[i].key = CM_DBUS_PROP_TEMPLATE_IS_CA; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = is_ca; params[i] = ¶m[i]; i++; param[i].key = CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = path_length; params[i] = ¶m[i]; i++; param[i].key = "TRACK"; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = TRUE; params[i] = ¶m[i]; i++; param[i].key = "RENEW"; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = !auto_renew_stop; params[i] = ¶m[i]; i++; if (profile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PROFILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = profile; params[i] = ¶m[i]; i++; } if (ms_template_spec != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = ms_template_spec; params[i] = ¶m[i]; i++; } if (principal != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PRINCIPAL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = principal; params[i] = ¶m[i]; i++; } if (issuer != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_ISSUER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = issuer; params[i] = ¶m[i]; i++; } if (precommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = precommand; params[i] = ¶m[i]; i++; } if (postcommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_POSTSAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = postcommand; params[i] = ¶m[i]; i++; } if (ca != NULL) { capath = find_ca_by_name(globals.tctx, bus, ca, verbose); if (capath == NULL) { printf(_("No CA with name \"%s\" found.\n"), ca); return 1; } param[i].key = "CA"; param[i].value_type = cm_tdbusm_dict_p; param[i].value.s = talloc_strdup(globals.tctx, capath); params[i] = ¶m[i]; i++; } else { capath = NULL; } if (anchor_files != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_FILES; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_files; params[i] = ¶m[i]; i++; } if (anchor_dbs != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_NSSDBS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_dbs; params[i] = ¶m[i]; i++; } params[i] = NULL; req = prep_req(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "add_request"); if (cm_tdbusm_set_d(req, params) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_bp(rep, globals.tctx, &b, &p) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (b) { nickname = find_request_name(globals.tctx, bus, p, verbose); printf(_("New tracking request \"%s\" added.\n"), nickname ? nickname : p); if (waitreq) { return waitfor(globals.tctx, bus, p, timeout, verbose); } return 0; } else { printf(_("New tracking request could not be added.\n")); return 1; } } static int set_tracking(const char *argv0, const char *category, int argc, const char **argv, dbus_bool_t track) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; DBusMessage *req, *rep; const char *request, *capath; struct cm_tdbusm_dict param[29]; const struct cm_tdbusm_dict *params[30]; char *nss_scheme, *dbdir = NULL, *token = NULL, *nickname = NULL; char **anchor_dbs = NULL, **anchor_files = NULL; char *id = NULL, *new_id = NULL, *new_request; char *keyfile = NULL, *certfile = NULL, *ca = DEFAULT_CA; char *profile = NULL, *issuer = NULL; char *ms_template_spec = NULL; char *pin = NULL, *pinfile = NULL, *cpass = NULL, *cpassfile = NULL; char *key_owner = NULL, *key_perms = NULL; char *nss_user = NULL; char *cert_owner = NULL, *cert_perms = NULL; dbus_bool_t b; char *p; int c, auto_renew_start = 0, auto_renew_stop = 0, verbose = 0, i, j; int ku = 0, kubit, waitreq = 0, timeout = -1; int is_ca = 0, path_length = -1; char **eku = NULL, *oid, kustring[16]; char **principal = NULL, **dns = NULL, **email = NULL, **ipaddr = NULL; krb5_context kctx; krb5_error_code kret; krb5_principal kprinc; char *krealm, *kuprinc; char *precommand = NULL, *postcommand = NULL; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"dbdir", 'd', POPT_ARG_STRING, NULL, 'd', _("NSS database for key and cert"), HELP_TYPE_DIRECTORY}, {"nickname", 'n', POPT_ARG_STRING, NULL, 'n', _("nickname for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"token", 't', POPT_ARG_STRING, NULL, 't', _("optional token name for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"keyfile", 'k', POPT_ARG_STRING, NULL, 'k', _("PEM file for private key (only valid with -f)"), HELP_TYPE_FILENAME}, {"certfile", 'f', POPT_ARG_STRING, NULL, 'f', _("PEM file for certificate"), HELP_TYPE_FILENAME}, {"pinfile", 'p', POPT_ARG_STRING, NULL, 'p', _("file which holds the private key encryption PIN"), HELP_TYPE_FILENAME}, {"pin", 'P', POPT_ARG_STRING, NULL, 'P', _("private key encryption PIN"), NULL}, {"key-owner", 'o', POPT_ARG_STRING, NULL, 'o', _("owner information for private key"), HELP_TYPE_USER}, {"key-perms", 'm', POPT_ARG_STRING, NULL, 'm', _("file permissions for private key"), HELP_TYPE_MODE}, {"cert-owner", 'O', POPT_ARG_STRING, NULL, 'O', _("owner information for certificate"), HELP_TYPE_USER}, {"cert-perms", 'M', POPT_ARG_STRING, NULL, 'M', _("file permissions for certificate"), HELP_TYPE_MODE}, {"nss-user", 'Z', POPT_ARG_STRING, NULL, 'Z', _("user to save NSS private and public keys as"), HELP_TYPE_USER}, {"ca-dbdir", 'a', POPT_ARG_STRING, NULL, 'a', _("NSS database in which to store the CA's certificates"), HELP_TYPE_DIRECTORY}, {"ca-file", 'F', POPT_ARG_STRING, NULL, 'F', _("file in which to store the CA's certificates"), HELP_TYPE_FILENAME}, {"before-command", 'B', POPT_ARG_STRING, NULL, 'B', _("command to run before saving the certificate"), HELP_TYPE_COMMAND}, {"after-command", 'C', POPT_ARG_STRING, NULL, 'C', _("command to run after saving the certificate"), HELP_TYPE_COMMAND}, {"id", 'i', POPT_ARG_STRING, NULL, 'i', _("nickname of an existing request"), HELP_TYPE_ID}, {"new-id", 'I', POPT_ARG_STRING, NULL, 'I', _("nickname to give to tracking request"), HELP_TYPE_ID}, {"renew", 'r', POPT_ARG_NONE, NULL, 'r', _("attempt to renew the certificate when expiration nears (default)"), NULL}, {"no-renew", 'R', POPT_ARG_NONE, NULL, 'R', _("don't attempt to renew the certificate when expiration nears"), NULL}, #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &ca, 0, _("use the specified CA configuration rather than the default"), HELP_TYPE_NAME}, #endif {"profile", 'T', POPT_ARG_STRING, NULL, 'T', _("ask the CA to process the request using the named profile or template"), HELP_TYPE_NAME}, {"ms-template-spec", 0, POPT_ARG_STRING, NULL, 'Y', _("include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])"), HELP_TYPE_NAME}, {"issuer", 'X', POPT_ARG_STRING, NULL, 'X', _("ask the CA to process the request using the named issuer"), HELP_TYPE_NAME}, {"key-usage", 'u', POPT_ARG_STRING, NULL, 'u', _("override requested key usage value"), HELP_TYPE_KU}, {"extended-key-usage", 'U', POPT_ARG_STRING, NULL, 'U', _("override requested extended key usage OID"), HELP_TYPE_EKU}, {"principal", 'K', POPT_ARG_STRING, NULL, 'K', _("override requested principal name"), HELP_TYPE_PRINCIPAL}, {"dns", 'D', POPT_ARG_STRING, NULL, 'D', _("override requested DNS name"), HELP_TYPE_HOSTNAME}, {"email", 'E', POPT_ARG_STRING, NULL, 'E', _("override requested email address"), HELP_TYPE_EMAIL}, {"ip-address", 'A', POPT_ARG_STRING, NULL, 'A', _("override requested IP address"), HELP_TYPE_IP}, {"challenge-password-file", 'l', POPT_ARG_STRING, NULL, 'l', _("file which holds an optional challenge password value"), HELP_TYPE_FILENAME}, {"challenge-password", 'L', POPT_ARG_STRING, NULL, 'L', _("an optional challenge password value"), NULL}, {"for-ca", 0, POPT_ARG_VAL, &is_ca, 1, _("request a CA certificate"), NULL}, {"not-for-ca", 0, POPT_ARG_VAL, &is_ca, 0, _("request a non-CA certificate"), NULL}, {"ca-path-length", 0, POPT_ARG_INT, &path_length, 0, _("path length for CA certificate"), NULL}, {"wait", 'w', POPT_ARG_NONE, NULL, 'w', _("try to wait for the certificate to be issued"), NULL}, {"wait-timeout", 0, POPT_ARG_INT, &timeout, 0, _("maximum time to wait for the certificate to be issued"), NULL}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; kctx = NULL; if ((kret = krb5_init_context(&kctx)) != 0) { kctx = NULL; printf(_("Error initializing Kerberos library: %s.\n"), error_message(kret)); return 1; } krealm = NULL; if (krb5_get_default_realm(kctx, &krealm) != 0) { krealm = NULL; } if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, category); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 'd': nss_scheme = NULL; dbdir = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (dbdir != NULL)) { dbdir = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, dbdir); } break; case 't': token = talloc_strdup(globals.tctx, poptarg); break; case 'n': nickname = talloc_strdup(globals.tctx, poptarg); break; case 'k': keyfile = ensure_pem(globals.tctx, poptarg); break; case 'f': certfile = ensure_pem(globals.tctx, poptarg); break; case 'o': key_owner = talloc_strdup(globals.tctx, poptarg); break; case 'm': key_perms = talloc_strdup(globals.tctx, poptarg); break; case 'O': cert_owner = talloc_strdup(globals.tctx, poptarg); break; case 'M': cert_perms = talloc_strdup(globals.tctx, poptarg); break; case 'r': if (track) { auto_renew_start++; } else { help(argv0, category); return 1; } break; case 'R': if (track) { auto_renew_stop++; } else { help(argv0, category); return 1; } break; case 'c': if (track) { ca = talloc_strdup(globals.tctx, poptarg); } else { help(argv0, category); return 1; } break; case 'T': profile = talloc_strdup(globals.tctx, poptarg); break; case 'Y': ms_template_spec = talloc_strdup(globals.tctx, poptarg); break; case 'X': issuer = talloc_strdup(globals.tctx, poptarg); break; case 'Z': nss_user = talloc_strdup(globals.tctx, poptarg); break; case 'i': id = talloc_strdup(globals.tctx, poptarg); break; case 'I': new_id = talloc_strdup(globals.tctx, poptarg); break; case 'u': kubit = cm_ku_from_name(poptarg); if (kubit == -1) { printf(_("Unrecognized keyUsage \"%s\".\n"), poptarg); return 1; } ku |= (1 << kubit); break; case 'U': oid = cm_oid_from_name(globals.tctx, poptarg); if ((oid == NULL) || (strspn(oid, "0123456789.") != strlen(oid))) { printf(_("Could not evaluate OID \"%s\".\n"), poptarg); return 1; } add_string(globals.tctx, &eku, oid); break; case 'K': kprinc = NULL; if (strlen(poptarg) > 0) { if ((kret = krb5_parse_name(kctx, poptarg, &kprinc)) != 0) { printf(_("Error parsing Kerberos " "principal name \"%s\": " "%s.\n"), poptarg, error_message(kret)); return 1; } kuprinc = NULL; if ((kret = krb5_unparse_name(kctx, kprinc, &kuprinc)) != 0) { printf(_("Error unparsing Kerberos " "principal name \"%s\": " "%s.\n"), poptarg, error_message(kret)); return 1; } add_string(globals.tctx, &principal, kuprinc); krb5_free_principal(kctx, kprinc); } else { add_string(globals.tctx, &principal, ""); } break; case 'D': add_string(globals.tctx, &dns, poptarg); break; case 'E': add_string(globals.tctx, &email, poptarg); break; case 'A': add_string(globals.tctx, &ipaddr, poptarg); break; case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'p': pinfile = talloc_strdup(globals.tctx, poptarg); break; case 'P': pin = talloc_strdup(globals.tctx, poptarg); break; case 'l': cpassfile = talloc_strdup(globals.tctx, poptarg); break; case 'L': cpass = talloc_strdup(globals.tctx, poptarg); break; case 'B': precommand = talloc_strdup(globals.tctx, poptarg); break; case 'C': postcommand = talloc_strdup(globals.tctx, poptarg); break; case 'a': p = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (p != NULL)) { p = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, p); } if (p != NULL) { add_string(globals.tctx, &anchor_dbs, p); } else { fprintf(stderr, _("%s: invalid value -- '%s'\n"), "request", poptarg); help(argv0, "request"); return 1; } break; case 'F': add_string(globals.tctx, &anchor_files, ensure_pem(globals.tctx, poptarg)); break; case 'w': if (track) { waitreq++; } else { help(argv0, category); return 1; } break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; default: if (c == ':') { fprintf(stderr, _("%s: option requires an argument -- '%c'\n"), category, optopt); } else { fprintf(stderr, _("%s: invalid option -- '%c'\n"), category, optopt); } help(argv0, category); return 1; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, category); return 1; } krb5_free_context(kctx); if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, category); return 1; } if (((dbdir != NULL) && (nickname == NULL)) || ((dbdir == NULL) && (nickname != NULL))) { printf(_("Database location or nickname specified " "without the other.\n")); help(argv0, category); return 1; } if ((dbdir != NULL) && (certfile != NULL)) { printf(_("Database directory and certificate file " "both specified.\n")); help(argv0, category); return 1; } if ((id == NULL) && (dbdir == NULL) && (nickname == NULL) && (certfile == NULL)) { printf(_("None of ID or database directory and nickname or " "certificate file specified.\n")); help(argv0, category); return 1; } if ((certfile != NULL) && (keyfile != NULL) && (strcmp(certfile, keyfile) == 0)) { printf(_("Key and certificate can not both be saved to the " "same file.\n")); help(argv0, category); return 1; } prep_bus(bus, category, verbose, argc, argv); if (id != NULL) { request = find_request_by_name(globals.tctx, bus, id, verbose); } else { request = find_request_by_storage(globals.tctx, bus, dbdir, nickname, token, certfile, verbose); } if (track) { if (request != NULL) { /* Modify settings for an existing request. */ i = 0; param[i].key = "TRACK"; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = TRUE; params[i] = ¶m[i]; i++; if (auto_renew_start || auto_renew_stop) { param[i].key = "RENEW"; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = auto_renew_start > 0; params[i] = ¶m[i]; i++; } if (principal != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PRINCIPAL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = principal; params[i] = ¶m[i]; i++; } if (dns != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_HOSTNAME; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = dns; params[i] = ¶m[i]; i++; } if (email != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_EMAIL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = email; params[i] = ¶m[i]; i++; } if (ipaddr != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_IP_ADDRESS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = ipaddr; params[i] = ¶m[i]; i++; } if (ku != 0) { for (j = 0; (ku >> j) != 0; j++) { kustring[j] = ((ku >> j) & 1) ? '1' : '0'; } kustring[j] = '\0'; param[i].key = CM_DBUS_PROP_TEMPLATE_KU; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = kustring; params[i] = ¶m[i]; i++; } if (eku != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_EKU; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = eku; params[i] = ¶m[i]; i++; } if (new_id != NULL) { param[i].key = "NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = new_id; params[i] = ¶m[i]; i++; } if (key_owner != NULL) { param[i].key = CM_DBUS_PROP_KEY_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = key_owner; params[i] = ¶m[i]; i++; } if (key_perms != NULL) { param[i].key = CM_DBUS_PROP_KEY_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(key_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (cert_owner != NULL) { param[i].key = CM_DBUS_PROP_CERT_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cert_owner; params[i] = ¶m[i]; i++; } if (cert_perms != NULL) { param[i].key = CM_DBUS_PROP_CERT_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(cert_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (nss_user != NULL) { param[i].key = CM_DBUS_PROP_NSS_USER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nss_user; params[i] = ¶m[i]; i++; } if (pin != NULL) { param[i].key = "KEY_PIN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pin; params[i] = ¶m[i]; i++; } if (pinfile != NULL) { param[i].key = "KEY_PIN_FILE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pinfile; params[i] = ¶m[i]; i++; } if (ca != NULL) { capath = find_ca_by_name(globals.tctx, bus, ca, verbose); if (capath == NULL) { printf(_("No CA with name \"%s\" " "found.\n"), ca); return 1; } param[i].key = "CA"; param[i].value_type = cm_tdbusm_dict_p; param[i].value.s = talloc_strdup(globals.tctx, capath); params[i] = ¶m[i]; i++; } else { capath = NULL; } if (cpass != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpass; params[i] = ¶m[i]; i++; } if (cpassfile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpassfile; params[i] = ¶m[i]; i++; } param[i].key = CM_DBUS_PROP_TEMPLATE_IS_CA; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = is_ca; params[i] = ¶m[i]; i++; param[i].key = CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = path_length; params[i] = ¶m[i]; i++; if (profile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PROFILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = profile; params[i] = ¶m[i]; i++; } if (precommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = precommand; params[i] = ¶m[i]; i++; } if (postcommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_POSTSAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = postcommand; params[i] = ¶m[i]; i++; } if (anchor_files != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_FILES; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_files; params[i] = ¶m[i]; i++; } if (anchor_dbs != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_NSSDBS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_dbs; params[i] = ¶m[i]; i++; } params[i] = NULL; req = prep_req(bus, request, CM_DBUS_REQUEST_INTERFACE, "modify"); if (cm_tdbusm_set_d(req, params) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_bp(rep, globals.tctx, &b, &new_request) != 0) { printf(_("Error parsing server response.\n")); exit(1); } request = new_request; dbus_message_unref(rep); nickname = find_request_name(globals.tctx, bus, request, verbose); if (b) { printf(_("Request \"%s\" modified.\n"), nickname ? nickname : request); return 0; } else { printf(_("Request \"%s\" could not be " "modified.\n"), nickname ? nickname : request); return 1; } } else { /* Add a new request. */ if (id != NULL) { printf(_("No request found with specified " "nickname.\n")); help(argv0, category); return 1; } if (((dbdir != NULL) && (nickname == NULL)) || ((dbdir == NULL) && (nickname != NULL))) { printf(_("Database location or nickname " "specified without the other.\n")); help(argv0, category); return 1; } if ((dbdir != NULL) && (certfile != NULL)) { printf(_("Database directory and certificate " "file both specified.\n")); help(argv0, category); return 1; } if ((dbdir == NULL) && (nickname == NULL) && (certfile == NULL)) { printf(_("None of database directory and " "nickname or certificate file " "specified.\n")); help(argv0, category); return 1; } return add_basic_request(bus, new_id, dbdir, nickname, token, keyfile, certfile, key_owner, cert_owner, key_perms, cert_perms, nss_user, pin, pinfile, cpass, cpassfile, ca, profile, issuer, ms_template_spec, principal, precommand, postcommand, anchor_dbs, anchor_files, is_ca, path_length, (auto_renew_stop > 0), waitreq, timeout, verbose); } } else { /* Drop a request. */ if ((request == NULL) && (id == NULL) && (dbdir == NULL) && (nickname == NULL) && (certfile == NULL)) { help(argv0, category); return 1; } if (request == NULL) { printf(_("No request found that matched arguments.\n")); return 1; } nickname = find_request_name(globals.tctx, bus, request, verbose); req = prep_req(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "remove_request"); if (cm_tdbusm_set_p(req, request) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_b(rep, globals.tctx, &b) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (b) { printf(_("Request \"%s\" removed.\n"), nickname ? nickname : request); return 0; } else { printf(_("Request \"%s\" could not be removed.\n"), nickname ? nickname : request); return 1; } } } static int start_tracking(const char *argv0, int argc, const char **argv) { return set_tracking(argv0, "start-tracking", argc, argv, TRUE); } static int stop_tracking(const char *argv0, int argc, const char **argv) { return set_tracking(argv0, "stop-tracking", argc, argv, FALSE); } static int rekey_or_resubmit(const char *argv0, const char *category, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; DBusMessage *req, *rep; const char *request; char *capath; struct cm_tdbusm_dict param[32]; const struct cm_tdbusm_dict *params[33]; char *dbdir = NULL, *token = NULL, *nickname = NULL, *certfile = NULL; char **anchor_dbs = NULL, **anchor_files = NULL; char *pin = NULL, *pinfile = NULL, *cpass = NULL, *cpassfile = NULL; char *id = NULL, *new_id = NULL, *ca = NULL, *new_request, *nss_scheme; char *subject = NULL, **eku = NULL, *oid = NULL; char **principal = NULL, **dns = NULL, **email = NULL, **ipaddr = NULL; char *profile = NULL, *issuer = NULL, kustring[16]; char *ms_template_spec = NULL; char *key_owner = NULL, *key_perms = NULL; char *cert_owner = NULL, *cert_perms = NULL; char *nss_user = NULL; char *keytype = NULL; int keysize = 0; dbus_bool_t b; char *p; int verbose = 0, ku = 0, kubit, c, i, j, waitreq = 0, timeout = -1; int is_ca = 0, path_length = -1; krb5_context kctx; krb5_error_code kret; krb5_principal kprinc; char *kuprinc, *precommand = NULL, *postcommand = NULL; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"dbdir", 'd', POPT_ARG_STRING, NULL, 'd', _("NSS database for key and cert"), HELP_TYPE_DIRECTORY}, {"nickname", 'n', POPT_ARG_STRING, NULL, 'n', _("nickname for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"token", 't', POPT_ARG_STRING, NULL, 't', _("optional token name for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"certfile", 'f', POPT_ARG_STRING, NULL, 'f', _("PEM file for certificate"), HELP_TYPE_FILENAME}, {"id", 'i', POPT_ARG_STRING, NULL, 'i', _("nickname for tracking request"), HELP_TYPE_ID}, {"new-id", 'I', POPT_ARG_STRING, NULL, 'I', _("new nickname to give to tracking request"), HELP_TYPE_ID}, {"key-type", 'G', POPT_ARG_STRING, NULL, 'G', _("type of new key to be generated"), NULL}, {"key-size", 'g', POPT_ARG_STRING, NULL, 'g', _("size of new key to be generated"), HELP_TYPE_KEYSIZE}, {"pinfile", 'p', POPT_ARG_STRING, NULL, 'p', _("file which holds the private key encryption PIN"), HELP_TYPE_FILENAME}, {"pin", 'P', POPT_ARG_STRING, NULL, 'P', _("private key encryption PIN"), NULL}, {"key-owner", 'o', POPT_ARG_STRING, NULL, 'o', _("owner information for private key"), HELP_TYPE_USER}, {"key-perms", 'm', POPT_ARG_STRING, NULL, 'm', _("file permissions for private key"), HELP_TYPE_MODE}, {"cert-owner", 'O', POPT_ARG_STRING, NULL, 'O', _("owner information for certificate"), HELP_TYPE_USER}, {"cert-perms", 'M', POPT_ARG_STRING, NULL, 'M', _("file permissions for certificate"), HELP_TYPE_MODE}, {"nss-user", 'Z', POPT_ARG_STRING, NULL, 'Z', _("user to save NSS private and public keys as"), HELP_TYPE_USER}, {"ca-dbdir", 'a', POPT_ARG_STRING, NULL, 'a', _("NSS database in which to store the CA's certificates"), HELP_TYPE_DIRECTORY}, {"ca-file", 'F', POPT_ARG_STRING, NULL, 'F', _("file in which to store the CA's certificates"), HELP_TYPE_FILENAME}, {"before-command", 'B', POPT_ARG_STRING, NULL, 'B', _("command to run before saving the certificate"), HELP_TYPE_COMMAND}, {"after-command", 'C', POPT_ARG_STRING, NULL, 'C', _("command to run after saving the certificate"), HELP_TYPE_COMMAND}, #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &ca, 0, _("use the specified CA configuration rather than the current one"), HELP_TYPE_NAME}, #endif {"profile", 'T', POPT_ARG_STRING, NULL, 'T', _("ask the CA to process the request using the named profile or template"), HELP_TYPE_NAME}, {"ms-template-spec", 0, POPT_ARG_STRING, NULL, 'Y', _("include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION])"), HELP_TYPE_NAME}, {"issuer", 'X', POPT_ARG_STRING, NULL, 'X', _("ask the CA to process the request using the named issuer"), HELP_TYPE_NAME}, {"subject-name", 'N', POPT_ARG_STRING, NULL, 'N', _("set requested subject name (default: CN=)"), HELP_TYPE_SUBJECT}, {"key-usage", 'u', POPT_ARG_STRING, NULL, 'u', _("set requested key usage value"), HELP_TYPE_KU}, {"extended-key-usage", 'U', POPT_ARG_STRING, NULL, 'U', _("set requested extended key usage OID"), HELP_TYPE_EKU}, {"principal", 'K', POPT_ARG_STRING, NULL, 'K', _("set requested principal name"), HELP_TYPE_PRINCIPAL}, {"dns", 'D', POPT_ARG_STRING, NULL, 'D', _("set requested DNS name"), HELP_TYPE_HOSTNAME}, {"email", 'E', POPT_ARG_STRING, NULL, 'E', _("set requested email address"), HELP_TYPE_EMAIL}, {"ip-address", 'A', POPT_ARG_STRING, NULL, 'A', _("set requested IP address"), HELP_TYPE_IP}, {"challenge-password-file", 'l', POPT_ARG_STRING, NULL, 'l', _("file which holds an optional challenge password value"), HELP_TYPE_FILENAME}, {"challenge-password", 'L', POPT_ARG_STRING, NULL, 'L', _("an optional challenge password value"), NULL}, {"for-ca", 0, POPT_ARG_VAL, &is_ca, 1, _("request a CA certificate"), NULL}, {"not-for-ca", 0, POPT_ARG_VAL, &is_ca, 0, _("request a non-CA certificate"), NULL}, {"ca-path-length", 0, POPT_ARG_INT, &path_length, 0, _("path length for CA certificate"), NULL}, {"wait", 'w', POPT_ARG_NONE, NULL, 'w', _("try to wait for the certificate to be issued"), NULL}, {"wait-timeout", 0, POPT_ARG_INT, &timeout, 0, _("maximum time to wait for the certificate to be issued"), NULL}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; kctx = NULL; if ((kret = krb5_init_context(&kctx)) != 0) { kctx = NULL; printf(_("Error initializing Kerberos library: %s.\n"), error_message(kret)); return 1; } if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, category); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 'd': nss_scheme = NULL; dbdir = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (dbdir != NULL)) { dbdir = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, dbdir); } break; case 't': token = talloc_strdup(globals.tctx, poptarg); break; case 'n': nickname = talloc_strdup(globals.tctx, poptarg); break; case 'f': certfile = ensure_pem(globals.tctx, poptarg); break; case 'o': key_owner = talloc_strdup(globals.tctx, poptarg); break; case 'm': key_perms = talloc_strdup(globals.tctx, poptarg); break; case 'O': cert_owner = talloc_strdup(globals.tctx, poptarg); break; case 'M': cert_perms = talloc_strdup(globals.tctx, poptarg); break; case 'c': ca = talloc_strdup(globals.tctx, poptarg); break; case 'T': profile = talloc_strdup(globals.tctx, poptarg); break; case 'Y': ms_template_spec = talloc_strdup(globals.tctx, poptarg); break; case 'X': issuer = talloc_strdup(globals.tctx, poptarg); break; case 'Z': nss_user = talloc_strdup(globals.tctx, poptarg); break; case 'i': id = talloc_strdup(globals.tctx, poptarg); break; case 'I': new_id = talloc_strdup(globals.tctx, poptarg); break; case 'G': if ((strcasecmp(poptarg, "RSA") != 0) #ifdef CM_ENABLE_DSA && (strcasecmp(poptarg, "DSA") != 0) #endif #ifdef CM_ENABLE_EC && (strcasecmp(poptarg, "ECDSA") != 0) && (strcasecmp(poptarg, "EC") != 0) #endif ) { printf(_("No support for generating \"%s\" keys.\n"), poptarg); printf(_("Known key types include:")); printf(" RSA"); #ifdef CM_ENABLE_DSA printf(" DSA"); #endif #ifdef CM_ENABLE_EC printf(" EC"); #endif printf("\n"); return 1; } keytype = talloc_strdup(globals.tctx, poptarg); break; case 'g': keysize = atoi(poptarg); break; case 'N': subject = talloc_strdup(globals.tctx, poptarg); break; case 'u': kubit = cm_ku_from_name(poptarg); if (kubit == -1) { printf(_("Unrecognized keyUsage \"%s\".\n"), poptarg); return 1; } ku |= (1 << kubit); break; case 'U': oid = cm_oid_from_name(globals.tctx, poptarg); if ((oid == NULL) || (strspn(oid, "0123456789.") != strlen(oid))) { printf(_("Could not evaluate OID \"%s\".\n"), poptarg); return 1; } add_string(globals.tctx, &eku, oid); break; case 'K': kprinc = NULL; if (strlen(poptarg) > 0) { if ((kret = krb5_parse_name(kctx, poptarg, &kprinc)) != 0) { printf(_("Error parsing Kerberos " "principal name \"%s\": " "%s.\n"), poptarg, error_message(kret)); return 1; } kuprinc = NULL; if ((kret = krb5_unparse_name(kctx, kprinc, &kuprinc)) != 0) { printf(_("Error unparsing Kerberos " "principal name \"%s\": " "%s.\n"), poptarg, error_message(kret)); return 1; } add_string(globals.tctx, &principal, kuprinc); krb5_free_principal(kctx, kprinc); } else { add_string(globals.tctx, &principal, ""); } break; case 'D': add_string(globals.tctx, &dns, poptarg); break; case 'E': add_string(globals.tctx, &email, poptarg); break; case 'A': add_string(globals.tctx, &ipaddr, poptarg); break; case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'p': pinfile = talloc_strdup(globals.tctx, poptarg); break; case 'P': pin = talloc_strdup(globals.tctx, poptarg); break; case 'l': cpassfile = talloc_strdup(globals.tctx, poptarg); break; case 'L': cpass = talloc_strdup(globals.tctx, poptarg); break; case 'B': precommand = talloc_strdup(globals.tctx, poptarg); break; case 'C': postcommand = talloc_strdup(globals.tctx, poptarg); break; case 'a': p = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (p != NULL)) { p = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, p); } if (p != NULL) { add_string(globals.tctx, &anchor_dbs, p); } else { fprintf(stderr, _("%s: invalid value -- '%s'\n"), "request", poptarg); help(argv0, "request"); return 1; } break; case 'F': add_string(globals.tctx, &anchor_files, ensure_pem(globals.tctx, poptarg)); break; case 'w': waitreq++; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; default: if (c == ':') { fprintf(stderr, _("%s: option requires an argument -- '%c'\n"), category, optopt); } else { fprintf(stderr, _("%s: invalid option -- '%c'\n"), category, optopt); } help(argv0, category); return 1; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, category); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, category); return 1; } krb5_free_context(kctx); prep_bus(bus, category, verbose, argc, argv); if (id != NULL) { request = find_request_by_name(globals.tctx, bus, id, verbose); } else { request = find_request_by_storage(globals.tctx, bus, dbdir, nickname, token, certfile, verbose); } if (request == NULL) { if (id != NULL) { printf(_("No request found with specified " "nickname.\n")); help(argv0, category); return 1; } if (((dbdir != NULL) && (nickname == NULL)) || ((dbdir == NULL) && (nickname != NULL))) { printf(_("Database location or nickname " "specified without the other.\n")); help(argv0, category); return 1; } if ((dbdir != NULL) && (certfile != NULL)) { printf(_("Database directory and certificate " "file both specified.\n")); help(argv0, category); return 1; } if ((dbdir == NULL) && (nickname == NULL) && (certfile == NULL)) { printf(_("None of database directory and " "nickname or certificate file " "specified.\n")); help(argv0, category); return 1; } printf(_("No request found that matched arguments.\n")); return 1; } i = 0; if (key_owner != NULL) { param[i].key = CM_DBUS_PROP_KEY_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = key_owner; params[i] = ¶m[i]; i++; } if (key_perms != NULL) { param[i].key = CM_DBUS_PROP_KEY_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(key_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (cert_owner != NULL) { param[i].key = CM_DBUS_PROP_CERT_OWNER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cert_owner; params[i] = ¶m[i]; i++; } if (cert_perms != NULL) { param[i].key = CM_DBUS_PROP_CERT_PERMS; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = strtol(cert_perms, NULL, 8); params[i] = ¶m[i]; i++; } if (nss_user != NULL) { param[i].key = CM_DBUS_PROP_NSS_USER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = nss_user; params[i] = ¶m[i]; i++; } if (keytype != NULL) { param[i].key = "KEY_TYPE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = keytype; params[i] = ¶m[i]; i++; } if (keysize > 0) { param[i].key = "KEY_SIZE"; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = keysize; params[i] = ¶m[i]; i++; } if (new_id != NULL) { param[i].key = "NICKNAME"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = new_id; params[i] = ¶m[i]; i++; } if (ca != NULL) { capath = find_ca_by_name(globals.tctx, bus, ca, verbose); if (capath == NULL) { printf(_("No CA with name \"%s\" found.\n"), ca); exit(1); } param[i].key = "CA"; param[i].value_type = cm_tdbusm_dict_p; param[i].value.s = talloc_strdup(globals.tctx, capath); params[i] = ¶m[i]; i++; } if (subject != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_SUBJECT; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = subject; params[i] = ¶m[i]; i++; } if (principal != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PRINCIPAL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = principal; params[i] = ¶m[i]; i++; } if (dns != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_HOSTNAME; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = dns; params[i] = ¶m[i]; i++; } if (email != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_EMAIL; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = email; params[i] = ¶m[i]; i++; } if (ipaddr != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_IP_ADDRESS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = ipaddr; params[i] = ¶m[i]; i++; } if (ku != 0) { for (j = 0; (ku >> j) != 0; j++) { kustring[j] = ((ku >> j) & 1) ? '1' : '0'; } kustring[j] = '\0'; param[i].key = CM_DBUS_PROP_TEMPLATE_KU; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = kustring; params[i] = ¶m[i]; i++; } if (eku != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_EKU; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = eku; params[i] = ¶m[i]; i++; } if (pin != NULL) { param[i].key = "KEY_PIN"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pin; params[i] = ¶m[i]; i++; } if (pinfile != NULL) { param[i].key = "KEY_PIN_FILE"; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = pinfile; params[i] = ¶m[i]; i++; } if (cpass != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpass; params[i] = ¶m[i]; i++; } if (cpassfile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = cpassfile; params[i] = ¶m[i]; i++; } param[i].key = CM_DBUS_PROP_TEMPLATE_IS_CA; param[i].value_type = cm_tdbusm_dict_b; param[i].value.b = is_ca; params[i] = ¶m[i]; i++; param[i].key = CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH; param[i].value_type = cm_tdbusm_dict_n; param[i].value.n = path_length; params[i] = ¶m[i]; i++; if (profile != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_PROFILE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = profile; params[i] = ¶m[i]; i++; } if (ms_template_spec != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = ms_template_spec; params[i] = ¶m[i]; i++; } if (issuer != NULL) { param[i].key = CM_DBUS_PROP_TEMPLATE_ISSUER; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = issuer; params[i] = ¶m[i]; i++; } if (precommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = precommand; params[i] = ¶m[i]; i++; } if (postcommand != NULL) { param[i].key = CM_DBUS_PROP_CERT_POSTSAVE_COMMAND; param[i].value_type = cm_tdbusm_dict_s; param[i].value.s = postcommand; params[i] = ¶m[i]; i++; } if (anchor_files != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_FILES; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_files; params[i] = ¶m[i]; i++; } if (anchor_dbs != NULL) { param[i].key = CM_DBUS_PROP_ROOT_CERT_NSSDBS; param[i].value_type = cm_tdbusm_dict_as; param[i].value.as = anchor_dbs; params[i] = ¶m[i]; i++; } params[i] = NULL; if (i > 0) { req = prep_req(bus, request, CM_DBUS_REQUEST_INTERFACE, "modify"); if (cm_tdbusm_set_d(req, params) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_bp(rep, globals.tctx, &b, &new_request) != 0) { printf(_("Error parsing server response.\n")); exit(1); } request = new_request; dbus_message_unref(rep); if (!b) { nickname = find_request_name(globals.tctx, bus, request, verbose); printf(_("Error modifying \"%s\".\n"), nickname ? nickname : request); exit(1); } } rep = query_rep(bus, request, CM_DBUS_REQUEST_INTERFACE, "get_ca", verbose); if (cm_tdbusm_get_p(rep, globals.tctx, &capath) == 0) { ca = find_ca_name(globals.tctx, bus, capath, verbose); } else { ca = NULL; } nickname = find_request_name(globals.tctx, bus, request, verbose); if (query_rep_b(bus, request, CM_DBUS_REQUEST_INTERFACE, category, verbose, globals.tctx)) { if (ca != NULL) { printf(_("Resubmitting \"%s\" to \"%s\".\n"), nickname ? nickname : request, ca); } else { printf(_("Resubmitting \"%s\".\n"), nickname ? nickname : request); } if (waitreq) { return waitfor(globals.tctx, bus, request, timeout, verbose); } return 0; } else { if (ca != NULL) { printf(_("Error attempting to submit \"%s\" to " "\"%s\".\n"), request, ca); } else { printf(_("Error attempting to submit \"%s\".\n"), request); } return 1; } } static int rekey(const char *argv0, int argc, const char **argv) { return rekey_or_resubmit(argv0, "rekey", argc, argv); } static int resubmit(const char *argv0, int argc, const char **argv) { return rekey_or_resubmit(argv0, "resubmit", argc, argv); } static int refresh(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; DBusMessage *rep; const char *only_ca = DEFAULT_CA; char **requests, *p, *nickname, *ca_name; char *dbdir = NULL, *dbnickname = NULL, *certfile = NULL, *id = NULL; char *nss_scheme, *token = NULL; const char *capath; dbus_bool_t b, all = FALSE; char *s1, *s2, *s3, *s4; enum cm_state state; int verbose = 0, c, i; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"all", 'a', POPT_ARG_NONE, NULL, 'a', _("refresh information about all outstanding requests"), NULL}, #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &only_ca, 0, _("refresh information only for requests using the specified CA configuration"), HELP_TYPE_NAME}, #endif {"dbdir", 'd', POPT_ARG_STRING, NULL, 'd', _("NSS database for key and cert"), HELP_TYPE_DIRECTORY}, {"nickname", 'n', POPT_ARG_STRING, NULL, 'n', _("nickname for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"token", 't', POPT_ARG_STRING, NULL, 't', _("optional token name for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"certfile", 'f', POPT_ARG_STRING, NULL, 'f', _("PEM file for certificate"), HELP_TYPE_FILENAME}, {"id", 'i', POPT_ARG_STRING, NULL, 'i', _("nickname for tracking request"), HELP_TYPE_ID}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "refresh"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 'c': only_ca = poptarg; break; case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'a': all = TRUE; nss_scheme = NULL; dbdir = NULL; dbnickname = NULL; certfile = NULL; id = NULL; break; case 'd': all = FALSE; nss_scheme = NULL; dbdir = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (dbdir != NULL)) { dbdir = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, dbdir); } break; case 't': token = talloc_strdup(globals.tctx, poptarg); break; case 'n': all = FALSE; dbnickname = talloc_strdup(globals.tctx, poptarg); break; case 'f': all = FALSE; certfile = ensure_pem(globals.tctx, poptarg); break; case 'i': all = FALSE; id = talloc_strdup(globals.tctx, poptarg); break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; default: if (c == ':') { fprintf(stderr, _("%s: option requires an argument -- '%c'\n"), "refresh", optopt); } else { fprintf(stderr, _("%s: invalid option -- '%c'\n"), "refresh", optopt); } help(argv0, "refresh"); return 1; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "refresh"); return 1; } if (!all && (id == NULL) && ((dbdir == NULL) || (dbnickname == NULL)) && (certfile == NULL)) { printf(_("None of ID or database directory and nickname or " "certificate file specified.\n")); help(argv0, "refresh"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "refresh"); return 1; } prep_bus(bus, "refresh", verbose, argc, argv); if (only_ca != NULL) { capath = find_ca_by_name(globals.tctx, bus, only_ca, verbose); if (capath == NULL) { printf(_("No CA with name \"%s\" found.\n"), only_ca); return 1; } } requests = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_requests", verbose, globals.tctx); for (i = 0; (requests != NULL) && (requests[i] != NULL); i++) { /* Filter out based on the CA. */ ca_name = NULL; rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_ca", verbose); if (cm_tdbusm_get_p(rep, globals.tctx, &p) == 0) { ca_name = find_ca_name(globals.tctx, bus, p, verbose); } dbus_message_unref(rep); if (only_ca != NULL) { if (ca_name == NULL) { continue; } if (strcmp(only_ca, ca_name) != 0) { continue; } } /* Filter based on request name or storage. */ nickname = find_request_name(globals.tctx, bus, requests[i], verbose); if ((id != NULL) && (strcmp(nickname, id) != 0)) { continue; } if ((dbdir != NULL) || (dbnickname != NULL) || (certfile != NULL)) { rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_cert_storage_info", verbose); if (cm_tdbusm_get_ssosos(rep, globals.tctx, &s1, &s2, &s3, &s4) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if ((dbdir != NULL) || (dbnickname != NULL)) { if ((strcmp(s1, "NSSDB") != 0) || ((dbdir != NULL) && (strcmp(dbdir, s2) != 0)) || ((dbnickname != NULL) && (s3 != NULL) && (strcmp(dbnickname, s3) != 0)) || ((token != NULL) && (s4 != NULL) && (strcmp(token, s4) != 0))) { continue; } } if (certfile != NULL) { if ((strcmp(s1, "FILE") != 0) || (strcmp(certfile, s2) != 0)) { continue; } } } /* Get the status of this request. */ rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_status", verbose); if (cm_tdbusm_get_sb(rep, globals.tctx, &s1, &b) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); /* Filter out based on the current state. */ state = cm_store_state_from_string(s1); switch (state) { case CM_CA_WORKING: case CM_CA_UNREACHABLE: break; default: continue; break; } /* Tell the daemon to refresh for this request. */ b = query_rep_b(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "refresh", verbose, globals.tctx); if (b) { printf(_("Request ID '%s' being refreshed.\n"), nickname); } else { printf(_("Request ID '%s' NOT being refreshed.\n"), nickname); } } return 0; } /* Check if a CA is an SCEP CA. */ static dbus_bool_t ca_is_scep(void *parent, enum cm_tdbus_type bus, const char *nickname, int verbose) { char *busname, *s; if (nickname == NULL) { return FALSE; } busname = find_ca_by_name(parent, bus, nickname, verbose); if (busname == NULL) { return FALSE; } s = query_prop_s(bus, busname, CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_SCEP_RA_CERT, verbose, parent); if ((s != NULL) && (strlen(s) > 0)) { return TRUE; } s = query_prop_s(bus, busname, CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_SCEP_CA_CERT, verbose, parent); if ((s != NULL) && (strlen(s) > 0)) { return TRUE; } return FALSE; } static int list(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; enum cm_state state; DBusMessage *rep; char **requests, *s, *p, *nickname, *only_ca = DEFAULT_CA, *ca_name; char *dbdir = NULL, *dbnickname = NULL, *certfile = NULL, *id = NULL; char *nss_scheme, *token = NULL, *when = NULL; int force_utc = 0; const char *capath, *request; dbus_bool_t b; char *s1, *s2, *s3, *s4, *s5, *s6; long perms; char *owner; long n1, n2, n3; char **as, **as1, **as2, **as3, **as4, **as5, t[25]; int requests_only = 0, tracking_only = 0, verbose = 0, c, i, j; unsigned int k; char key_usages[LINE_MAX]; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"requests-only", 'r', POPT_ARG_NONE, NULL, 'r', _("list only information about outstanding requests"), NULL}, {"tracking-only", 't', POPT_ARG_NONE, NULL, 't', _("list only information about tracked certificates"), NULL}, #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &only_ca, 0, _("list only requests and certs associated with this CA configuration"), HELP_TYPE_NAME}, #endif {"dbdir", 'd', POPT_ARG_STRING, NULL, 'd', _("NSS database for key and cert"), HELP_TYPE_DIRECTORY}, {"nickname", 'n', POPT_ARG_STRING, NULL, 'n', _("nickname for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"token", 't', POPT_ARG_STRING, NULL, 't', _("optional token name for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"certfile", 'f', POPT_ARG_STRING, NULL, 'f', _("PEM file for certificate"), HELP_TYPE_FILENAME}, {"id", 'i', POPT_ARG_STRING, NULL, 'i', _("nickname for tracking request"), HELP_TYPE_ID}, {"utc", 'u', POPT_ARG_NONE, NULL, 'u', _("display times in UTC instead of local time"), NULL}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "list"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 'r': requests_only++; break; case 't': tracking_only++; break; case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'd': nss_scheme = NULL; dbdir = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (dbdir != NULL)) { dbdir = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, dbdir); } break; case 'n': dbnickname = talloc_strdup(globals.tctx, poptarg); break; case 'f': certfile = ensure_pem(globals.tctx, poptarg); break; case 'i': id = talloc_strdup(globals.tctx, poptarg); break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; case 'u': force_utc++; break; default: if (c == ':') { fprintf(stderr, _("%s: option requires an argument -- '%c'\n"), "list", optopt); } else { fprintf(stderr, _("%s: invalid option -- '%c'\n"), "list", optopt); } help(argv0, "list"); return 1; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "list"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "list"); return 1; } prep_bus(bus, "list", verbose, argc, argv); if (only_ca != NULL) { capath = find_ca_by_name(globals.tctx, bus, only_ca, verbose); if (capath == NULL) { printf(_("No CA with name \"%s\" found.\n"), only_ca); return 1; } } if (id != NULL) { request = find_request_by_name(globals.tctx, bus, id, verbose); if (request == NULL) { printf(_("No request found with specified " "nickname.\n")); return 1; } } else { request = find_request_by_storage(globals.tctx, bus, dbdir, dbnickname, token, certfile, verbose); if (request == NULL) { if (((dbdir != NULL) && (dbnickname != NULL)) || (certfile != NULL)) { printf(_("No request found that matched " "arguments.\n")); return 1; } } } requests = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_requests", verbose, globals.tctx); for (i = 0; (requests != NULL) && (requests[i] != NULL); i++) { continue; } printf(_("Number of certificates and requests being tracked: %d.\n"), i); for (i = 0; (requests != NULL) && (requests[i] != NULL); i++) { /* Filter out based on the CA. */ ca_name = NULL; rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_ca", verbose); if (cm_tdbusm_get_p(rep, globals.tctx, &p) == 0) { ca_name = find_ca_name(globals.tctx, bus, p, verbose); } dbus_message_unref(rep); if (only_ca != NULL) { if (ca_name == NULL) { continue; } if (strcmp(only_ca, ca_name) != 0) { continue; } } /* Get the status of this request. */ rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_status", verbose); if (cm_tdbusm_get_sb(rep, globals.tctx, &s, &b) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); /* Filter out based on the current state. */ state = cm_store_state_from_string(s); switch (state) { case CM_INVALID: printf(("'%s' is in an invalid state!\n"), s); continue; break; case CM_NEED_KEY_PAIR: case CM_NEED_KEY_GEN_PERMS: case CM_NEED_KEY_GEN_PIN: case CM_NEED_KEY_GEN_TOKEN: case CM_GENERATING_KEY_PAIR: case CM_HAVE_KEY_PAIR: case CM_NEED_KEYINFO: case CM_READING_KEYINFO: case CM_NEED_KEYINFO_READ_PIN: case CM_NEED_KEYINFO_READ_TOKEN: case CM_HAVE_KEYINFO: case CM_NEED_CSR: case CM_NEED_CSR_GEN_PIN: case CM_NEED_CSR_GEN_TOKEN: case CM_GENERATING_CSR: case CM_HAVE_CSR: case CM_NEED_SCEP_DATA: case CM_NEED_SCEP_GEN_PIN: case CM_NEED_SCEP_GEN_TOKEN: case CM_NEED_SCEP_ENCRYPTION_CERT: case CM_NEED_SCEP_RSA_CLIENT_KEY: case CM_GENERATING_SCEP_DATA: case CM_HAVE_SCEP_DATA: case CM_NEED_TO_SUBMIT: case CM_SUBMITTING: case CM_NEED_TO_SAVE_CERT: case CM_PRE_SAVE_CERT: case CM_START_SAVING_CERT: case CM_SAVING_CERT: case CM_NEED_CERTSAVE_PERMS: case CM_NEED_CERTSAVE_TOKEN: case CM_NEED_CERTSAVE_PIN: case CM_SAVED_CERT: case CM_POST_SAVED_CERT: case CM_NEED_TO_READ_CERT: case CM_READING_CERT: case CM_CA_WORKING: case CM_CA_REJECTED: case CM_CA_UNREACHABLE: case CM_CA_UNCONFIGURED: case CM_NEED_GUIDANCE: case CM_NEED_CA: case CM_NEWLY_ADDED: case CM_NEWLY_ADDED_START_READING_KEYINFO: case CM_NEWLY_ADDED_READING_KEYINFO: case CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN: case CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN: case CM_NEWLY_ADDED_START_READING_CERT: case CM_NEWLY_ADDED_READING_CERT: case CM_NEWLY_ADDED_DECIDING: case CM_NEED_TO_SAVE_CA_CERTS: case CM_NEED_TO_SAVE_ONLY_CA_CERTS: case CM_START_SAVING_CA_CERTS: case CM_START_SAVING_ONLY_CA_CERTS: case CM_SAVING_CA_CERTS: case CM_SAVING_ONLY_CA_CERTS: case CM_NEED_CA_CERT_SAVE_PERMS: case CM_NEED_ONLY_CA_CERT_SAVE_PERMS: if (tracking_only) { continue; } break; case CM_MONITORING: case CM_NEED_TO_NOTIFY_VALIDITY: case CM_NOTIFYING_VALIDITY: case CM_NEED_TO_NOTIFY_REJECTION: case CM_NOTIFYING_REJECTION: case CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED: case CM_NOTIFYING_ISSUED_SAVE_FAILED: case CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED: case CM_NOTIFYING_ISSUED_CA_SAVE_FAILED: case CM_NEED_TO_NOTIFY_ISSUED_SAVED: case CM_NOTIFYING_ISSUED_SAVED: case CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED: case CM_NOTIFYING_ONLY_CA_SAVE_FAILED: if (requests_only) { continue; } break; } /* Basic info. */ nickname = find_request_name(globals.tctx, bus, requests[i], verbose); if ((id != NULL) && (strcmp(nickname, id) != 0)) { continue; } if ((dbdir != NULL) || (dbnickname != NULL) || (certfile != NULL)) { rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_cert_storage_info", verbose); if (cm_tdbusm_get_ssosos(rep, globals.tctx, &s1, &s2, &s3, &s4) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if ((dbdir != NULL) || (dbnickname != NULL)) { if ((strcmp(s1, "NSSDB") != 0) || ((dbdir != NULL) && (s2 != NULL) && (strcmp(dbdir, s2) != 0)) || ((dbnickname != NULL) && (s3 != NULL) && (strcmp(dbnickname, s3) != 0))) { continue; } } if (certfile != NULL) { if ((strcmp(s1, "FILE") != 0) || (strcmp(certfile, s2) != 0)) { continue; } } } printf(_("Request ID '%s':\n"), nickname); printf(_("\tstatus: %s\n"), s); rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_ca_error", verbose); if (cm_tdbusm_get_s(rep, globals.tctx, &s) == 0) { printf(_("\tca-error: %s\n"), s); } printf(_("\tstuck: %s\n"), b ? "yes" : "no"); /* Get key/cert storage info. */ rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_key_storage_info", verbose); if (cm_tdbusm_get_sososos(rep, globals.tctx, &s1, &s2, &s3, &s4) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); s5 = query_rep_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_key_pin", verbose, globals.tctx); if ((s5 != NULL) && (strlen(s5) == 0)) { s5 = NULL; } s6 = query_rep_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_key_pin_file", verbose, globals.tctx); if ((s6 != NULL) && (strlen(s6) == 0)) { s6 = NULL; } owner = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_KEY_OWNER, verbose, globals.tctx); if ((owner != NULL) && (strlen(owner) == 0)) { owner = NULL; } perms = query_prop_n(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_KEY_PERMS, verbose, globals.tctx); printf(_("\tkey pair storage: type=%s"), s1 ? s1 : _("NONE")); if (s2 != NULL) { printf(_(",location='%s'"), s2); } if (s3 != NULL) { printf(_(",nickname='%s'"), s3); } if (s4 != NULL) { printf(_(",token='%s'"), s4); } if (s5 != NULL) { printf(_(",pin set")); } if (s6 != NULL) { printf(_(",pinfile='%s'"), s6); } if (owner != NULL) { printf(_(",owner=%s"), owner); } if (perms > 0) { printf(_(",perms=%04o"), (unsigned int)perms & 07777); } printf("\n"); rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_cert_storage_info", verbose); if (cm_tdbusm_get_ssosos(rep, globals.tctx, &s1, &s2, &s3, &s4) != 0) { printf(_("Error parsing server response.\n")); exit(1); } owner = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_CERT_OWNER, verbose, globals.tctx); if ((owner != NULL) && (strlen(owner) == 0)) { owner = NULL; } perms = query_prop_n(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_CERT_PERMS, verbose, globals.tctx); dbus_message_unref(rep); printf(_("\tcertificate: type=%s,location='%s'"), s1, s2); if (s3 != NULL) { printf(_(",nickname='%s'"), s3); } if (s4 != NULL) { printf(_(",token='%s'"), s4); } if (owner != NULL) { printf(_(",owner=%s"), owner); } if (perms > 0) { printf(_(",perms=%04o"), (unsigned int)perms & 07777); } printf("\n"); /* Information about the CSR. */ if ((ca_name != NULL) && ca_is_scep(globals.tctx, bus, ca_name, verbose)) { s1 = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_CSR, verbose, globals.tctx); if ((s1 != NULL) && (strlen(s1) > 0)) { s2 = thumbprint(s1, SEC_OID_MD5, 128); if ((s2 != NULL) && (strlen(s2) > 0)) { printf(_("\tsigning request thumbprint (MD5): %s\n"), s2); } free(s2); s2 = thumbprint(s1, SEC_OID_SHA1, 160); if ((s2 != NULL) && (strlen(s2) > 0)) { printf(_("\tsigning request thumbprint (SHA1): %s\n"), s2); } free(s2); } } /* Information from the certificate. */ rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_cert_info", verbose); if (cm_tdbusm_get_sssnasasasnasn(rep, globals.tctx, &s1, &s2, &s3, &n1, &as1, &as2, &as3, &n2, &as4, &n3) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (ca_name != NULL) { printf(_("\tCA: %s\n"), ca_name); } printf(_("\tissuer: %s\n"), s1); printf(_("\tsubject: %s\n"), s3); when = _("unknown"); if (n3 != 0) { if (force_utc) { when = cm_store_timestamp_from_time_for_display(n3, t); printf(_("\tissued: %s\n"), when); } else { when = cm_store_local_timestamp_from_time_for_display(n3); if (when != NULL) { printf(_("\tissued: %s\n"), when); free(when); } } } else { printf(_("\tissued: %s\n"), when); } when = _("unknown"); if (n1 != 0) { if (force_utc) { when = cm_store_timestamp_from_time_for_display(n1, t); printf(_("\texpires: %s\n"), when); } else { when = cm_store_local_timestamp_from_time_for_display(n1); if (when != NULL) { printf(_("\texpires: %s\n"), when); free(when); } } } else { printf(_("\texpires: %s\n"), when); } for (j = 0; (as1 != NULL) && (as1[j] != NULL); j++) { printf("%s%s%s", j == 0 ? _("\temail: ") : ",", as1[j], as1[j + 1] ? "" : "\n"); } for (j = 0; (as2 != NULL) && (as2[j] != NULL); j++) { printf("%s%s%s", j == 0 ? _("\tdns: ") : ",", as2[j], as2[j + 1] ? "" : "\n"); } for (j = 0; (as3 != NULL) && (as3[j] != NULL); j++) { printf("%s%s%s", j == 0 ? _("\tprincipal name: ") : ",", as3[j], as3[j + 1] ? "" : "\n"); } as5 = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_TEMPLATE_IP_ADDRESS, verbose, globals.tctx); for (j = 0; (as5 != NULL) && (as5[j] != NULL); j++) { printf("%s%s%s", j == 0 ? _("\tIP address: ") : ",", as5[j], as5[j + 1] ? "" : "\n"); } if (n2 != 0) { const char *ku; memset(key_usages, '\0', sizeof(key_usages)); for (k = 0; (n2 >> k) != 0; k++) { if ((((n2 >> k) & 1) != 0) && ((ku = cm_ku_to_name(k)) != NULL)) { snprintf(key_usages + strlen(key_usages), sizeof(key_usages) - strlen(key_usages), "%s%s", strlen(key_usages) ? "," : "", ku); } } printf(_("\tkey usage: %s\n"), key_usages); } for (j = 0; (as4 != NULL) && (as4[j] != NULL); j++) { printf("%s%s%s", j == 0 ? _("\teku: ") : ",", cm_oid_to_name(NULL, as4[j]), as4[j + 1] ? "" : "\n"); } s1 = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_CA_PROFILE, verbose, globals.tctx); if ((s1 != NULL) && (strlen(s1) > 0)) { printf(_("\tcertificate template/profile: %s\n"), s1); } as = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_ROOT_CERT_FILES, verbose, globals.tctx); if (as != NULL) { printf(_("\troot certificates saved to files:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_OTHER_ROOT_CERT_FILES, verbose, globals.tctx); if (as != NULL) { printf(_("\tother root certificates saved to files:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_OTHER_CERT_FILES, verbose, globals.tctx); if (as != NULL) { printf(_("\tother certificates saved to files:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_ROOT_CERT_NSSDBS, verbose, globals.tctx); if (as != NULL) { printf(_("\troot certificates saved to databases:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS, verbose, globals.tctx); if (as != NULL) { printf(_("\tother root certificates saved to databases:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_OTHER_CERT_NSSDBS, verbose, globals.tctx); if (as != NULL) { printf(_("\tother certificates saved to databases:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } s1 = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_TEMPLATE_PROFILE, verbose, globals.tctx); if (s1 != NULL && strlen(s1) > 0) { printf(_("\tprofile: %s\n"), s1); } s1 = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE, verbose, globals.tctx); if (s1 != NULL && strlen(s1) > 0) { printf(_("\tms v2 template: %s\n"), s1); } s1 = query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_TEMPLATE_ISSUER, verbose, globals.tctx); if (s1 != NULL && strlen(s1) > 0) { printf(_("\tissuer template: %s\n"), s1); } printf(_("\tpre-save command: %s\n"), query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_CERT_PRESAVE_COMMAND, verbose, globals.tctx)); printf(_("\tpost-save command: %s\n"), query_prop_s(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, CM_DBUS_PROP_CERT_POSTSAVE_COMMAND, verbose, globals.tctx)); printf(_("\ttrack: %s\n"), query_rep_b(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_monitoring", verbose, globals.tctx) ? "yes" : "no"); printf(_("\tauto-renew: %s\n"), query_rep_b(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_autorenew", verbose, globals.tctx) ? "yes" : "no"); } return 0; } static int status(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; DBusMessage *rep; char *dbdir = NULL, *dbnickname = NULL, *certfile = NULL, *id = NULL; char *nss_scheme, *token = NULL; const char *request; char *s; dbus_bool_t b; int verbose = 0, c; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"dbdir", 'd', POPT_ARG_STRING, NULL, 'd', _("NSS database for key and cert"), HELP_TYPE_DIRECTORY}, {"nickname", 'n', POPT_ARG_STRING, NULL, 'n', _("nickname for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"token", 't', POPT_ARG_STRING, NULL, 't', _("optional token name for NSS-based storage (only valid with -d)"), HELP_TYPE_NAME}, {"certfile", 'f', POPT_ARG_STRING, NULL, 'f', _("PEM file for certificate"), HELP_TYPE_FILENAME}, {"id", 'i', POPT_ARG_STRING, NULL, 'i', _("nickname for tracking request"), HELP_TYPE_ID}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "status"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'd': nss_scheme = NULL; dbdir = ensure_nss(globals.tctx, poptarg, &nss_scheme); if ((nss_scheme != NULL) && (dbdir != NULL)) { dbdir = talloc_asprintf(globals.tctx, "%s:%s", nss_scheme, dbdir); } break; case 'n': dbnickname = talloc_strdup(globals.tctx, poptarg); break; case 'f': certfile = ensure_pem(globals.tctx, poptarg); break; case 'i': id = talloc_strdup(globals.tctx, poptarg); break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "status"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "status"); return 1; } prep_bus(bus, "status", verbose, argc, argv); if (id != NULL) { request = find_request_by_name(globals.tctx, bus, id, verbose); if (request == NULL) { printf(_("No request found with specified " "nickname.\n")); return 1; } } else { request = find_request_by_storage(globals.tctx, bus, dbdir, dbnickname, token, certfile, verbose); if (request == NULL) { if (((dbdir != NULL) && (dbnickname != NULL)) || (certfile != NULL)) { printf(_("No request found that matched " "arguments.\n")); return 1; } else { printf(_("None of ID or database directory and " "and nickname or certificate file " "specified.\n")); help(argv0, "status"); return 1; } } } /* Get the status of this request. */ rep = query_rep(bus, request, CM_DBUS_REQUEST_INTERFACE, "get_status", verbose); if (cm_tdbusm_get_sb(rep, globals.tctx, &s, &b) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (verbose) { printf(_("State %s, stuck: %s.\n"), s, b ? "yes" : "no"); } return evaluate_status(s, b); } char * thumbprint(const char *s, SECOidTag tag, int bits) { unsigned char digest[CM_DIGEST_MAX], *u = NULL; char *t = NULL; char *ret = NULL; int length, i; const char *hexchars = "0123456789ABCDEF"; t = cm_submit_u_base64_from_text(s); if (t == NULL) { goto done; } length = strlen(t); if (length == 0) { free(t); goto done; } u = malloc(length + 1); if (u == NULL) { goto done; } length = cm_store_base64_to_bin(t, -1, u, length); if (PK11_HashBuf(tag, digest, u, length) == SECSuccess) { free(t); t = malloc(bits / 4 + howmany(bits, 32)); if (t != NULL) { ret = t; for (i = 0; i < bits / 8; i++) { if ((i > 0) && ((i % 4) == 0)) { *t++ = ' '; } *t++ = hexchars[(digest[i] >> 4) & 0x0f]; *t++ = hexchars[(digest[i]) & 0x0f]; } *t++ = '\0'; } } else { free(t); t = NULL; } done: free(u); return ret; } static int list_cas(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char **cas, *s, *only_ca = DEFAULT_CA, *thumb, *ca_name; char **as; int c, i, j, verbose = 0; poptContext pctx; struct poptOption popts[] = { #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &only_ca, 0, _("list only the specified CA configuration"), HELP_TYPE_NAME}, #endif {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "list-cas"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; default: if (c == ':') { fprintf(stderr, _("%s: option requires an argument -- '%c'\n"), "list-cas", optopt); } else { fprintf(stderr, _("%s: invalid option -- '%c'\n"), "list-cas", optopt); } help(argv0, "list-cas"); return 1; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "list-cas"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "list-cas"); return 1; } prep_bus(bus, "list-cas", verbose, argc, argv); cas = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_known_cas", verbose, globals.tctx); for (i = 0; (cas != NULL) && (cas[i] != NULL); i++) { /* Filter out based on the CA. */ ca_name = find_ca_name(globals.tctx, bus, cas[i], verbose); if (ca_name != NULL) { if ((only_ca != NULL) && (strcmp(ca_name, only_ca) != 0)) { continue; } } printf(_("CA '%s':\n"), ca_name); if (verbose > 0) { s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_AKA, verbose, globals.tctx); if ((s != NULL) && (strlen(s) > 0)) { printf(_("\tself-identifies as: %s\n"), s); } } printf("\tis-default: %s\n", query_rep_b(bus, cas[i], CM_DBUS_CA_INTERFACE, "get_is_default", verbose, globals.tctx) ? "yes" : "no"); s = query_rep_s(bus, cas[i], CM_DBUS_CA_INTERFACE, "get_type", verbose, globals.tctx); printf(_("\tca-type: %s\n"), s); if (strcmp(s, "EXTERNAL") == 0) { printf(_("\thelper-location: %s\n"), query_rep_s(bus, cas[i], CM_DBUS_CA_INTERFACE, "get_location", verbose, globals.tctx)); } else { printf(_("\tnext-serial-number: %s\n"), query_rep_s(bus, cas[i], CM_DBUS_CA_INTERFACE, "get_serial", verbose, globals.tctx)); } as = query_rep_as(bus, cas[i], CM_DBUS_CA_INTERFACE, "get_issuer_names", verbose, globals.tctx); if (as != NULL) { printf(_("\tknown-issuer-names:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_DEFAULT_PROFILE, verbose, globals.tctx); if (as != NULL) { printf(_("\tknown profiles/templates/certtypes:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_ROOT_CERT_FILES, verbose, globals.tctx); if (as != NULL) { printf(_("\troot certificates saved to files:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_OTHER_ROOT_CERT_FILES, verbose, globals.tctx); if (as != NULL) { printf(_("\tother root certificates saved to files:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_OTHER_CERT_FILES, verbose, globals.tctx); if (as != NULL) { printf(_("\tother certificates saved to files:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_ROOT_CERT_NSSDBS, verbose, globals.tctx); if (as != NULL) { printf(_("\troot certificates saved to databases:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS, verbose, globals.tctx); if (as != NULL) { printf(_("\tother root certificates saved to databases:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } as = query_prop_as(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_OTHER_CERT_NSSDBS, verbose, globals.tctx); if (as != NULL) { printf(_("\tother certificates saved to databases:\n")); for (j = 0; as[j] != NULL; j++) { printf("\t\t%s\n", as[j]); } } s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_DEFAULT_PROFILE, verbose, globals.tctx); if ((s != NULL) && (strlen(s) > 0)) { printf(_("\tdefault profile/template/certtype: %s\n"), s); } if (ca_is_scep(globals.tctx, bus, ca_name, verbose)) { s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_SCEP_CA_IDENTIFIER, verbose, globals.tctx); if ((s != NULL) && (strlen(s) > 0)) { printf(_("\tSCEP CA identifier: %s\n"), s); } s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_SCEP_CA_CERT, verbose, globals.tctx); if ((s == NULL) || (strlen(s) == 0)) { s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_SCEP_RA_CERT, verbose, globals.tctx); } if ((s != NULL) && (strlen(s) > 0)) { thumb = thumbprint(s, SEC_OID_MD5, 128); if ((thumb != NULL) && (strlen(thumb) > 0)) { printf(_("\tSCEP CA certificate thumbprint (MD5): %s\n"), thumb); } free(thumb); thumb = thumbprint(s, SEC_OID_SHA1, 160); if ((thumb != NULL) && (strlen(thumb) > 0)) { printf(_("\tSCEP CA certificate thumbprint (SHA1): %s\n"), thumb); } free(thumb); } } s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_CA_PRESAVE_COMMAND, verbose, globals.tctx); if ((s != NULL) && (strlen(s) > 0)) { printf(_("\tpre-save command: %s\n"), s); } s = query_prop_s(bus, cas[i], CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_CA_POSTSAVE_COMMAND, verbose, globals.tctx); if ((s != NULL) && (strlen(s) > 0)) { printf(_("\tpost-save command: %s\n"), s); } if (verbose > 0) { printf(_("\tconfig-path: %s\n"), query_rep_s(bus, cas[i], CM_DBUS_CA_INTERFACE, "get_config_file_path", verbose, globals.tctx)); } } return 0; } static int refresh_ca(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char **cas, *s, *only_ca = DEFAULT_CA; int c, i, verbose = 0; dbus_bool_t b, all = FALSE; poptContext pctx; struct poptOption popts[] = { #ifndef FORCE_CA {"ca", 'c', POPT_ARG_STRING, &only_ca, 0, _("refresh information about the CA configuration with this name"), HELP_TYPE_NAME}, #endif {"all", 'a', POPT_ARG_NONE, NULL, 'a', _("refresh information about all known CAs"), NULL}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "refresh-ca"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'a': all = TRUE; break; case 'c': all = FALSE; break; case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "refresh-ca"); return 1; } if (!all && (only_ca == NULL)) { printf(_("Neither CA nickname nor -a flag specified.\n")); help(argv0, "refresh-ca"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "refresh-ca"); return 1; } prep_bus(bus, "refresh-ca", verbose, argc, argv); cas = query_rep_ap(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "get_known_cas", verbose, globals.tctx); for (i = 0; (cas != NULL) && (cas[i] != NULL); i++) { /* Filter out based on the CA. */ s = find_ca_name(globals.tctx, bus, cas[i], verbose); if ((s != NULL) && !all) { if ((only_ca != NULL) && (strcmp(s, only_ca) != 0)) { continue; } } b = query_rep_b(bus, cas[i], CM_DBUS_CA_INTERFACE, "refresh", verbose, globals.tctx); if (b) { if (s != NULL) { printf(_("Data for CA '%s' being refreshed.\n"), s); } else { printf(_("Data for unnamed CA being refreshed.\n")); } } else { printf(_("\terror refreshing CA data\n")); } } return 0; } #ifndef FORCE_CA static int add_ca(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char *caname = NULL, *command = NULL, *p = NULL, *nickname; int c, verbose = 0; dbus_bool_t b; static DBusMessage *req, *rep; poptContext pctx; struct poptOption popts[] = { {"ca", 'c', POPT_ARG_STRING, &caname, 0, _("nickname to give to the new CA configuration"), HELP_TYPE_NAME}, {"command", 'e', POPT_ARG_STRING, &command, 0, _("helper command to run to communicate with CA"), HELP_TYPE_COMMAND}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "add-ca"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "add-ca"); return 1; } if (caname == NULL) { printf(_("CA nickname not specified.\n")); help(argv0, "add-ca"); return 1; } if (command == NULL) { printf(_("CA helper command not specified.\n")); help(argv0, "add-ca"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "add-ca"); return 1; } prep_bus(bus, "add-ca", verbose, argc, argv); req = prep_req(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "add_known_ca"); if (cm_tdbusm_set_ssoas(req, caname, command, NULL) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_bp(rep, globals.tctx, &b, &p) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (b) { nickname = find_ca_name(globals.tctx, bus, p, verbose); printf(_("New CA \"%s\" added.\n"), nickname ? nickname : p); } else { printf(_("New CA could not be added.\n")); exit(1); } return 0; } static int add_scep_ca(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char *caname = NULL, *url = NULL, *path = NULL, *id = NULL; char *root = NULL, *racert = NULL, *certs = NULL, *nickname, *command; char *signingca = NULL; const char *err; int c, prefer_non_renewal = 0, verbose = 0; dbus_bool_t b; static DBusMessage *req, *rep; const char *poptarg; poptContext pctx; struct poptOption popts[] = { {"ca", 'c', POPT_ARG_STRING, &caname, 0, _("nickname to give to the new CA configuration"), HELP_TYPE_NAME}, {"url", 'u', POPT_ARG_STRING, &url, 0, _("location of SCEP server"), HELP_TYPE_URL}, {"id", 'i', POPT_ARG_STRING, &id, 0, _("CA identifier"), HELP_TYPE_ID}, {"ca-cert", 'R', POPT_ARG_STRING, NULL, 'R', _("file containing CA's certificate"), HELP_TYPE_FILENAME}, {"ra-cert", 'r', POPT_ARG_STRING, NULL, 'r', _("file containing RA's certificate"), HELP_TYPE_FILENAME}, {"other-certs", 'I', POPT_ARG_STRING, NULL, 'I', _("file containing certificates in RA's certifying chain"), HELP_TYPE_FILENAME}, {"signingca", 'N', POPT_ARG_STRING, NULL, 'N', _("the CA certificate which signed the RA certificate"), HELP_TYPE_FILENAME}, {"non-renewal", 'n', POPT_ARG_NONE, &prefer_non_renewal, 0, _("prefer to not use the SCEP Renewal feature"), NULL}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "add-scep-ca"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { poptarg = poptGetOptArg(pctx); switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; case 'R': if (validate_pem(globals.tctx, poptarg) != 0) { printf("The root certificate(s) in %s is not valid PEM\n", poptarg); return 1; } root = talloc_strdup(globals.tctx, poptarg); break; case 'r': if (validate_pem(globals.tctx, poptarg) != 0) { printf("The RA certificate(s) in %s is not valid PEM\n", poptarg); return 1; } racert = talloc_strdup(globals.tctx, poptarg); break; case 'I': if (validate_pem(globals.tctx, poptarg) != 0) { printf("The certificate(s) in %s is not valid PEM\n", poptarg); return 1; } certs = talloc_strdup(globals.tctx, poptarg); break; case 'N': if (validate_pem(globals.tctx, poptarg) != 0) { printf("The certificate(s) in %s is not valid PEM\n", poptarg); return 1; } signingca = talloc_strdup(globals.tctx, poptarg); break; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "add-scep-ca"); return 1; } if (caname == NULL) { printf(_("CA nickname not specified.\n")); help(argv0, "add-scep-ca"); return 1; } if (url == NULL) { printf(_("server URL not specified.\n")); help(argv0, "add-scep-ca"); return 1; } if ((root == NULL) && (strncmp(url, "https:", 6) == 0)) { printf(_("HTTPS requires a CA certificate.\n")); help(argv0, "add-scep-ca"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "add-scep-ca"); return 1; } command = talloc_asprintf(globals.tctx, "%s -u %s %s %s %s %s %s %s %s %s %s %s %s", shell_escape(globals.tctx, CM_SCEP_HELPER_PATH), shell_escape(globals.tctx, url), root ? "-R" : "", root ? shell_escape(globals.tctx, root) : "", racert ? "-r" : "", racert ? shell_escape(globals.tctx, racert) : "", id ? "-i" : "", id ? shell_escape(globals.tctx, id) : "", certs ? "-I" : "", certs ? shell_escape(globals.tctx, certs) : "", signingca ? "-N" : "", signingca ? shell_escape(globals.tctx, signingca) : "", prefer_non_renewal ? "-n" : ""); for (c = 0; c < verbose; c++) { command = talloc_strdup_append(command, " -v"); } if (command == NULL) { printf(_("Error building command line.\n")); exit(1); } prep_bus(bus, "add-scep-ca", verbose, argc, argv); req = prep_req(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "add_known_ca"); if (cm_tdbusm_set_ssoas(req, caname, command, NULL) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_bp(rep, globals.tctx, &b, &path) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (b) { nickname = find_ca_name(globals.tctx, bus, path, verbose); printf(_("New CA \"%s\" added.\n"), nickname ? nickname : path); if (id != NULL) { req = prep_req(bus, path, DBUS_INTERFACE_PROPERTIES, "Set"); if (cm_tdbusm_set_ssvs(req, CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_SCEP_CA_IDENTIFIER, id) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); err = dbus_message_get_error_name(rep); if (err != NULL) { printf(_("Error setting CA identifier.\n")); exit(1); } dbus_message_unref(rep); } } else { printf(_("New CA could not be added.\n")); exit(1); } return 0; } static int modify_ca(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char *caname = NULL, *command = NULL, *nickname, *path; const char *err; int c, verbose = 0; static DBusMessage *req, *rep; poptContext pctx; struct poptOption popts[] = { {"ca", 'c', POPT_ARG_STRING, &caname, 0, _("nickname of the CA configuration"), HELP_TYPE_NAME}, {"command", 'e', POPT_ARG_STRING, &command, 0, _("updated helper command to run to communicate with CA"), HELP_TYPE_COMMAND}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "modify-ca"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "modify-ca"); return 1; } if (caname == NULL) { printf(_("CA nickname not specified.\n")); help(argv0, "modify-ca"); return 1; } if (command == NULL) { printf(_("CA helper command not specified.\n")); help(argv0, "modify-ca"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "modify-ca"); return 1; } prep_bus(bus, "modify-ca", verbose, argc, argv); path = find_ca_by_name(globals.tctx, bus, caname, verbose); req = prep_req(bus, path, DBUS_INTERFACE_PROPERTIES, "Set"); if (cm_tdbusm_set_ssvs(req, CM_DBUS_CA_INTERFACE, CM_DBUS_PROP_EXTERNAL_HELPER, command) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); err = dbus_message_get_error_name(rep); if (err == NULL) { nickname = find_ca_name(globals.tctx, bus, path, verbose); printf(_("CA \"%s\" modified.\n"), nickname ? nickname : caname); } else { printf(_("CA could not be modified.\n")); exit(1); } dbus_message_unref(rep); return 0; } static int remove_ca(const char *argv0, int argc, const char **argv) { enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS; char *caname = NULL, *path; int c, verbose = 0; dbus_bool_t b; static DBusMessage *req, *rep; poptContext pctx; struct poptOption popts[] = { {"ca", 'c', POPT_ARG_STRING, &caname, 0, _("nickname of CA configuration to remove"), HELP_TYPE_NAME}, {"session", 's', POPT_ARG_NONE, NULL, 's', _("connect to the certmonger service on the session bus"), NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', _("connect to the certmonger service on the system bus"), NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; if ((getenv(CERTMONGER_PVT_ADDRESS_ENV) != NULL) && (strlen(getenv(CERTMONGER_PVT_ADDRESS_ENV)) > 0)) { bus = cm_tdbus_private; } pctx = poptGetContext(argv0, argc, argv, popts, 0); if (pctx == NULL) { help(argv0, "remove-ca"); return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'v': verbose++; break; case 'H': poptPrintHelp(pctx, stdout, 0); return 1; break; } } if (c != -1) { printf("%s\n", make_popt_error(pctx, c)); help(argv0, "remove-ca"); return 1; } if (caname == NULL) { printf(_("CA nickname not specified.\n")); help(argv0, "remove-ca"); return 1; } if (poptPeekArg(pctx) != NULL) { printf(_("Error: unused extra arguments were supplied.\n")); help(argv0, "remove-ca"); return 1; } prep_bus(bus, "remove-ca", verbose, argc, argv); path = find_ca_by_name(globals.tctx, bus, caname, verbose); if (path == NULL) { printf(_("No CA with name \"%s\" found.\n"), caname); return 1; } req = prep_req(bus, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "remove_known_ca"); if (cm_tdbusm_set_p(req, path) != 0) { printf(_("Error setting request arguments.\n")); exit(1); } rep = send_req(req, verbose); if (cm_tdbusm_get_b(rep, globals.tctx, &b) != 0) { printf(_("Error parsing server response.\n")); exit(1); } dbus_message_unref(rep); if (b) { printf(_("CA \"%s\" removed.\n"), caname); } else { printf(_("CA could not be removed.\n")); exit(1); } return 0; } #endif static struct { const char *verb; int (*fn)(const char *, int, const char **); } verbs[] = { {"request", request}, {"start-tracking", start_tracking}, {"stop-tracking", stop_tracking}, {"resubmit", resubmit}, {"rekey", rekey}, {"refresh", refresh}, {"list", list}, {"status", status}, #ifndef FORCE_CA {"add-ca", add_ca}, {"add-scep-ca", add_scep_ca}, #endif {"list-cas", list_cas}, #ifndef FORCE_CA {"modify-ca", modify_ca}, #endif {"refresh-ca", refresh_ca}, #ifndef FORCE_CA {"remove-ca", remove_ca}, #endif }; static void help(const char *twopartcmd, const char *category) { unsigned int i, j; const char *general_help[] = { N_("%s - client certificate enrollment tool\n"), NULL, }; const char *request_help[] = { N_("Usage: %s request [options]\n"), "\n", N_("Required arguments:\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -k FILE, --keyfile=FILE\n"), N_(" PEM file for private key\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" PEM file for certificate (only valid with -k)\n"), N_("* If keys are to be encrypted:\n"), N_(" -p FILE, --pinfile=FILE\n"), N_(" file which holds the encryption PIN\n"), N_(" -P PIN, --pin=PIN PIN value\n"), "\n", N_("Optional arguments:\n"), N_("* Certificate handling settings:\n"), N_(" -I NAME, --new-id=NAME\n"), N_(" new nickname to give to tracking request\n"), N_(" -G TYPE, --key-type=TYPE\n"), N_(" type of key to be generated if one is not already\n"), N_(" in place\n"), N_(" -g BITS, --key-size=BITS\n"), N_(" size of key to be generated if one is not already\n"), N_(" in place\n"), N_(" -r, --renew attempt to renew the certificate when\n"), N_(" expiration nears (default)\n"), N_(" -R, --no-renew don't attempt to renew the certificate when\n"), N_(" expiration nears\n"), #ifndef FORCE_CA N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), #endif N_(" -T PROFILE, --profile=NAME\n"), N_(" ask the CA to process the request using the\n"), N_(" named profile or template\n"), N_(" --ms-template-spec SPEC\n"), N_(" include V2 template specifier in CSR\n"), N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"), N_(" -X ISSUER, --issuer=ISSUER\n"), N_(" ask the CA to process the request using the\n"), N_(" named issuer\n"), "\n", N_("* Parameters for the signing request:\n"), N_(" -N NAME, --subject-name=NAME\n"), N_(" set requested subject name (default: CN=)\n"), N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"), N_(" override requested extended key usage OID\n"), N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"), N_(" set requested key usage value\n"), N_(" -K NAME, --principal=NAME\n"), N_(" override requested principal name\n"), N_(" -D DNSNAME, --dns=DNSNAME\n"), N_(" override requested DNS name\n"), N_(" -E EMAIL, --email=EMAIL\n"), N_(" override requested email address\n"), N_(" -A ADDRESS, --ip-address=ADDRESS\n"), N_(" override requested IP address\n"), N_(" -l FILE, --challenge-password-file=FILE\n"), N_(" file which holds an optional challenge password\n"), N_(" -L PASSWORD, --challenge-password=PASSWORD\n"), N_(" an optional challenge password value\n"), "\n", N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -B COMMAND, --before-command=COMMAND\n"), N_(" command to run before saving the certificate\n"), N_(" -C COMMAND, --after-command=COMMAND\n"), N_(" command to run after saving the certificate\n"), N_(" -F FILE, --ca-file=FILE\n"), N_(" file in which to store the CA's certificates\n"), N_(" -a DIR, --ca-dbdir=DIR\n"), N_(" NSS database in which to store the CA's certificates\n"), N_(" -w, --wait try to wait for the certificate to be issued\n"), N_(" --wait-timeout TIMEOUT\n"), N_(" Maximum time to wait for the certificateto be issued\n"), N_(" -v, --verbose report all details of errors\n"), N_(" -o OWNER, --key-owner=OWNER\n"), N_(" owner information for private key\n"), N_(" -m MODE, --key-perms=MODE\n"), N_(" file permissions for private key\n"), N_(" -O OWNER, --cert-owner=OWNER\n"), N_(" owner information for certificate\n"), N_(" -M MODE, --cert-perms=MODE\n"), N_(" file permissions for certificate\n"), N_(" -Z USER, --nss-user=USER\n"), N_(" User to switch to during NSS save operations\n"), NULL, }; const char *start_tracking_help[] = { N_("Usage: %s start-tracking [options]\n"), "\n", N_("Required arguments:\n"), N_("* If modifying an existing request:\n"), N_(" -i NAME, --id=NAME nickname of an existing tracking request\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"), N_(" (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -k FILE, --keyfile=FILE\n"), N_(" PEM file for private key\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" PEM file for certificate (only valid with -k)\n"), N_("* If keys are encrypted:\n"), N_(" -p FILE, --pinfile=FILE\n"), N_(" file which holds the encryption PIN\n"), N_(" -P PIN, --pin=PIN PIN value\n"), "\n", N_("Optional arguments:\n"), N_("* Certificate handling settings:\n"), N_(" -I NAME, --new-id=NAME\n"), N_(" new nickname to give to tracking request\n"), N_(" -r, --renew attempt to renew the certificate when\n"), N_(" expiration nears (default)\n"), N_(" -R, --no-renew don't attempt to renew the certificate when\n"), N_(" expiration nears\n"), #ifndef FORCE_CA N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), #endif N_(" -T PROFILE, --profile=NAME\n"), N_(" ask the CA to process the request using the\n"), N_(" named profile or template\n"), N_(" --ms-template-spec SPEC\n"), N_(" include V2 template specifier in CSR\n"), N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"), N_(" -X ISSUER, --issuer=ISSUER\n"), N_(" ask the CA to process the request using the\n"), N_(" named issuer\n"), "\n", N_("* Parameters for the signing request at renewal time:\n"), N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"), N_(" override requested extended key usage OID\n"), N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"), N_(" set requested key usage value\n"), N_(" -K NAME, --principal=NAME\n"), N_(" override requested principal name\n"), N_(" -D DNSNAME, --dns=DNSNAME\n"), N_(" override requested DNS name\n"), N_(" -E EMAIL, --email=EMAIL\n"), N_(" override requested email address\n"), N_(" -A ADDRESS, --ip-address=ADDRESS\n"), N_(" override requested IP address\n"), N_(" -l FILE, --challenge-password-file=FILE\n"), N_(" file which holds an optional challenge password\n"), N_(" -L PASSWORD, --challenge-password=PASSWORD\n"), N_(" an optional challenge password value\n"), "\n", N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), "\n", N_("* Other options:\n"), N_(" -B COMMAND, --before-command=COMMAND\n"), N_(" command to run before saving the certificate\n"), N_(" -C COMMAND, --after-command=COMMAND\n"), N_(" command to run after saving the certificate\n"), N_(" -F FILE, --ca-file=FILE\n"), N_(" file in which to store the CA's certificates\n"), N_(" -a DIR, --ca-dbdir=DIR\n"), N_(" NSS database in which to store the CA's certificates\n"), N_(" -w, --wait try to wait for the certificate to be issued\n"), N_(" --wait-timeout TIMEOUT\n"), N_(" Maximum time to wait for the certificateto be issued\n"), N_(" -v, --verbose report all details of errors\n"), N_(" -o OWNER, --key-owner=OWNER\n"), N_(" owner information for private key\n"), N_(" -m MODE, --key-perms=MODE\n"), N_(" file permissions for private key\n"), N_(" -O OWNER, --cert-owner=OWNER\n"), N_(" owner information for certificate\n"), N_(" -M MODE, --cert-perms=MODE\n"), N_(" file permissions for certificate\n"), N_(" -Z USER, --nss-user=USER\n"), N_(" User to switch to during NSS save operations\n"), NULL, }; const char *stop_tracking_help[] = { N_("Usage: %s stop-tracking [options]\n"), "\n", N_("Required arguments:\n"), N_("* By request identifier:\n"), N_(" -i NAME, --id=NAME nickname for tracking request\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -k FILE, --keyfile=FILE\n"), N_(" PEM file for private key\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" PEM file for certificate (only valid with -k)\n"), "\n", N_("Optional arguments:\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), "\n", N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *resubmit_help[] = { N_("Usage: %s resubmit [options]\n"), "\n", N_("Required arguments:\n"), N_("* By request identifier:\n"), N_(" -i NAME, --id=NAME nickname for tracking request\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"), N_(" (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" PEM file for certificate\n"), "\n", N_("* If keys are encrypted:\n"), N_(" -p FILE, --pinfile=FILE\n"), N_(" file which holds the encryption PIN\n"), N_(" -P PIN, --pin=PIN PIN value\n"), "\n", N_("* New parameter values for the signing request:\n"), N_(" -N NAME, --subject-name=NAME\n"), N_(" set requested subject name (default: CN=)\n"), N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"), N_(" override requested extended key usage OID\n"), N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"), N_(" set requested key usage value\n"), N_(" -K NAME, --principal=NAME\n"), N_(" override requested principal name\n"), N_(" -D DNSNAME, --dns=DNSNAME\n"), N_(" override requested DNS name\n"), N_(" -E EMAIL, --email=EMAIL\n"), N_(" override requested email address\n"), N_(" -A ADDRESS, --ip-address=ADDRESS\n"), N_(" override requested IP address\n"), N_(" -l FILE, --challenge-password-file=FILE\n"), N_(" file which holds an optional challenge password\n"), N_(" -L PASSWORD, --challenge-password=PASSWORD\n"), N_(" an optional challenge password value\n"), "\n", N_("Optional arguments:\n"), N_("* Certificate handling settings:\n"), N_(" -I NAME, --new-id=NAME\n"), N_(" new nickname to give to tracking request\n"), #ifndef FORCE_CA N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), #endif N_(" -T PROFILE, --profile=NAME\n"), N_(" ask the CA to process the request using the\n"), N_(" named profile or template\n"), N_(" --ms-template-spec SPEC\n"), N_(" include V2 template specifier in CSR\n"), N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"), N_(" -X ISSUER, --issuer=ISSUER\n"), N_(" ask the CA to process the request using the\n"), N_(" named issuer\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -B COMMAND, --before-command=COMMAND\n"), N_(" command to run before saving the certificate\n"), N_(" -C COMMAND, --after-command=COMMAND\n"), N_(" command to run after saving the certificate\n"), N_(" -F FILE, --ca-file=FILE\n"), N_(" file in which to store the CA's certificates\n"), N_(" -a DIR, --ca-dbdir=DIR\n"), N_(" NSS database in which to store the CA's certificates\n"), N_(" -w, --wait try to wait for the certificate to be issued\n"), N_(" --wait-timeout TIMEOUT\n"), N_(" Maximum time to wait for the certificateto be issued\n"), N_(" -v, --verbose report all details of errors\n"), N_(" -o OWNER, --key-owner=OWNER\n"), N_(" owner information for private key\n"), N_(" -m MODE, --key-perms=MODE\n"), N_(" file permissions for private key\n"), N_(" -O OWNER, --cert-owner=OWNER\n"), N_(" owner information for certificate\n"), N_(" -M MODE, --cert-perms=MODE\n"), N_(" file permissions for certificate\n"), N_(" -Z USER, --nss-user=USER\n"), N_(" User to switch to during NSS save operations\n"), NULL, }; const char *rekey_help[] = { N_("Usage: %s rekey [options]\n"), "\n", N_("Required arguments:\n"), N_("* By request identifier:\n"), N_(" -i NAME, --id=NAME nickname for tracking request\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"), N_(" (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" PEM file for certificate\n"), "\n", N_("* If keys are encrypted:\n"), N_(" -p FILE, --pinfile=FILE\n"), N_(" file which holds the encryption PIN\n"), N_(" -P PIN, --pin=PIN PIN value\n"), "\n", N_("* New parameter values for the signing request:\n"), N_(" -N NAME, --subject-name=NAME\n"), N_(" set requested subject name (default: CN=)\n"), N_(" -U EXTUSAGE, --extended-key-usage=EXTUSAGE\n"), N_(" override requested extended key usage OID\n"), N_(" -u KEYUSAGE, --key-usage=KEYUSAGE\n"), N_(" set requested key usage value\n"), N_(" -K NAME, --principal=NAME\n"), N_(" override requested principal name\n"), N_(" -D DNSNAME, --dns=DNSNAME\n"), N_(" override requested DNS name\n"), N_(" -E EMAIL, --email=EMAIL\n"), N_(" override requested email address\n"), N_(" -A ADDRESS, --ip-address=ADDRESS\n"), N_(" override requested IP address\n"), N_(" -l FILE, --challenge-password-file=FILE\n"), N_(" file which holds an optional challenge password\n"), N_(" -L PASSWORD, --challenge-password=PASSWORD\n"), N_(" an optional challenge password value\n"), "\n", N_("Optional arguments:\n"), N_("* Certificate handling settings:\n"), N_(" -I NAME, --new-id=NAME\n"), N_(" new nickname to give to tracking request\n"), #ifndef FORCE_CA N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), #endif N_(" -T PROFILE, --profile=NAME\n"), N_(" ask the CA to process the request using the\n"), N_(" named profile or template\n"), N_(" --ms-template-spec SPEC\n"), N_(" include V2 template specifier in CSR\n"), N_(" (format: OID:MAJOR-VERSION[:MINOR-VERSION])\n"), N_(" -X ISSUER, --issuer=ISSUER\n"), N_(" ask the CA to process the request using the\n"), N_(" named issuer\n"), N_(" -G TYPE, --key-type=TYPE\n"), N_(" type of key to be generated if one is not already\n"), N_(" in place\n"), N_(" -g BITS, --key-size=BITS\n"), N_(" size of key to be generated if one is not already\n"), N_(" in place\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -B COMMAND, --before-command=COMMAND\n"), N_(" command to run before saving the certificate\n"), N_(" -C COMMAND, --after-command=COMMAND\n"), N_(" command to run after saving the certificate\n"), N_(" -F FILE, --ca-file=FILE\n"), N_(" file in which to store the CA's certificates\n"), N_(" -a DIR, --ca-dbdir=DIR\n"), N_(" NSS database in which to store the CA's certificates\n"), N_(" -w, --wait try to wait for the certificate to be issued\n"), N_(" --wait-timeout TIMEOUT\n"), N_(" Maximum time to wait for the certificateto be issued\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *list_help[] = { N_("Usage: %s list [options]\n"), "\n", N_("Optional arguments:\n"), N_("* General options:\n"), #ifndef FORCE_CA N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), #endif N_(" -r, --requests-only list only information about outstanding requests\n"), N_(" -t, --tracking-only list only information about tracked certificates\n"), N_(" -u, --utc display times in UTC instead of local time\n"), N_("* If selecting a specific request:\n"), N_(" -i NAME, --id=NAME nickname for tracking request\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" only list requests and certs stored in this PEM file\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *refresh_help[] = { N_("Usage: %s refresh [options]\n"), "\n", N_("* General options:\n"), N_(" -a, --all refresh information about all outstanding requests\n"), "\n", N_("Required arguments:\n"), N_("* By request identifier:\n"), N_(" -i NAME, --id=NAME nickname for tracking request\n"), N_("* If using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_(" -t NAME, --token=NAME optional token name for NSS-based storage\n"), N_(" (only valid with -d)\n"), N_("* If using files for storage:\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" PEM file for certificate\n"), "\n", N_("Optional arguments:\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *status_help[] = { N_("Usage: %s status [options]\n"), "\n", N_("Optional arguments:\n"), N_("* Selecting a specific request:\n"), N_(" -i NAME, --id=NAME nickname for tracking request\n"), N_("* When using an NSS database for storage:\n"), N_(" -d DIR, --dbdir=DIR NSS database for key and cert\n"), N_(" -n NAME, --nickname NAME\n"), N_(" nickname for NSS-based storage (only valid with -d)\n"), N_("* When using files for storage:\n"), N_(" -f FILE, --certfile=FILE\n"), N_(" return status for cert stored in this PEM file\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *list_cas_help[] = { N_("Usage: %s list-cas [options]\n"), "\n", N_("Optional arguments:\n"), #ifndef FORCE_CA N_("* General options:\n"), N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), #endif N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *refresh_ca_help[] = { N_("Usage: %s refresh-ca [options]\n"), "\n", N_("Optional arguments:\n"), #ifndef FORCE_CA N_("* General options:\n"), N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), N_(" -a, --all refresh information about all known CAs\n"), #endif N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; #ifndef FORCE_CA const char *add_ca_help[] = { N_("Usage: %s add-ca [options]\n"), "\n", N_("Optional arguments:\n"), N_("* General options:\n"), N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), N_(" -e CMD, --command CMD helper command to run to communicate with CA\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *add_scep_ca_help[] = { N_("Usage: %s add-scep-ca [options]\n"), "\n", N_("Optional arguments:\n"), N_("* General options:\n"), N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), N_(" -u URL, --URL URL location of SCEP server\n"), N_(" -i ID, --id ID CA identifier\n"), N_(" -R FILE, --ca-cert=FILE\n"), N_(" file containing web server's certificate\n"), N_(" -r FILE, --ra-cert=FILE\n"), N_(" file containing RA's certificate\n"), N_(" -N FILE, --signingca=FILE\n"), N_(" file containing CA's certificate\n"), N_(" -I FILE, --other-certs=FILE\n"), N_(" file containing certificates in RA's certifying chain\n"), N_(" -n, --non-renewal prefer not to use the SCEP Renewal feature\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *modify_ca_help[] = { N_("Usage: %s modify-ca [options]\n"), "\n", N_("Optional arguments:\n"), N_("* General options:\n"), N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), N_(" -e CMD, --command CMD helper command to run to communicate with CA\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; const char *remove_ca_help[] = { N_("Usage: %s remove-ca [options]\n"), "\n", N_("Optional arguments:\n"), N_("* General options:\n"), N_(" -c CA, --ca=NAME use the specified CA rather than the default\n"), N_("* Bus options:\n"), N_(" -S, --system connect to the certmonger service on the system bus\n"), N_(" -s, --session connect to the certmonger service on the session bus\n"), N_("* Other options:\n"), N_(" -v, --verbose report all details of errors\n"), NULL, }; #endif struct { const char *category; const char **msgs; const char *brief; } msgs[] = { {NULL, general_help, N_("Usage: %s command [options]\n")}, {"request", request_help, N_("request a new certificate from a CA\n")}, {"start-tracking", start_tracking_help, N_("begin monitoring an already-issued certificate\n")}, {"stop-tracking", stop_tracking_help, N_("stop monitoring a certificate\n")}, {"resubmit", resubmit_help, N_("resubmit an in-progress enrollment request, or start a new one\n")}, {"rekey", rekey_help, N_("generate a new private key and replace a certificate\n")}, {"refresh", refresh_help, N_("check on the status of an in-progress enrollment request\n")}, {"list", list_help, N_("list certificates being monitored and requested\n")}, {"status", status_help, N_("check the status of a certificate being monitored or requested\n")}, #ifndef FORCE_CA {"add-ca", add_ca_help, N_("add a CA configuration\n")}, {"add-scep-ca", add_scep_ca_help, N_("add an SCEP CA configuration\n")}, #endif {"list-cas", list_cas_help, N_("list known CA configurations\n")}, #ifndef FORCE_CA {"modify-ca", modify_ca_help, N_("modify a CA configuration\n")}, #endif {"refresh-ca", refresh_ca_help, N_("refresh cache of all information obtained from a CA\n")}, #ifndef FORCE_CA {"remove-ca", remove_ca_help, N_("remove a CA configuration\n")}, #endif }; char *cmd; cmd = strdup(twopartcmd); if (cmd == NULL) { return; } cmd[strcspn(cmd, " \t")] = '\0'; for (i = 0; i < sizeof(msgs) / sizeof(msgs[0]); i++) { if ((category != NULL) && (msgs[i].category != NULL) && (strcmp(category, msgs[i].category) != 0)) { continue; } if (category == NULL) { if (msgs[i].category != NULL) { printf("%-15s\t", msgs[i].category); } else { for (j = 0; msgs[i].msgs[j] != NULL; j++) { printf(_(msgs[i].msgs[j]), cmd); } printf("\n"); } printf(_(msgs[i].brief), cmd); } else { if (i > 0) { printf("\n"); } for (j = 0; msgs[i].msgs[j] != NULL; j++) { printf(_(msgs[i].msgs[j]), cmd); } } } free(cmd); } int main(int argc, const char **argv) { const char *p, *argv1; char poptname[LINE_MAX]; unsigned int i; int ret; #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); #endif NSS_NoDB_Init(NULL); p = argv[0]; if (strchr(p, '/') != NULL) { p = strrchr(p, '/') + 1; } globals.argv0 = p; if (argc > 1) { globals.verb = argv[1]; snprintf(poptname, sizeof(poptname), "%s %s", globals.argv0, globals.verb); globals.tctx = talloc_new(NULL); for (i = 0; i < sizeof(verbs) / sizeof(verbs[0]); i++) { if (strcmp(verbs[i].verb, globals.verb) == 0) { argv1 = argv[1]; argv[1] = poptname; ret = (*verbs[i].fn)(poptname, argc - 1, argv + 1); argv[1] = argv1; return ret; } } fprintf(stderr, _("%s: unrecognized command\n"), globals.verb); if (globals.verb[0] == '-') { help(globals.argv0, NULL); } talloc_free(globals.tctx); globals.tctx = NULL; return 1; } else { help(globals.argv0, NULL); return 1; } } certmonger-0.79.19/src/hook.c0000644000175000017500000004002114511314133015322 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "hook.h" #include "prefs.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "tm.h" enum cm_hook_type { cm_hook_pre_save, cm_hook_post_save, cm_hook_ca_pre_save, cm_hook_ca_post_save, }; struct cm_hook_state { struct cm_store_ca *ca; struct cm_store_entry *entry; struct cm_subproc_state *subproc; struct cm_hook_list { char *command; uid_t uid; struct cm_hook_list *next; } *hooks; }; /* Fire off a single subprocess. */ static int cm_hook_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { char **argv; const char *error; struct passwd *pwd; struct cm_hook_state *state = userdata; argv = cm_subproc_parse_args(userdata, state->hooks->command, &error); if (error != NULL) { cm_log(-2, "Error parsing \"%s\": %s; not running it.\n", state->hooks->command, error); return -1; } pwd = getpwuid(state->hooks->uid); if (pwd == NULL) { cm_log(-2, "Error on getpwuid(%lu): %s, not running \"%s\".\n", (unsigned long) state->hooks->uid, strerror(errno), state->hooks->command); return -1; } if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { if (getuid() != 0) { cm_log(0, "Error on initgroups(%s,%lu): %s, " "continuing and running \"%s\" anyway.\n", pwd->pw_name, (unsigned long) state->hooks->uid, strerror(errno), state->hooks->command); } else { cm_log(-2, "Error on initgroups(%s,%lu): %s, " "not running \"%s\".\n", pwd->pw_name, (unsigned long) state->hooks->uid, strerror(errno), state->hooks->command); return -1; } } if (setregid(pwd->pw_gid, pwd->pw_gid) == -1) { cm_log(-2, "Error on setregid(%lu,%lu,%lu): %s, " "not running \"%s\".\n", (unsigned long) pwd->pw_gid, (unsigned long) pwd->pw_gid, (unsigned long) pwd->pw_gid, strerror(errno), state->hooks->command); return -1; } if (setreuid(pwd->pw_uid, pwd->pw_uid) == -1) { cm_log(0, "Error on setreuid(%lu,%lu,%lu): %s, " "not running \"%s\".\n", (unsigned long) pwd->pw_uid, (unsigned long) pwd->pw_uid, (unsigned long) pwd->pw_uid, strerror(errno), state->hooks->command); return -1; } cm_subproc_mark_most_cloexec(fd, -1, -1); if (execvp(argv[0], argv) == -1) { cm_log(0, "Error execvp()ing command \"%s\" (\"%s\"): %s.\n", argv[0], state->hooks->command, strerror(errno)); return -1; } return -1; } /* Start the command at the head of the hooks list. */ static struct cm_hook_state * cm_hook_start(struct cm_store_ca *ca, struct cm_store_entry *entry, void *parent, const char *hook_type, struct cm_hook_list *hooks) { struct cm_hook_state *state; if (hooks == NULL) { cm_log(1, "No hooks set for %s command.\n", hook_type); return NULL; } state = talloc_ptrtype(parent, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->hooks = hooks; talloc_steal(state, hooks); state->subproc = cm_subproc_start(cm_hook_main, state, ca, entry, state); if (state->subproc == NULL) { cm_log(0, "Error starting command \"%s\".\n", state->hooks->command); talloc_free(state); state = NULL; } } else { talloc_free(hooks); } return state; } /* Add a single hook to the list of hooks if it's not already there. */ static struct cm_hook_list * add_hook(struct cm_hook_list *hooks, const char *hook, const char *hook_uid) { struct cm_hook_list *tmp = NULL, *cur = NULL, *tail = NULL; char *p; long l; if ((hook == NULL) || (hook_uid == NULL)) { return hooks; } p = NULL; l = strtol(hook_uid, &p, 10); if ((p == NULL) || (*p != '\0')) { cm_log(1, "Error parsing \"%s\" as a numeric UID.\n", hook_uid); return hooks; } if (hooks != NULL) { cur = hooks; tail = cur; while (cur != NULL) { cm_log(3, "Checking old hook \"%s\" (%lu) \"%s\" (%s).\n", cur->command, (unsigned long) cur->uid, hook, hook_uid); if ((cur->uid == l) && (strcmp(cur->command, hook) == 0)) { cm_log(3, "... already in list.\n"); return hooks; } cm_log(3, "... not in list.\n"); tail = cur; cur = cur->next; } tmp = talloc_ptrtype(tail, tmp); } else { tmp = talloc_ptrtype(NULL, tmp); } if (tmp == NULL) { cm_log(1, "Out of memory parsing hook \"%s\".\n", hook); return hooks; } memset(tmp, 0, sizeof(*tmp)); tmp->command = talloc_strdup(tmp, hook); if (tmp->command == NULL) { cm_log(1, "Out of memory parsing hook \"%s\".\n", hook); talloc_free(tmp); return hooks; } tmp->uid = l; cm_log(3, "Adding hook \"%s\" (%lu).\n", tmp->command, (unsigned long) tmp->uid); if (hooks == NULL) { return tmp; } else { tail->next = tmp; return hooks; } } /* Add the right hook if we have a matching save location. */ static struct cm_hook_list * add_hook_if_match(struct cm_hook_list *hooks, const char *hook, const char *hook_uid, char **list1, char **list2) { int i, j; if ((list1 != NULL) && (list2 != NULL)) { for (i = 0; list1[i] != NULL; i++) { for (j = 0; list2[j] != NULL; j++) { if (strcmp(list1[i], list2[j]) == 0) { hooks = add_hook(hooks, hook, hook_uid); } } } } return hooks; } /* Walk the list of entries and CAs, and if an entry or CA defines a hook of * the specified type, and the locations where that entry or CA will be storing * certificates is in one of the passed-in lists of files or databases, add the * hook to the list. */ static struct cm_hook_list * collect_hooks(struct cm_context *context, struct cm_hook_list *hooks, enum cm_hook_type hook_type, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *), char **files, char **nssdbs) { struct cm_store_entry *entry; struct cm_store_ca *ca; const char *hook = NULL, *hook_uid = NULL; int i; for (i = 0; (get_n_cas != NULL) && (i < get_n_cas(context)); i++) { ca = get_ca_by_index(context, i); hook = NULL; hook_uid = NULL; switch (hook_type) { case cm_hook_pre_save: case cm_hook_ca_pre_save: hook = ca->cm_ca_pre_save_command; hook_uid = ca->cm_ca_pre_save_uid; break; case cm_hook_post_save: case cm_hook_ca_post_save: hook = ca->cm_ca_post_save_command; hook_uid = ca->cm_ca_post_save_uid; break; } if ((hook == NULL) || (hook_uid == NULL)) { continue; } hooks = add_hook_if_match(hooks, hook, hook_uid, files, ca->cm_ca_root_cert_store_files); hooks = add_hook_if_match(hooks, hook, hook_uid, files, ca->cm_ca_other_root_cert_store_files); hooks = add_hook_if_match(hooks, hook, hook_uid, files, ca->cm_ca_other_cert_store_files); hooks = add_hook_if_match(hooks, hook, hook_uid, nssdbs, ca->cm_ca_root_cert_store_nssdbs); hooks = add_hook_if_match(hooks, hook, hook_uid, nssdbs, ca->cm_ca_other_root_cert_store_nssdbs); hooks = add_hook_if_match(hooks, hook, hook_uid, nssdbs, ca->cm_ca_other_cert_store_nssdbs); } for (i = 0; (get_n_entries != NULL) && (i < get_n_entries(context)); i++) { entry = get_entry_by_index(context, i); hook = NULL; hook_uid = NULL; switch (hook_type) { case cm_hook_pre_save: case cm_hook_ca_pre_save: hook = entry->cm_pre_certsave_command; hook_uid = entry->cm_pre_certsave_uid; break; case cm_hook_post_save: case cm_hook_ca_post_save: hook = entry->cm_post_certsave_command; hook_uid = entry->cm_post_certsave_uid; break; } if ((hook == NULL) || (hook_uid == NULL)) { continue; } hooks = add_hook_if_match(hooks, hook, hook_uid, files, entry->cm_root_cert_store_files); hooks = add_hook_if_match(hooks, hook, hook_uid, files, entry->cm_other_root_cert_store_files); hooks = add_hook_if_match(hooks, hook, hook_uid, files, entry->cm_other_cert_store_files); hooks = add_hook_if_match(hooks, hook, hook_uid, nssdbs, entry->cm_root_cert_store_nssdbs); hooks = add_hook_if_match(hooks, hook, hook_uid, nssdbs, entry->cm_other_root_cert_store_nssdbs); hooks = add_hook_if_match(hooks, hook, hook_uid, nssdbs, entry->cm_other_cert_store_nssdbs); } return hooks; } /* Start the pre-save hook. */ struct cm_hook_state * cm_hook_start_presave(struct cm_store_entry *entry, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)) { struct cm_hook_list *hooks = NULL; /* Make a list of the presave hooks from all of the entries and CAs * which reference the storage locations for the certificates that are * referenced by this entry. */ hooks = collect_hooks(context, hooks, cm_hook_pre_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, entry->cm_root_cert_store_files, entry->cm_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_pre_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, entry->cm_other_root_cert_store_files, entry->cm_other_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_pre_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, entry->cm_other_cert_store_files, entry->cm_other_cert_store_nssdbs); /* Add the entry's own presave hook. */ hooks = add_hook(hooks, entry->cm_pre_certsave_command, entry->cm_pre_certsave_uid); return cm_hook_start(NULL, entry, context, "pre-save", hooks); } /* Start the post-save hook. */ struct cm_hook_state * cm_hook_start_postsave(struct cm_store_entry *entry, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)) { struct cm_hook_list *hooks = NULL; /* Make a list of the postsave hooks from all of the entries and CAs * which reference the storage locations for the certificates that are * referenced by this entry. */ hooks = collect_hooks(context, hooks, cm_hook_post_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, entry->cm_root_cert_store_files, entry->cm_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_post_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, entry->cm_other_root_cert_store_files, entry->cm_other_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_post_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, entry->cm_other_cert_store_files, entry->cm_other_cert_store_nssdbs); /* Add the entry's own postsave hook. */ hooks = add_hook(hooks, entry->cm_post_certsave_command, entry->cm_post_certsave_uid); return cm_hook_start(NULL, entry, context, "post-save", hooks); } /* Start the CA pre-save hook. */ struct cm_hook_state * cm_hook_start_ca_presave(struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)) { struct cm_hook_list *hooks = NULL; /* Make a list of the presave hooks from all of the entries and CAs * which reference the storage locations for the certificates that are * referenced by this CA. */ hooks = collect_hooks(context, hooks, cm_hook_ca_pre_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, ca->cm_ca_root_cert_store_files, ca->cm_ca_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_ca_pre_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, ca->cm_ca_other_root_cert_store_files, ca->cm_ca_other_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_ca_pre_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, ca->cm_ca_other_cert_store_files, ca->cm_ca_other_cert_store_nssdbs); return cm_hook_start(ca, NULL, context, "ca-pre-save", hooks); } /* Start the CA post-save hook. */ struct cm_hook_state * cm_hook_start_ca_postsave(struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)) { struct cm_hook_list *hooks = NULL; /* Make a list of the postsave hooks from all of the entries and CAs * which reference the storage locations for the certificates that are * referenced by this CA. */ hooks = collect_hooks(context, hooks, cm_hook_ca_post_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, ca->cm_ca_root_cert_store_files, ca->cm_ca_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_ca_post_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, ca->cm_ca_other_root_cert_store_files, ca->cm_ca_other_root_cert_store_nssdbs); hooks = collect_hooks(context, hooks, cm_hook_ca_post_save, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, ca->cm_ca_other_cert_store_files, ca->cm_ca_other_cert_store_nssdbs); return cm_hook_start(ca, NULL, context, "ca-post-save", hooks); } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_hook_get_fd(struct cm_hook_state *state) { if (state->subproc != NULL) { return cm_subproc_get_fd(state->subproc); } return -1; } /* Check if our child process has exited. */ int cm_hook_ready(struct cm_hook_state *state) { int result = -1; if (state->subproc != NULL) { result = cm_subproc_ready(state->subproc); } if (result == 0) { if (state->hooks->next != NULL) { /* Clean up this subprocess. */ if (state->subproc != NULL) { cm_subproc_done(state->subproc); } /* Start the next subprocess. */ state->hooks = state->hooks->next; state->subproc = cm_subproc_start(cm_hook_main, state, state->ca, state->entry, state); if (state->subproc == NULL) { cm_log(0, "Error starting command \"%s\".\n", state->hooks->command); } else { /* "Try again", though the caller will actually * be waiting on the new subprocess. */ return -1; } } } return result; } /* Clean up after... well, we don't really know. */ void cm_hook_done(struct cm_hook_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } certmonger-0.79.19/src/hook.h0000644000175000017500000000550614511314133015340 0ustar gitgit00000000000000/* * Copyright (C) 2012,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmhook_h #define cmhook_h struct cm_hook_state; struct cm_store_entry; struct cm_store_ca; struct cm_context; /* Start doing whatever we need to before saving the certificate to the * configured location. */ struct cm_hook_state *cm_hook_start_presave(struct cm_store_entry *entry, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)); struct cm_hook_state *cm_hook_start_ca_presave(struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)); /* Start doing whatever we need to after saving the certificate to the * configured location. */ struct cm_hook_state *cm_hook_start_postsave(struct cm_store_entry *entry, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)); struct cm_hook_state *cm_hook_start_ca_postsave(struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *)); /* Check if something changed, for example we finished doing whatever it is * that we're doing. */ int cm_hook_ready(struct cm_hook_state *state); /* Get a selectable-for-read descriptor which will either have data or be * closed when status changes. */ int cm_hook_get_fd(struct cm_hook_state *state); /* Clean up after ourselves. */ void cm_hook_done(struct cm_hook_state *state); #endif certmonger-0.79.19/src/introspect.sh.in0000644000175000017500000000055514511314133017361 0ustar gitgit00000000000000#!/bin/sh -x if test -n "$@CERTMONGER_PVT_ADDRESS_ENV@" ; then address=--address="$@CERTMONGER_PVT_ADDRESS_ENV@" else address="--system --dest=@CM_DBUS_NAME@" fi for object in "$@" ; do case "$object" in --*) address="$object" object= ;; *) dbus-send $address --print-reply "${object:-/}" org.freedesktop.DBus.Introspectable.Introspect ;; esac done certmonger-0.79.19/src/ipa-getcert.1.in0000644000175000017500000000423514511314133017120 0ustar gitgit00000000000000.TH CERTMONGER 1 "November 3, 2009" "certmonger Manual" .SH NAME ipa\-getcert .SH SYNOPSIS ipa\-getcert request [options] ipa\-getcert resubmit [options] ipa\-getcert start\-tracking [options] ipa\-getcert status [options] ipa\-getcert stop\-tracking [options] ipa\-getcert list [options] ipa\-getcert list\-cas [options] ipa\-getcert refresh\-cas [options] .SH DESCRIPTION The \fIipa\-getcert\fR tool issues requests to a @CM_DBUS_NAME@ service on behalf of the invoking user. It can ask the service to begin enrollment, optionally generating a key pair to use, it can ask the service to begin monitoring a certificate in a specified location for expiration, and optionally to refresh it when expiration nears, it can list the set of certificates that the service is already monitoring, or it can list the set of CAs that the service is capable of using. If no command is given as the first command\-line argument, \fIipa\-getcert\fR will print short usage information for each of its functions. The \fIipa\-getcert\fR tool behaves identically to the generic \fIgetcert\fR tool when it is used with the \fB\-c \fI@CM_IPA_CA_NAME@\fR option. \fBcertmonger\fR supports retrieving trusted certificates from IPA CAs. See \fBgetcert\-request\fR(1) and \fBgetcert\-resubmit\fR(1) for information about using the \fB\-F\fR and \fB\-a\fR options to specify where those certificates should be stored. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/ipa-getcert.c0000644000175000017500000000011114511314133016562 0ustar gitgit00000000000000#include "config.h" #define FORCE_CA CM_IPA_CA_NAME #include "getcert.c" certmonger-0.79.19/src/ipa.c0000644000175000017500000010721014511314133015137 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "srvloc.h" #include "store.h" #include "submit-e.h" #include "submit-u.h" #include "submit-h.h" #include "util.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif static char * get_error_message(krb5_context ctx, krb5_error_code kcode) { const char *ret; #ifdef HAVE_KRB5_GET_ERROR_MESSAGE const char *kret; kret = ctx ? krb5_get_error_message(ctx, kcode) : NULL; if (kret == NULL) { ret = error_message(kcode); } else { ret = strdup(kret); krb5_free_error_message(ctx, kret); } return ret; #else ret = error_message(kcode); return strdup(ret); #endif } char * cm_submit_ccache_realm(char **msg) { krb5_context ctx; krb5_ccache ccache; krb5_principal princ; krb5_error_code kret; krb5_data *data; char *ret; if (msg != NULL) { *msg = NULL; } kret = krb5_init_context(&ctx); if (kret != 0) { fprintf(stderr, "Error initializing Kerberos: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return NULL; } kret = krb5_cc_default(ctx, &ccache); if (kret != 0) { fprintf(stderr, "Error resolving default ccache: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return NULL; } kret = krb5_cc_get_principal(ctx, ccache, &princ); if (kret != 0) { fprintf(stderr, "Error reading default principal: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return NULL; } data = krb5_princ_realm(ctx, princ); if (data == NULL) { fprintf(stderr, "Error retrieving principal realm.\n"); if (msg != NULL) { *msg = strdup("Error retrieving principal realm.\n"); } return NULL; } ret = malloc(data->length + 1); if (ret == NULL) { fprintf(stderr, "Out of memory for principal realm.\n"); if (msg != NULL) { *msg = strdup("Out of memory for principal realm.\n"); } return NULL; } memcpy(ret, data->data, data->length); ret[data->length] = '\0'; return ret; } krb5_error_code cm_submit_make_ccache(const char *ktname, const char *principal, char **msg) { krb5_context ctx; krb5_keytab keytab; krb5_ccache ccache; krb5_creds creds; krb5_principal princ; krb5_error_code kret; krb5_get_init_creds_opt gicopts, *gicoptsp; char *ret; if (msg != NULL) { *msg = NULL; } kret = krb5_init_context(&ctx); if (kret != 0) { ret = get_error_message(ctx, kret); fprintf(stderr, "Error initializing Kerberos: %s.\n", ret); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } if (ktname != NULL) { kret = krb5_kt_resolve(ctx, ktname, &keytab); } else { kret = krb5_kt_default(ctx, &keytab); } if (kret != 0) { fprintf(stderr, "Error resolving keytab: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } princ = NULL; if (principal != NULL) { kret = krb5_parse_name(ctx, principal, &princ); if (kret != 0) { fprintf(stderr, "Error parsing \"%s\": %s.\n", principal, ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } } else { kret = krb5_sname_to_principal(ctx, NULL, NULL, KRB5_NT_SRV_HST, &princ); if (kret != 0) { fprintf(stderr, "Error building client name: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } } memset(&creds, 0, sizeof(creds)); #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC memset(&gicopts, 0, sizeof(gicopts)); gicoptsp = NULL; kret = krb5_get_init_creds_opt_alloc(ctx, &gicoptsp); if (kret != 0) { fprintf(stderr, "Internal error: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } #else krb5_get_init_creds_opt_init(&gicopts); gicoptsp = &gicopts; #endif krb5_get_init_creds_opt_set_forwardable(gicoptsp, 1); kret = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, gicoptsp); #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt_free(ctx, gicoptsp); #endif if (kret != 0) { fprintf(stderr, "Error obtaining initial credentials: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } ccache = NULL; kret = krb5_cc_resolve(ctx, "MEMORY:" PACKAGE_NAME "_submit", &ccache); if (kret == 0) { kret = krb5_cc_initialize(ctx, ccache, creds.client); } if (kret != 0) { fprintf(stderr, "Error initializing credential cache: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } kret = krb5_cc_store_cred(ctx, ccache, &creds); if (kret != 0) { fprintf(stderr, "Error storing creds in credential cache: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } krb5_cc_close(ctx, ccache); krb5_kt_close(ctx, keytab); krb5_free_principal(ctx, princ); krb5_free_context(ctx); putenv("KRB5CCNAME=MEMORY:" PACKAGE_NAME "_submit"); return 0; } static int interact(LDAP *ld, unsigned flags, void *defaults, void *sasl_interact) { return 0; } /* Connect and authenticate to a specific directory server. */ static LDAP * cm_open_ldap(const char *uri) { LDAP *ld; int rc, three; const char *ldefaults[] = {"meh"}; ld = NULL; rc = ldap_initialize(&ld, uri); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Error initializing \"%s\": %s.\n", uri, ldap_err2string(rc)); return NULL; } three = 3; rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &three); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Error initializing \"%s\": %s.\n", uri, ldap_err2string(rc)); return NULL; } rc = ldap_sasl_interactive_bind_s(ld, NULL, "GSSAPI", NULL, NULL, LDAP_SASL_QUIET, &interact, ldefaults); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Error binding to \"%s\": %s.\n", uri, ldap_err2string(rc)); return NULL; } return ld; } /* Connect and authenticate to the domain's directory server. */ static int cm_open_any_ldap(const char *server, int ldap_uri_cmd, const char *ldap_uri, const char *host, const char *domain, char *uri, size_t uri_len, LDAP **ld) { struct cm_srvloc *srvlocs, *srv; *ld = NULL; /* Prepare to perform an LDAP search. */ if ((server != NULL) && !ldap_uri_cmd) { snprintf(uri, uri_len, "ldap://%s/", server); } else if (ldap_uri != NULL) { snprintf(uri, uri_len, "%s", ldap_uri); } else if (host != NULL) { snprintf(uri, uri_len, "ldap://%s/", host); } /* Connect and authenticate. */ if (strlen(uri) != 0) { *ld = cm_open_ldap(uri); } if ((*ld == NULL) && (cm_srvloc_resolve(NULL, "_ldap._tcp", domain, &srvlocs) == 0)) { for (srv = srvlocs; (srv != NULL) && (*ld == NULL); srv = srv->next) { if (srv->port != 0) { snprintf(uri, uri_len, "ldap://%s:%d/", srv->host, srv->port); } else { snprintf(uri, uri_len, "ldap://%s/", srv->host); } *ld = cm_open_ldap(uri); } } if (strlen(uri) == 0) { printf(_("Unable to determine location of " "IPA LDAP server.\n")); return CM_SUBMIT_STATUS_UNCONFIGURED; } if (*ld == NULL) { printf(_("Unable to contact an IPA LDAP server.\n")); return CM_SUBMIT_STATUS_UNREACHABLE; } return 0; } /* Choose a default base DN for the domain. */ static int cm_find_default_naming_context(LDAP *ld, char **basedn) { LDAPMessage *lresult = NULL, *lmsg = NULL; char *lncattrs[2] = {"defaultNamingContext", NULL}; struct berval **lbvalues; int i, c, rc; *basedn = NULL; rc = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, NULL, lncattrs, 0, NULL, NULL, NULL, 1, &lresult); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Error searching root DSE: %s.\n", ldap_err2string(rc)); return CM_SUBMIT_STATUS_UNCONFIGURED; } for (lmsg = ldap_first_entry(ld, lresult); lmsg != NULL; lmsg = ldap_next_entry(ld, lmsg)) { lbvalues = ldap_get_values_len(ld, lmsg, lncattrs[0]); /* There should be only one defaultNamingContext so once we * have a value we're done. */ if (*basedn != NULL) { break; } if (lbvalues == NULL) { continue; } for (i = 0; lbvalues[i] != NULL; i++) { c = lbvalues[i]->bv_len; *basedn = malloc(c + 1); if (*basedn != NULL) { memcpy(*basedn, lbvalues[0]->bv_val, c); (*basedn)[c] = '\0'; break; } } } ldap_msgfree(lresult); return 0; } static int cm_locate_jsonrpc_service(const char *server, int ldap_uri_cmd, const char *ldap_uri, const char *host, const char *domain, char *basedn, const char *service, char ***uris) { LDAP *ld; LDAPMessage *lresult = NULL, *lmsg = NULL; LDAPDN rdn; struct berval *lbv; char *lattrs[2] = {"cn", NULL}; const char *relativedn = "cn=masters,cn=ipa,cn=etc"; char *dn; char ldn[LINE_MAX], lfilter[LINE_MAX], uri[LINE_MAX] = "", **list; int i, j, rc, n; unsigned int flags; int rval = 0; int alloc_basedn = 0; *uris = NULL; /* Prepare to perform an LDAP search. */ i = cm_open_any_ldap(server, ldap_uri_cmd, ldap_uri, host, domain, uri, sizeof(uri), &ld); if (i != 0) { return i; } /* If we don't have a base DN to search yet, look for a default * that we can use. */ if (basedn == NULL) { i = cm_find_default_naming_context(ld, &basedn); if (i != 0) { rval = i; goto done; } alloc_basedn = 1; } if (basedn == NULL) { printf(_("Unable to determine base DN of " "domain information on IPA server.\n")); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto done; } /* Now look up the names of the master CAs. */ snprintf(lfilter, sizeof(lfilter), "(&" "(objectClass=ipaConfigObject)" "(cn=%s)" "(ipaConfigString=enabledService)" ")", service); snprintf(ldn, sizeof(ldn), "%s,%s", relativedn, basedn); if (alloc_basedn) { free(basedn); } rc = ldap_search_ext_s(ld, ldn, LDAP_SCOPE_SUBTREE, lfilter, lattrs, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &lresult); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Error searching '%s': %s.\n", ldn, ldap_err2string(rc)); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto done; } /* Read their parents' for "cn" values. */ n = ldap_count_entries(ld, lresult); if (n == 0) { fprintf(stderr, "No CA masters found.\n"); ldap_msgfree(lresult); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto done; } list = talloc_array_ptrtype(NULL, list, n + 2); if (list == NULL) { fprintf(stderr, "Out of memory.\n"); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto done; } i = 0; for (lmsg = ldap_first_entry(ld, lresult); lmsg != NULL; lmsg = ldap_next_entry(ld, lmsg)) { dn = ldap_get_dn(ld, lmsg); if (dn != NULL) { if (ldap_str2dn(dn, &rdn, 0) == 0) { lbv = NULL; flags = 0; /* Dig out the CN value of the second RDN. The * more correct thing to do would be to * construct the parent DN, do a base search * against it, and read its attribute normally, * but that could become time-consuming, so for * now do it a bit lazily. */ if ((rdn != NULL) && (rdn[0] != NULL) && (rdn[1] != NULL)) { for (j = 0; rdn[1][j] != NULL; j++) { lbv = &rdn[1][j]->la_attr; if ((lbv->bv_len == 2) && (((lbv->bv_val[0] == 'c') || (lbv->bv_val[0] == 'C')) && ((lbv->bv_val[1] == 'n') || (lbv->bv_val[1] == 'N')))) { lbv = &rdn[1][j]->la_value; flags = rdn[1][j]->la_flags; break; } if ((lbv->bv_len == 3) && (((lbv->bv_val[0] == 'c') || (lbv->bv_val[0] == 'C')) && ((lbv->bv_val[1] == 'n') || (lbv->bv_val[1] == 'N')) && ((lbv->bv_val[2] == '\0')))) { lbv = &rdn[1][j]->la_value; flags = rdn[1][j]->la_flags; break; } lbv = NULL; } } if (lbv != NULL) { switch (flags & 0x0f) { case LDAP_AVA_STRING: list[i] = talloc_asprintf(list, "https://%.*s/ipa/json", (int) lbv->bv_len, lbv->bv_val); if (list[i] != NULL) { i++; } break; case LDAP_AVA_BINARY: break; } } ldap_dnfree(rdn); } } ldap_memfree(dn); } ldap_msgfree(lresult); if (i == 0) { free(list); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto done; } list[i] = NULL; *uris = list; rval = CM_SUBMIT_STATUS_ISSUED; done: if (ld) { ldap_unbind_ext(ld, NULL, NULL); } return rval; } /* * Parse the JSON response from the IPA server. * * It will return one of three types of values: * * < 0 is failure to parse JSON output * 0 is success, no errors were found * > 0 is the IPA API error code */ static int parse_json_result(const char *result, char **error_message) { json_error_t j_error; json_t *j_root = NULL; json_t *j_error_obj = NULL; int error_code = 0; char * message = NULL; j_root = json_loads(result, 0, &j_error); if (!j_root) { cm_log(0, "Parsing JSON-RPC response failed: %s\n", j_error.text); return -1; } j_error_obj = json_object_get(j_root, "error"); if (!j_error_obj || json_is_null(j_error_obj)) { json_decref(j_root); return 0; // no errors } if (json_unpack_ex(j_error_obj, &j_error, 0, "{s:i, s:s}", "code", &error_code, "message", &message) != 0) { cm_log(0, "Failed extracting error from JSON-RPC response: %s\n", j_error.text); json_decref(j_root); return -1; } cm_log(0, "JSON-RPC error: %d: %s\n", error_code, message); *error_message = strdup(message); json_decref(j_root); return error_code; } /* Make an XML-RPC request to the "cert_request" method. */ static int submit_or_poll_uri(const char *uri, const char *cainfo, const char *capath, const char *uid, const char *pwd, const char *csr, const char *reqprinc, const char *profile, const char *issuer, int verbose) { void *ctx; struct cm_submit_h_context *hctx; char *s, *p; int i; json_t *json_req = NULL; json_error_t j_error; const char *results = NULL; char *json_str = NULL; char *error_message = NULL; char *referer = NULL; int rval = 0; json_t *j_root = NULL; json_t *j_result_outer = NULL; json_t *j_result = NULL; json_t *j_cert = NULL; const char *certificate = NULL; if ((uri == NULL) || (strlen(uri) == 0)) { return CM_SUBMIT_STATUS_UNCONFIGURED; } ctx = talloc_new(NULL); referer = talloc_asprintf(ctx, "%s", uri); /* Prepare to make a JSON-RPC request. */ submit: json_req = json_pack_ex(&j_error, 0, "{s:s, s:[[s], {s:s, s:s*, s:s*, s:b}]}", "method", "cert_request", "params", csr, "principal", reqprinc, "profile_id", profile, "cacn", issuer, "add", 1); if (!json_req) { cm_log(0, "json_pack_ex() failed: %s\n", j_error.text); free(error_message); return CM_SUBMIT_STATUS_UNCONFIGURED; } json_str = json_dumps(json_req, 0); json_decref(json_req); if (!json_str) { cm_log(0, "json_dumps() failed\n"); free(error_message); return CM_SUBMIT_STATUS_UNCONFIGURED; } hctx = cm_submit_h_init(ctx, "POST", uri, json_str, "application/json", "application/json", referer, cainfo, capath, NULL, NULL, NULL, cm_submit_h_negotiate_on, cm_submit_h_delegate_off, cm_submit_h_clientauth_off, cm_submit_h_env_modify_off, verbose > 1 ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); free(json_str); if (hctx == NULL) { fprintf(stderr, "Error setting up JSON-RPC to %s on " "the client.\n", uri); printf(_("Error setting up for JSON-RPC on the client.\n")); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto cleanup; } /* Submit the request. */ fprintf(stderr, "Submitting request to \"%s\".\n", uri); cm_submit_h_run(hctx); /* Check the results. */ results = cm_submit_h_results(hctx, NULL); cm_log(1, "%s\n", results); if (cm_submit_h_response_code(hctx) != 200) { cm_log(0, "JSON-RPC call failed with HTTP status code: %d\n", cm_submit_h_response_code(hctx)); cm_log(0, "code = %d, code_text = \"%s\"\n", cm_submit_h_result_code(hctx), cm_submit_h_result_code_text(hctx)); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } i = parse_json_result(results, &error_message); if (i < 0) { rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } if (i > 0) { /* Interpret the error. See errors.py to get the * classifications. */ switch (i / 1000) { case 2: /* authorization error - permanent */ case 3: /* invocation error - permanent */ if ((i == 3005) && (issuer != NULL)) { /* Most likely the server didn't understand the * "cacn" argument. At least, at this * point. Randomly dropping arguments is not * really an extensible solution, though. */ issuer = NULL; free(error_message); error_message = NULL; goto submit; } if ((i == 3005) && (profile != NULL)) { /* Most likely the server didn't understand the * "profile_id" argument. At least, at this * point. Randomly dropping arguments is not * really an extensible solution, though. */ profile = NULL; free(error_message); error_message = NULL; goto submit; } printf("Server at %s denied our request, " "giving up: %d (%s).\n", uri, i, error_message); rval = CM_SUBMIT_STATUS_REJECTED; goto cleanup; break; case 1: /* authentication error - transient? */ case 4: /* execution error - transient? */ case 5: /* generic error - transient? */ default: printf("Server at %s failed request, " "will retry: %d (%s).\n", uri, i, error_message); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; break; } } else { j_root = json_loads(results, 0, &j_error); if (!j_root) { cm_log(0, "Parsing JSON-RPC response failed: %s\n", j_error.text); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } j_result_outer = json_object_get(j_root, "result"); if (!j_result_outer) { cm_log(0, "Parsing JSON-RPC response failed, no outer result\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } j_result = json_object_get(j_result_outer, "result"); if (!j_result) { cm_log(0, "Parsing JSON-RPC response failed, no inner result\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } j_cert = json_object_get(j_result, "certificate"); if (!j_cert) { cm_log(0, "Parsing JSON-RPC response failed, no certificate\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } certificate = json_string_value(j_cert); if (certificate) { /* If we got a certificate, we're probably * okay. */ fprintf(stderr, "Certificate: \"%s\"\n", certificate); s = cm_submit_u_base64_from_text(certificate); if (s == NULL) { printf("Out of memory parsing server " "response, will retry.\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto cleanup; } p = cm_submit_u_pem_from_base64("CERTIFICATE", FALSE, s); if (p != NULL) { printf("%s", p); } free(s); free(p); rval = CM_SUBMIT_STATUS_ISSUED; goto cleanup; } else { rval = CM_SUBMIT_STATUS_REJECTED; } } cleanup: free(error_message); json_decref(j_root); cm_submit_h_cleanup(hctx); talloc_free(ctx); return rval; } static int submit_or_poll(const char *uri, const char *cainfo, const char *capath, const char *server, int ldap_uri_cmd, const char *ldap_uri, const char *host, const char *domain, char *basedn, const char *uid, const char *pwd, const char *csr, const char *reqprinc, const char *profile, const char *issuer, int verbose) { int i, u; char **uris; i = submit_or_poll_uri(uri, cainfo, capath, uid, pwd, csr, reqprinc, profile, issuer, verbose); if ((i == CM_SUBMIT_STATUS_UNREACHABLE) || (i == CM_SUBMIT_STATUS_UNCONFIGURED)) { u = cm_locate_jsonrpc_service(server, ldap_uri_cmd, ldap_uri, host, domain, basedn, "CA", &uris); if ((u == 0) && (uris != NULL)) { for (u = 0; uris[u] != NULL; u++) { if (strcmp(uris[u], uri) == 0) { continue; } i = submit_or_poll_uri(uris[u], cainfo, capath, uid, pwd, csr, reqprinc, profile, issuer, verbose); if ((i != CM_SUBMIT_STATUS_UNREACHABLE) && (i != CM_SUBMIT_STATUS_UNCONFIGURED)) { talloc_free(uris); return i; } } talloc_free(uris); } } return i; } static int fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri, const char *host, const char *uid, const char *pwd, const char *domain, char *basedn) { char *realm = NULL; LDAP *ld = NULL; LDAPMessage *lresult = NULL, *lmsg = NULL; char *lattrs[2] = {"caCertificate;binary", NULL}; const char *relativedn = "cn=certificates,cn=ipa,cn=etc"; const char *relativecompatdn = "cn=cacert,cn=ipa,cn=etc"; char ldn[LINE_MAX], lfilter[LINE_MAX], uri[LINE_MAX] = "", *kerr = NULL; struct berval **lbvalues, *lbv; unsigned char *bv_val; const char *lb64; char *pem; int i, rc; /* Prepare to perform an LDAP search. */ i = cm_open_any_ldap(server, ldap_uri_cmd, ldap_uri, host, domain, uri, sizeof(uri), &ld); if (i != 0) { return i; } /* If we don't have a base DN to search yet, look for a default * that we can use. */ if (basedn == NULL) { i = cm_find_default_naming_context(ld, &basedn); if (i != 0) { free(basedn); return i; } } if (basedn == NULL) { printf(_("Unable to determine base DN of " "domain information on IPA server.\n")); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Now look up the root certificates for the domain. */ snprintf(lfilter, sizeof(lfilter), "(%s=*)", lattrs[0]); snprintf(ldn, sizeof(ldn), "%s,%s", relativedn, basedn); rc = ldap_search_ext_s(ld, ldn, LDAP_SCOPE_SUBTREE, lfilter, lattrs, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &lresult); if (rc == LDAP_SUCCESS && ldap_count_entries(ld, lresult) == 0) { /* Fall back to the old location */ snprintf(ldn, sizeof(ldn), "%s,%s", relativecompatdn, basedn); rc = ldap_search_ext_s(ld, ldn, LDAP_SCOPE_SUBTREE, lfilter, lattrs, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &lresult); } free(basedn); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Error searching '%s': %s.\n", ldn, ldap_err2string(rc)); return CM_SUBMIT_STATUS_ISSUED; } /* Read our realm name from our ccache. */ realm = cm_submit_ccache_realm(&kerr); /* Read all of the certificates. */ for (lmsg = ldap_first_entry(ld, lresult); lmsg != NULL; lmsg = ldap_next_entry(ld, lmsg)) { lbvalues = ldap_get_values_len(ld, lmsg, lattrs[0]); for (i = 0; (lbvalues != NULL) && (lbvalues[i] != NULL); i++) { lbv = lbvalues[i]; bv_val = (unsigned char *) lbv->bv_val, lb64 = cm_store_base64_from_bin(NULL, bv_val, lbv->bv_len); pem = cm_submit_u_pem_from_base64("CERTIFICATE", FALSE, lb64); if (realm != NULL) { printf("%s ", realm); } printf("%s\n%s", "IPA CA", pem); free(pem); } } ldap_msgfree(lresult); free(realm); free(kerr); if (ld) { ldap_unbind_ext(ld, NULL, NULL); } return CM_SUBMIT_STATUS_ISSUED; } int main(int argc, const char **argv) { int c, make_keytab_ccache = TRUE; const char *host = NULL, *domain = NULL, *cainfo = NULL, *capath = NULL; const char *ktname = NULL, *kpname = NULL; char *csr, *p, uri[LINE_MAX], *reqprinc = NULL, *ipaconfig, *kerr; char *uid = NULL, *pwd = NULL, *pwdfile = NULL; const char *xmlrpc_uri = NULL, *ldap_uri = NULL, *server = NULL, *csrfile; const char *jsonrpc_uri = NULL; int jsonrpc_uri_cmd = 0, ldap_uri_cmd = 0, verbose = 0; const char *mode = CM_OP_SUBMIT; char ldn[LINE_MAX], *basedn = NULL, *profile = NULL, *issuer = NULL; krb5_error_code kret; poptContext pctx; struct poptOption popts[] = { {"host", 'h', POPT_ARG_STRING, &host, 0, "IPA server hostname", "HOSTNAME"}, {"domain", 'd', POPT_ARG_STRING, &domain, 0, "IPA domain name", "NAME"}, {"xmlrpc-url", 'H', POPT_ARG_STRING, NULL, 'H', "IPA XMLRPC service location", "URL"}, {"jsonrpc-url", 'J', POPT_ARG_STRING, NULL, 'J', "IPA JSON-RPC service location", "URL"}, {"ldap-url", 'L', POPT_ARG_STRING, NULL, 'L', "IPA LDAP service location", "URL"}, {"capath", 'C', POPT_ARG_STRING, &capath, 0, NULL, "DIRECTORY"}, {"cafile", 'c', POPT_ARG_STRING, &cainfo, 0, NULL, "FILENAME"}, {"keytab-name", 't', POPT_ARG_STRING, NULL, 't', "location of credentials to use for authenticating to server", "KEYTAB"}, {"submitter-principal", 'k', POPT_ARG_STRING, &kpname, 'k', "principal name to use for authenticating to server", "PRINCIPAL"}, {"use-ccache-creds", 'K', POPT_ARG_NONE, NULL, 'K', "use default ccache instead of creating a new one using keytab", NULL}, {"uid", 'u', POPT_ARG_STRING, &uid, 0, "authenticate to server using Basic authentication", "USERNAME"}, {"pwd", 'W', POPT_ARG_STRING, &pwd, 0, "password to use when using Basic authentication", "PASSWORD"}, {"pwdfile", 'w', POPT_ARG_STRING, &pwdfile, 0, "read password from file for Basic authentication", "FILENAME"}, {"principal-of-request", 'P', POPT_ARG_STRING, &reqprinc, 0, "principal name in signing request", "PRINCIPAL"}, {"profile", 'T', POPT_ARG_STRING, &profile, 0, "request enrollment using the specified profile", "NAME"}, {"issuer", 'X', POPT_ARG_STRING, &issuer, 0, "request enrollment using the specified CA", "NAME"}, {"basedn", 'b', POPT_ARG_STRING, &basedn, 0, "IPA domain LDAP base DN", "DN"}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); #endif if (getenv(CM_SUBMIT_OPERATION_ENV) != NULL) { mode = getenv(CM_SUBMIT_OPERATION_ENV); } if (strcasecmp(mode, CM_OP_IDENTIFY) == 0) { printf("IPA (%s %s)\n", PACKAGE_NAME, PACKAGE_VERSION); return 0; } else if (strcasecmp(mode, CM_OP_FETCH_ENROLL_REQUIREMENTS) == 0) { printf("%s\n", CM_SUBMIT_REQ_PRINCIPAL_ENV); printf("%s\n", CM_SUBMIT_REQ_SUBJECT_ENV); return 0; } else if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0) || (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0)) { /* fall through */ } else { /* unsupported request */ return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } pctx = poptGetContext(argv[0], argc, argv, popts, 0); if (pctx == NULL) { return CM_SUBMIT_STATUS_UNCONFIGURED; } poptSetOtherOptionHelp(pctx, "[options] [csrfile]"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'H': /* XMLRPC URI kept for backwards compatibility */ case 'J': jsonrpc_uri = poptGetOptArg(pctx); jsonrpc_uri_cmd++; break; case 'L': ldap_uri = poptGetOptArg(pctx); ldap_uri_cmd++; break; case 't': ktname = poptGetOptArg(pctx); if (!make_keytab_ccache) { printf(_("The -t option can not be used with " "the -K option.\n")); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } break; case 'k': kpname = poptGetOptArg(pctx); if (!make_keytab_ccache) { printf(_("The -k option can not be used with " "the -K option.\n")); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } break; case 'K': make_keytab_ccache = FALSE; if ((kpname != NULL) || (ktname != NULL)) { printf(_("The -K option can not be used with " "either the -k or the -t option.\n")); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } break; case 'v': verbose++; break; } } if (c != -1) { return CM_SUBMIT_STATUS_UNCONFIGURED; } umask(S_IRWXG | S_IRWXO); if (isatty(STDERR_FILENO)) cm_log_set_method(cm_log_stderr); else cm_log_set_method(cm_log_syslog); cm_log_set_level(verbose); /* Start backfilling defaults, both hard-coded and from the IPA * configuration. */ if (cainfo == NULL) { struct stat st; if (stat("/etc/ipa/ca.crt", &st) == 0) { cainfo = "/etc/ipa/ca.crt"; } } if ((host == NULL) || (xmlrpc_uri == NULL) || (ldap_uri == NULL) || (basedn == NULL)) { ipaconfig = read_config_file("/etc/ipa/default.conf"); if (ipaconfig != NULL) { if (xmlrpc_uri == NULL) { xmlrpc_uri = get_config_entry(ipaconfig, "global", "xmlrpc_uri"); } if (jsonrpc_uri == NULL) { jsonrpc_uri = get_config_entry(ipaconfig, "global", "jsonrpc_uri"); } if (ldap_uri == NULL) { /* Preferred, but likely to only be set on a * server. */ ldap_uri = get_config_entry(ipaconfig, "global", "ldap_uri"); } if (basedn == NULL) { basedn = get_config_entry(ipaconfig, "global", "basedn"); } if (host == NULL) { /* Preferred, but not always set. */ host = get_config_entry(ipaconfig, "global", "host"); } if (server == NULL) { /* Deprecated, but could be set if "host" is * not. */ server = get_config_entry(ipaconfig, "global", "server"); } if (domain == NULL) { domain = get_config_entry(ipaconfig, "global", "domain"); } } } free(ipaconfig); csr = NULL; memset(uri, '\0', sizeof(uri)); memset(ldn, '\0', sizeof(ldn)); if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0)) { /* For SUBMIT/POLL, we need a requested-for principal name and * the URI of the XML-RPC server on the CA. */ if ((reqprinc == NULL) && (getenv(CM_SUBMIT_REQ_PRINCIPAL_ENV) != NULL)) { /* If it's multi-valued, just use the first one. */ reqprinc = strdup(getenv(CM_SUBMIT_REQ_PRINCIPAL_ENV)); if (reqprinc != NULL) { reqprinc[strcspn(reqprinc, "\r\n")] = '\0'; } } if ((reqprinc == NULL) || (strlen(reqprinc) == 0)) { printf(_("Unable to determine principal name for " "signing request.\n")); poptPrintUsage(pctx, stdout, 0); free(reqprinc); return CM_SUBMIT_STATUS_UNCONFIGURED; } if ((profile == NULL) && (getenv(CM_SUBMIT_PROFILE_ENV) != NULL)) { profile = strdup(getenv(CM_SUBMIT_PROFILE_ENV)); } if ((issuer == NULL) && (getenv(CM_SUBMIT_ISSUER_ENV) != NULL)) { issuer = strdup(getenv(CM_SUBMIT_ISSUER_ENV)); } if ((server != NULL) && !jsonrpc_uri_cmd) { snprintf(uri, sizeof(uri), "https://%s/ipa/json", server); } else if (jsonrpc_uri != NULL) { snprintf(uri, sizeof(uri), "%s", jsonrpc_uri); } else if (xmlrpc_uri != NULL) { /* strip off the trailing xml and replace with json */ if ((strlen(xmlrpc_uri) + 1) > sizeof(uri)) { printf(_("xmlrpc_uri is longer than %ld.\n"), sizeof(uri) - 2); free(profile); free(issuer); free(reqprinc); return CM_SUBMIT_STATUS_UNCONFIGURED; } snprintf(uri, strlen(xmlrpc_uri) - 2, "%s", xmlrpc_uri); strcat(uri, "json"); } else if (host != NULL) { snprintf(uri, sizeof(uri), "https://%s/ipa/json", host); } /* Read the CSR from the environment, or from the file named on * the command-line. */ csrfile = poptGetArg(pctx); if (csrfile != NULL) { csr = cm_submit_u_from_file(csrfile); } else { csr = getenv(CM_SUBMIT_CSR_ENV); if (csr != NULL) { csr = strdup(csr); } } if ((csr == NULL) || (strlen(csr) == 0)) { if (csrfile != NULL) { printf(_("Unable to read signing request from file \"%s\".\n"), csrfile); } else { printf(_("Unable to read signing request from environment variable \"%s\".\n"), CM_SUBMIT_CSR_ENV); } free(csr); free(profile); free(issuer); free(reqprinc); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Change the CSR from the format we get it in to the one the * server expects. IPA just wants base64-encoded binary data, * no whitepace. */ p = strstr(csr, "-----BEGIN"); if (p != NULL) { p += strcspn(p, "\n"); if (*p == '\n') { p++; } memmove(csr, p, strlen(p) + 1); } p = strstr(csr, "\n-----END"); if (p != NULL) { *p = '\0'; } while ((p = strchr(csr, '\r')) != NULL) { memmove(p, p + 1, strlen(p)); } while ((p = strchr(csr, '\n')) != NULL) { memmove(p, p + 1, strlen(p)); } } else if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) { /* Stop now if we don't have an IPA domain name. */ if (domain == NULL) { printf(_("No IPA domain configured, and none " "specified.\n")); return CM_SUBMIT_STATUS_UNCONFIGURED; } } /* If we're supposed to read a password from a file, read it now. */ if ((pwdfile != NULL) && (pwd == NULL)) { pwd = cm_submit_u_from_file(pwdfile); if (pwd == NULL) { fprintf(stderr, "Error reading password from \"%s\": %s.\n", pwdfile, strerror(errno)); free(csr); free(profile); free(issuer); free(reqprinc); return CM_SUBMIT_STATUS_UNCONFIGURED; } } /* If we're using Basic auth, make sure we don't try to set up a * ccache. */ if ((uid != NULL) && (pwd != NULL)) { make_keytab_ccache = FALSE; } else { if ((uid != NULL) || (pwd != NULL)) { fprintf(stderr, "Both -u and -W/-w options should be specified.\n"); free(csr); free(profile); free(issuer); free(reqprinc); return CM_SUBMIT_STATUS_UNCONFIGURED; } } /* Setup a ccache unless we're told to use the default one. */ kerr = NULL; if (make_keytab_ccache && ((kret = cm_submit_make_ccache(ktname, kpname, &kerr)) != 0)) { fprintf(stderr, "Error setting up ccache at the client: %s.\n", kerr); if (ktname == NULL) { if (kpname == NULL) { printf(_("Error setting up ccache for " "\"host\" service on client using " "default keytab: %s.\n"), kerr); } else { printf(_("Error setting up ccache for " "\"%s\" on client using " "default keytab: %s.\n"), kpname, kerr); } } else { if (kpname == NULL) { printf(_("Error setting up ccache for " "\"host\" service on client using " "keytab \"%s\": %s.\n"), ktname, kerr); } else { printf(_("Error setting up ccache for " "\"%s\" on client using keytab " "\"%s\": %s.\n"), kpname, ktname, kerr); } } free(kerr); free(csr); free(profile); free(issuer); free(reqprinc); switch (kret) { case KRB5_KDC_UNREACH: case KRB5_REALM_CANT_RESOLVE: return CM_SUBMIT_STATUS_UNREACHABLE; break; default: return CM_SUBMIT_STATUS_UNCONFIGURED; break; } } if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0)) { int ret; ret = submit_or_poll(uri, cainfo, capath, server, ldap_uri_cmd, ldap_uri, host, domain, basedn, uid, pwd, csr, reqprinc, profile, issuer, verbose); free(csr); free(profile); free(issuer); free(reqprinc); free(basedn); return ret; } else if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) { return fetch_roots(server, ldap_uri_cmd, ldap_uri, host, uid, pwd, domain, basedn); } return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } certmonger-0.79.19/src/iterate.c0000644000175000017500000024767014511314133016042 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2016 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include "cadata.h" #include "canalyze.h" #include "casave.h" #include "certread.h" #include "certsave.h" #include "cm.h" #include "csrgen.h" #include "hook.h" #include "iterate.h" #include "keygen.h" #include "keyiread.h" #include "log.h" #include "notify.h" #include "prefs.h" #include "scepgen.h" #include "store.h" #include "store-int.h" #include "submit.h" #include "tm.h" struct cm_entry_state { struct cm_keygen_state *cm_keygen_state; struct cm_keyiread_state *cm_keyiread_state; struct cm_csrgen_state *cm_csrgen_state; struct cm_scepgen_state *cm_scepgen_state; struct cm_submit_state *cm_submit_state; struct cm_certsave_state *cm_certsave_state; struct cm_hook_state *cm_hook_state; struct cm_certread_state *cm_certread_state; struct cm_notify_state *cm_notify_state; struct cm_casave_state *cm_casave_state; }; struct cm_ca_state { enum cm_ca_phase cm_phase; struct cm_ca_analyze_state *cm_ca_cert_analyze_state; struct cm_ca_analyze_state *cm_ca_ecert_analyze_state; time_t cm_cert_refresh_delay; time_t cm_ecert_refresh_delay; struct cm_cadata_state *cm_task_state; struct cm_hook_state *cm_hook_state; struct cm_casave_state *cm_casave_state; }; /* Helper routine to replace in-progress states with the previous "stable" * state. */ static void cm_entry_reset_state(struct cm_store_entry *entry) { switch (entry->cm_state) { case CM_NEED_KEY_PAIR: break; case CM_GENERATING_KEY_PAIR: entry->cm_state = CM_NEED_KEY_PAIR; break; case CM_NEED_KEY_GEN_TOKEN: entry->cm_state = CM_NEED_KEY_PAIR; break; case CM_NEED_KEY_GEN_PIN: entry->cm_state = CM_NEED_KEY_PAIR; break; case CM_NEED_KEY_GEN_PERMS: entry->cm_state = CM_NEED_KEY_PAIR; break; case CM_HAVE_KEY_PAIR: break; case CM_NEED_KEYINFO: break; case CM_READING_KEYINFO: entry->cm_state = CM_NEED_KEYINFO; break; case CM_NEED_KEYINFO_READ_TOKEN: entry->cm_state = CM_NEED_KEYINFO; break; case CM_NEED_KEYINFO_READ_PIN: entry->cm_state = CM_NEED_KEYINFO; break; case CM_HAVE_KEYINFO: break; case CM_NEED_CSR: entry->cm_state = CM_HAVE_KEYINFO; break; case CM_NEED_CSR_GEN_TOKEN: entry->cm_state = CM_HAVE_KEYINFO; break; case CM_NEED_CSR_GEN_PIN: entry->cm_state = CM_HAVE_KEYINFO; break; case CM_GENERATING_CSR: entry->cm_state = CM_HAVE_KEYINFO; break; case CM_HAVE_CSR: break; case CM_NEED_SCEP_DATA: break; case CM_NEED_SCEP_GEN_TOKEN: entry->cm_state = CM_NEED_SCEP_DATA; break; case CM_NEED_SCEP_GEN_PIN: entry->cm_state = CM_NEED_SCEP_DATA; break; case CM_NEED_SCEP_ENCRYPTION_CERT: entry->cm_state = CM_NEED_SCEP_DATA; break; case CM_NEED_SCEP_RSA_CLIENT_KEY: entry->cm_state = CM_NEED_SCEP_DATA; break; case CM_GENERATING_SCEP_DATA: entry->cm_state = CM_NEED_SCEP_DATA; break; case CM_HAVE_SCEP_DATA: break; case CM_NEED_TO_SUBMIT: entry->cm_state = CM_HAVE_CSR; break; case CM_SUBMITTING: entry->cm_state = CM_HAVE_CSR; break; case CM_NEED_TO_SAVE_CERT: break; case CM_START_SAVING_CERT: entry->cm_state = CM_NEED_TO_SAVE_CERT; break; case CM_PRE_SAVE_CERT: entry->cm_state = CM_NEED_TO_SAVE_CERT; break; case CM_SAVING_CERT: entry->cm_state = CM_NEED_TO_SAVE_CERT; break; case CM_NEED_CERTSAVE_PERMS: entry->cm_state = CM_NEED_TO_SAVE_CERT; break; case CM_NEED_CERTSAVE_TOKEN: entry->cm_state = CM_NEED_TO_SAVE_CERT; break; case CM_NEED_CERTSAVE_PIN: entry->cm_state = CM_NEED_TO_SAVE_CERT; break; case CM_NEED_TO_SAVE_CA_CERTS: break; case CM_START_SAVING_CA_CERTS: entry->cm_state = CM_NEED_TO_SAVE_CA_CERTS; break; case CM_SAVING_CA_CERTS: entry->cm_state = CM_NEED_TO_SAVE_CA_CERTS; break; case CM_NEED_CA_CERT_SAVE_PERMS: entry->cm_state = CM_NEED_TO_SAVE_CA_CERTS; break; case CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED: entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED; break; case CM_NOTIFYING_ISSUED_CA_SAVE_FAILED: entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED; break; case CM_NEED_TO_READ_CERT: break; case CM_READING_CERT: entry->cm_state = CM_NEED_TO_READ_CERT; break; case CM_SAVED_CERT: break; case CM_POST_SAVED_CERT: entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_SAVED; break; case CM_CA_REJECTED: break; case CM_CA_WORKING: entry->cm_state = CM_HAVE_CSR; break; case CM_CA_UNREACHABLE: entry->cm_state = CM_HAVE_CSR; break; case CM_CA_UNCONFIGURED: entry->cm_state = CM_HAVE_CSR; break; case CM_NEED_CA: entry->cm_state = CM_HAVE_CSR; break; case CM_NEED_GUIDANCE: break; case CM_MONITORING: break; case CM_NEED_TO_NOTIFY_VALIDITY: entry->cm_state = CM_MONITORING; break; case CM_NOTIFYING_VALIDITY: entry->cm_state = CM_NEED_TO_NOTIFY_VALIDITY; break; case CM_NEED_TO_NOTIFY_REJECTION: break; case CM_NOTIFYING_REJECTION: entry->cm_state = CM_NEED_TO_NOTIFY_REJECTION; break; case CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED: break; case CM_NOTIFYING_ISSUED_SAVE_FAILED: entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED; break; case CM_NEED_TO_NOTIFY_ISSUED_SAVED: break; case CM_NOTIFYING_ISSUED_SAVED: entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_SAVED; break; case CM_NEED_TO_SAVE_ONLY_CA_CERTS: entry->cm_state = CM_NEED_TO_SAVE_ONLY_CA_CERTS; break; case CM_START_SAVING_ONLY_CA_CERTS: entry->cm_state = CM_NEED_TO_SAVE_ONLY_CA_CERTS; break; case CM_SAVING_ONLY_CA_CERTS: entry->cm_state = CM_NEED_TO_SAVE_ONLY_CA_CERTS; break; case CM_NEED_ONLY_CA_CERT_SAVE_PERMS: entry->cm_state = CM_NEED_TO_SAVE_ONLY_CA_CERTS; break; case CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED: entry->cm_state = CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED; break; case CM_NOTIFYING_ONLY_CA_SAVE_FAILED: entry->cm_state = CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED; break; case CM_NEWLY_ADDED: break; case CM_NEWLY_ADDED_START_READING_KEYINFO: entry->cm_state = CM_NEWLY_ADDED; break; case CM_NEWLY_ADDED_READING_KEYINFO: entry->cm_state = CM_NEWLY_ADDED; break; case CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN: entry->cm_state = CM_NEWLY_ADDED; break; case CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN: entry->cm_state = CM_NEWLY_ADDED; break; case CM_NEWLY_ADDED_START_READING_CERT: entry->cm_state = CM_NEWLY_ADDED; break; case CM_NEWLY_ADDED_READING_CERT: entry->cm_state = CM_NEWLY_ADDED; break; case CM_NEWLY_ADDED_DECIDING: entry->cm_state = CM_NEWLY_ADDED; break; case CM_INVALID: /* not reached */ abort(); break; } } void cm_waitfor_readable_fd(int fd, int delay) { fd_set fds, *fdset = NULL; struct timeval tv; memset(&tv, 0, sizeof(tv)); tv.tv_sec = delay; FD_ZERO(&fds); if (fd != -1) { fdset = &fds; FD_SET(fd, fdset); } if (select(fd + 1, fdset, NULL, fdset, (delay >= 0) ? &tv : NULL) < 0) { if (delay < 0) { /* No defined delay, but an error. */ cm_log(3, "indefinite select() on %d returned error: " "%s\n", fd, strerror(errno)); } } } /* Decide how long to wait before contacting the CA for an enrollment request * again. */ static time_t cm_decide_ca_delay(time_t remaining) { time_t delay; delay = CM_DELAY_CA_POLL; if ((remaining != (time_t) -1) && (remaining < 2 * delay)) { delay = remaining / 2; if (delay < CM_DELAY_CA_POLL_MINIMUM) { delay = CM_DELAY_CA_POLL_MINIMUM; } if (delay > CM_DELAY_CA_POLL_MAXIMUM) { delay = CM_DELAY_CA_POLL_MAXIMUM; } } return delay; } /* Decide how long to wait before looking at a certificate again. */ static time_t cm_decide_monitor_delay(time_t remaining, int (*get_ttls1)(const time_t **, unsigned int *), int (*get_ttls2)(const time_t **, unsigned int *)) { time_t delay, next_ttl; unsigned i, n_ttls; const time_t *ttls; delay = CM_DELAY_MONITOR_POLL; if ((remaining != (time_t) -1) && (remaining > 0)) { next_ttl = 0; if ((get_ttls1(&ttls, &n_ttls) == 0) && (n_ttls > 0)) { for (i = 0; i < n_ttls; i++) { if ((remaining > ttls[i]) && (ttls[i] > next_ttl)) { next_ttl = ttls[i]; } } } if ((get_ttls2(&ttls, &n_ttls) == 0) && (n_ttls > 0)) { for (i = 0; i < n_ttls; i++) { if ((remaining > ttls[i]) && (ttls[i] > next_ttl)) { next_ttl = ttls[i]; } } } if ((next_ttl != 0) && (delay > remaining - next_ttl + CM_DELAY_SOON)) { delay = remaining - next_ttl + CM_DELAY_SOON; } else if (remaining < 2 * delay) { delay = remaining / 2; } } if (delay < CM_DELAY_MONITOR_POLL_MINIMUM) { delay = CM_DELAY_MONITOR_POLL_MINIMUM; } if (delay > CM_DELAY_MONITOR_POLL_MAXIMUM) { delay = CM_DELAY_MONITOR_POLL_MAXIMUM; } return delay; } /* Decide how long to wait before again attempting to contact the CA to * retrieve information about it. */ static time_t cm_decide_cadata_delay(void) { time_t delay; delay = CM_DELAY_CADATA_POLL; return delay; } /* Manage a "lock" that we use to serialize access to THE REST OF THE WORLD. */ static void *writing_lock; static enum cm_ca_phase writing_lock_ca_phase = cm_ca_phase_invalid; static dbus_bool_t cm_writing_has_lock(void *holder, enum cm_ca_phase phase) { return (writing_lock == holder) && ((writing_lock_ca_phase == cm_ca_phase_invalid) || (writing_lock_ca_phase == phase)); } static dbus_bool_t cm_writing_lock_by_entry(struct cm_store_entry *entry) { if ((writing_lock == entry) || (writing_lock == NULL)) { if (writing_lock == NULL) { cm_log(3, "%s('%s') taking writing lock\n", entry->cm_busname, entry->cm_nickname); writing_lock = entry; } else { abort(); } return TRUE; } else { return FALSE; } } static dbus_bool_t cm_writing_unlock_by_entry(struct cm_store_entry *entry) { if ((writing_lock == entry) || (writing_lock == NULL)) { if (writing_lock == entry) { cm_log(3, "%s('%s') releasing writing lock\n", entry->cm_busname, entry->cm_nickname); writing_lock = NULL; } else { abort(); } return TRUE; } else { return FALSE; } } static dbus_bool_t cm_writing_lock_by_ca(struct cm_store_ca *ca, enum cm_ca_phase phase) { if (((writing_lock == ca) && (writing_lock_ca_phase == phase)) || (writing_lock == NULL)) { if (writing_lock == NULL) { cm_log(3, "%s('%s').%s taking writing lock\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(phase)); writing_lock = ca; if (phase == cm_ca_phase_invalid) { abort(); } writing_lock_ca_phase = phase; } else { abort(); } return TRUE; } else { return FALSE; } } static dbus_bool_t cm_writing_unlock_by_ca(struct cm_store_ca *ca, enum cm_ca_phase phase) { if (((writing_lock == ca) && (writing_lock_ca_phase == phase)) || (writing_lock == NULL)) { if (writing_lock == ca) { cm_log(3, "%s('%s').%s releasing writing lock\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(phase)); writing_lock = NULL; writing_lock_ca_phase = cm_ca_phase_invalid; } else { abort(); } return TRUE; } else { return FALSE; } } /* Set up run-time data associated with the entry. */ int cm_iterate_entry_init(struct cm_store_entry *entry, void **cm_iterate_state) { struct cm_entry_state *state; int fd; state = talloc_ptrtype(entry, state); if (state == NULL) { return ENOMEM; } memset(state, 0, sizeof(*state)); *cm_iterate_state = state; cm_entry_reset_state(entry); if (cm_writing_has_lock(entry, cm_ca_phase_invalid)) { cm_writing_unlock_by_entry(entry); } state->cm_keyiread_state = cm_keyiread_start(entry); if (state->cm_keyiread_state != NULL) { while (cm_keyiread_ready(state->cm_keyiread_state) != 0) { fd = cm_keyiread_get_fd(state->cm_keyiread_state); if (fd != -1) { cm_waitfor_readable_fd(fd, -1); } } cm_keyiread_done(state->cm_keyiread_state); state->cm_keyiread_state = NULL; } state->cm_certread_state = cm_certread_start(entry); if (state->cm_certread_state != NULL) { while (cm_certread_ready(state->cm_certread_state) != 0) { fd = cm_certread_get_fd(state->cm_certread_state); if (fd != -1) { cm_waitfor_readable_fd(fd, -1); } } cm_certread_done(state->cm_certread_state); state->cm_certread_state = NULL; } cm_store_entry_save(entry); cm_log(3, "%s('%s') starts in state '%s'\n", entry->cm_busname, entry->cm_nickname, cm_store_state_as_string(entry->cm_state)); return 0; } /* Check if the entry's expiration has crossed an interesting threshold. */ static int cm_check_expiration_is_noteworthy(struct cm_store_entry *entry, int (*get_ttls)(const time_t **, unsigned int *), time_t *last_check) { unsigned int i, n_ttls; time_t now, ttl, previous_ttl; const time_t *ttls; now = cm_time(NULL); /* Do we have validity information? */ if (entry->cm_cert_not_after == 0) { return -1; } /* Is it at least (some arbitrary minimum) old? */ if (entry->cm_cert_not_before > (now - CM_DELAY_MONITOR_POLL_MINIMUM)) { return -1; } /* How much time is left? */ if (entry->cm_cert_not_after < now) { ttl = 0; } else { ttl = entry->cm_cert_not_after - now; } /* How much time was left, last time we checked? */ if (entry->cm_cert_not_after < *last_check) { previous_ttl = 0; } else { previous_ttl = entry->cm_cert_not_after - *last_check; } /* Note that we're checking now. */ *last_check = now; /* Which list of interesting values are we consulting? */ ttls = NULL; n_ttls = 0; if (((*get_ttls)(&ttls, &n_ttls) != 0) || (n_ttls == 0)) { return -1; } /* Check for crosses. */ for (i = 0; i < n_ttls; i++) { /* We crossed a threshold. */ if ((ttl < ttls[i]) && (previous_ttl >= ttls[i])) { return 0; } /* We crossed a threshold... and time is running backwards. */ if ((ttl >= ttls[i]) && (previous_ttl < ttls[i])) { return 0; } } /* The certificate has expired. */ if (ttl == 0) { return 0; } return -1; } /* Check if our policy means that the entry needs a new key. */ static dbus_bool_t cm_check_rekey_is_expected(struct cm_store_entry *entry) { long long t, now; char tstr[25], nowstr[25]; long i; if (entry->cm_key_generated_date != 0) { t = prefs_key_end_of_life(entry->cm_key_generated_date); if (t >= 0) { now = time(NULL); if (now >= t) { cm_store_timestamp_from_time_for_display(t, tstr); cm_store_timestamp_from_time_for_display(now, nowstr); cm_log(1, "%s('%s') needs its key replaced " "after %s, and it's %s now.\n", entry->cm_busname, entry->cm_nickname, tstr, nowstr); return TRUE; } } } i = prefs_max_key_use_count(); if (i > 0) { if (entry->cm_key_issued_count >= i) { cm_log(1, "%s('%s') needs its key replaced after %ld " "uses, and it's been used %lld times.\n", entry->cm_busname, entry->cm_nickname, i, (long long) entry->cm_key_issued_count); return TRUE; } } return FALSE; } int cm_iterate_entry(struct cm_store_entry *entry, struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *), void (*emit_entry_saved_cert)(struct cm_context *, struct cm_store_entry *), void (*emit_entry_changes)(struct cm_context *, struct cm_store_entry *, struct cm_store_entry *), void *cm_iterate_state, enum cm_time *when, int *delay, int *readfd) { int i, j; time_t remaining; struct cm_entry_state *state; struct cm_store_ca *tmp_ca; struct cm_store_entry *old_entry; char *serial; const char *tmp_ca_name; state = cm_iterate_state; *readfd = -1; *when = cm_time_no_time; *delay = 0; old_entry = cm_store_entry_dup(entry, entry); if (entry->cm_cert_not_after != 0) { remaining = entry->cm_cert_not_after - cm_time(NULL); } else { remaining = -1; } switch (entry->cm_state) { case CM_NEED_KEY_PAIR: if (!cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } /* Start a helper. */ state->cm_keygen_state = cm_keygen_start(entry); if (state->cm_keygen_state != NULL) { /* Note that we're generating a key. */ entry->cm_state = CM_GENERATING_KEY_PAIR; /* Wait for status update, or poll. */ *readfd = cm_keygen_get_fd(state->cm_keygen_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start generating a key; try again. */ cm_writing_unlock_by_entry(entry); *when = cm_time_soonish; } break; case CM_GENERATING_KEY_PAIR: if (cm_keygen_ready(state->cm_keygen_state) == 0) { if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the * lock that we have, try to release it again * soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } if (cm_keygen_saved_keypair(state->cm_keygen_state) == 0) { /* Saved key pair; move on. */ cm_keygen_done(state->cm_keygen_state); state->cm_keygen_state = NULL; entry->cm_state = CM_HAVE_KEY_PAIR; *when = cm_time_now; } else if (cm_keygen_need_perms(state->cm_keygen_state) == 0) { /* Whoops, we need help. */ cm_keygen_done(state->cm_keygen_state); state->cm_keygen_state = NULL; entry->cm_state = CM_NEED_KEY_GEN_PERMS; *when = cm_time_now; } else if (cm_keygen_need_token(state->cm_keygen_state) == 0) { /* Whoops, we need help. */ cm_keygen_done(state->cm_keygen_state); state->cm_keygen_state = NULL; entry->cm_state = CM_NEED_KEY_GEN_TOKEN; *when = cm_time_now; } else if (cm_keygen_need_pin(state->cm_keygen_state) == 0) { /* Whoops, we need help. */ cm_keygen_done(state->cm_keygen_state); state->cm_keygen_state = NULL; entry->cm_state = CM_NEED_KEY_GEN_PIN; *when = cm_time_now; } else { /* Failed to save key pair; take a breather and * try again. */ cm_keygen_done(state->cm_keygen_state); state->cm_keygen_state = NULL; entry->cm_state = CM_NEED_KEY_PAIR; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_keygen_get_fd(state->cm_keygen_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_KEY_GEN_PERMS: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_KEY_GEN_TOKEN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_KEY_GEN_PIN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_HAVE_KEY_PAIR: entry->cm_state = CM_NEED_KEYINFO; *when = cm_time_now; break; case CM_NEED_KEYINFO: /* Try to read information about the key. */ state->cm_keyiread_state = cm_keyiread_start(entry); if (state->cm_keyiread_state != NULL) { entry->cm_state = CM_READING_KEYINFO; /* Note that we're reading information about * the key. */ *readfd = cm_keyiread_get_fd(state->cm_keyiread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start reading info about the key; * try again soon. */ *when = cm_time_soonish; } break; case CM_READING_KEYINFO: /* If we finished reading info about the key, move on to * generating a CSR. */ if (cm_keyiread_ready(state->cm_keyiread_state) == 0) { if (cm_keyiread_finished_reading(state->cm_keyiread_state) == 0) { entry->cm_state = CM_HAVE_KEYINFO; *when = cm_time_now; } else if (cm_keyiread_need_token(state->cm_keyiread_state) == 0) { /* If we need the token, just hang on. */ entry->cm_state = CM_NEED_KEYINFO_READ_TOKEN; *when = cm_time_now; } else if (cm_keyiread_need_pin(state->cm_keyiread_state) == 0) { /* If we need the PIN, just hang on. */ entry->cm_state = CM_NEED_KEYINFO_READ_PIN; *when = cm_time_now; } else { /* Otherwise try to generate a new key pair. */ entry->cm_state = CM_NEED_KEY_PAIR; *when = cm_time_soonish; } cm_keyiread_done(state->cm_keyiread_state); state->cm_keyiread_state = NULL; } else { /* Wait for status update, or poll. */ *readfd = cm_keyiread_get_fd(state->cm_keyiread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_KEYINFO_READ_TOKEN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_KEYINFO_READ_PIN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_HAVE_KEYINFO: entry->cm_state = CM_NEED_CSR; *when = cm_time_now; break; case CM_NEED_CSR: state->cm_csrgen_state = cm_csrgen_start(entry); if (state->cm_csrgen_state != NULL) { /* Note that we're generating a CSR. */ entry->cm_state = CM_GENERATING_CSR; /* Wait for status update, or poll. */ *readfd = cm_csrgen_get_fd(state->cm_csrgen_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start generating a CSR; take a breather * and try again. */ *when = cm_time_soonish; } break; case CM_GENERATING_CSR: if (cm_csrgen_ready(state->cm_csrgen_state) == 0) { if (cm_csrgen_save_csr(state->cm_csrgen_state) == 0) { /* Saved CSR; move on. */ cm_csrgen_done(state->cm_csrgen_state); state->cm_csrgen_state = NULL; entry->cm_state = CM_HAVE_CSR; *when = cm_time_now; } else if (cm_csrgen_need_token(state->cm_csrgen_state) == 0) { /* Need a token; wait for it. */ cm_csrgen_done(state->cm_csrgen_state); state->cm_csrgen_state = NULL; entry->cm_state = CM_NEED_CSR_GEN_TOKEN; *when = cm_time_now; } else if (cm_csrgen_need_pin(state->cm_csrgen_state) == 0) { /* Need a PIN; wait for it. */ cm_csrgen_done(state->cm_csrgen_state); state->cm_csrgen_state = NULL; entry->cm_state = CM_NEED_CSR_GEN_PIN; *when = cm_time_now; } else { /* Failed to save CSR; try again. */ cm_csrgen_done(state->cm_csrgen_state); state->cm_csrgen_state = NULL; entry->cm_state = CM_NEED_CSR; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_csrgen_get_fd(state->cm_csrgen_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_CSR_GEN_TOKEN: *when = cm_time_no_time; break; case CM_NEED_CSR_GEN_PIN: *when = cm_time_no_time; break; case CM_HAVE_CSR: entry->cm_state = CM_NEED_TO_SUBMIT; *when = cm_time_now; break; case CM_NEED_TO_SUBMIT: state->cm_submit_state = cm_submit_start(ca, entry); if (state->cm_submit_state != NULL) { /* Note that we're in the process of submitting the CSR * to a CA. */ entry->cm_state = CM_SUBMITTING; /* Wait for status update, or poll. */ *readfd = cm_submit_get_fd(state->cm_submit_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } /* If we're doing internal-CA, mark this serial number * as used. */ if (ca != NULL) { switch (ca->cm_ca_type) { case cm_ca_external: break; case cm_ca_internal_self: serial = ca->cm_ca_internal_serial; ca->cm_ca_internal_serial = cm_store_increment_serial(ca, serial); talloc_free(serial); cm_store_ca_save(ca); } } /* In case we're talking to a server over SCEP, make a * note of the nonce, so that we won't re-send an * identical request. */ if (entry->cm_scep_nonce != NULL) { entry->cm_scep_last_nonce = talloc_strdup(entry, entry->cm_scep_nonce); } } else { if (ca == NULL) { /* No known CA is associated with this entry. */ entry->cm_state = CM_NEED_CA; *when = cm_time_now; } else { /* Failed to start submission; take a breather * and try again. */ *when = cm_time_soonish; } } break; case CM_NEED_SCEP_DATA: state->cm_scepgen_state = cm_scepgen_start(ca, entry); if (state->cm_scepgen_state != NULL) { /* Note that we're in the process of generating SCEP * data. */ entry->cm_state = CM_GENERATING_SCEP_DATA; /* Wait for status update, or poll. */ *readfd = cm_scepgen_get_fd(state->cm_scepgen_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start generating data; take a breather and * try again. */ *when = cm_time_soonish; } break; case CM_GENERATING_SCEP_DATA: if (cm_scepgen_ready(state->cm_scepgen_state) == 0) { if (cm_scepgen_save_scep(state->cm_scepgen_state) == 0) { /* Saved SCEP data; move on. */ cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; entry->cm_state = CM_HAVE_SCEP_DATA; *when = cm_time_now; } else if (cm_scepgen_need_token(state->cm_scepgen_state) == 0) { /* Need a token; wait for it. */ cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; entry->cm_state = CM_NEED_SCEP_GEN_TOKEN; *when = cm_time_now; } else if (cm_scepgen_need_pin(state->cm_scepgen_state) == 0) { /* Need a PIN; wait for it. */ cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; entry->cm_state = CM_NEED_SCEP_GEN_PIN; *when = cm_time_now; } else if (cm_scepgen_need_encryption_certs(state->cm_scepgen_state) == 0) { /* Need the RA's encryption cert; wait for it. */ cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; entry->cm_state = CM_NEED_SCEP_ENCRYPTION_CERT; *when = cm_time_now; } else if (cm_scepgen_need_different_key_type(state->cm_scepgen_state) == 0) { /* Need an RSA key. */ cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; entry->cm_state = CM_NEED_SCEP_RSA_CLIENT_KEY; *when = cm_time_now; } else { /* Failed to save SCEP data; try again. */ cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; entry->cm_state = CM_NEED_SCEP_DATA; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_scepgen_get_fd(state->cm_scepgen_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_SCEP_GEN_TOKEN: *when = cm_time_no_time; break; case CM_NEED_SCEP_GEN_PIN: *when = cm_time_no_time; break; case CM_NEED_SCEP_ENCRYPTION_CERT: *when = cm_time_no_time; break; case CM_NEED_SCEP_RSA_CLIENT_KEY: *when = cm_time_no_time; break; case CM_HAVE_SCEP_DATA: entry->cm_state = CM_NEED_TO_SUBMIT; *when = cm_time_now; break; case CM_SUBMITTING: if (cm_submit_ready(state->cm_submit_state) == 0) { entry->cm_submitted = cm_time(NULL); if (cm_submit_issued(state->cm_submit_state) == 0) { /* We're all done. Save the certificate to its * real home. */ cm_submit_clear_ca_cookie(state->cm_submit_state); cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; entry->cm_state = CM_NEED_TO_SAVE_CERT; *when = cm_time_now; } else if (cm_submit_rejected(state->cm_submit_state) == 0) { /* The request was flat-out rejected. */ cm_submit_clear_ca_cookie(state->cm_submit_state); cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; if (entry->cm_cert != NULL) { cm_log(3, "%s('%s') already had a " "certificate, going back to " "monitoring it\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_MONITORING; *when = cm_time_soonish; } else { entry->cm_state = CM_NEED_TO_NOTIFY_REJECTION; *when = cm_time_now; } } else if (cm_submit_unreachable(state->cm_submit_state) == 0) { /* Let's try again later. The cookie is left * unmodified. */ *delay = cm_submit_specified_delay(state->cm_submit_state); cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; entry->cm_state = CM_CA_UNREACHABLE; *when = cm_time_delay; if (*delay < 0) { *delay = cm_decide_ca_delay(remaining); } } else if (cm_submit_save_ca_cookie(state->cm_submit_state) == 0) { /* Saved CA's identifier for our request; give * it the specified time, or a little time, and * then ask for a progress update. */ cm_log(4, "%s('%s') provided CA " "cookie \"%s\"\n", entry->cm_busname, entry->cm_nickname, entry->cm_ca_cookie); *delay = cm_submit_specified_delay(state->cm_submit_state); cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; entry->cm_state = CM_CA_WORKING; *when = cm_time_delay; if (*delay < 0) { *delay = cm_decide_ca_delay(remaining); } } else if (cm_submit_unconfigured(state->cm_submit_state) == 0) { /* Saved CA's identifier for our request; give * it a little time and then ask. */ *delay = cm_submit_specified_delay(state->cm_submit_state); cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; if (entry->cm_cert != NULL) { cm_log(3, "%s('%s') already had a " "certificate, going back to " "monitoring it\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_MONITORING; *when = cm_time_soonish; } else { entry->cm_state = CM_CA_UNCONFIGURED; *when = cm_time_delay; if (*delay < 0) { *delay = cm_decide_ca_delay(remaining); } } } else if (cm_submit_need_scep_messages(state->cm_submit_state) == 0) { /* We need to generate SCEP data. */ cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; cm_log(3, "%s('%s') goes to a CA over SCEP, " "need to generate SCEP data.\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_NEED_SCEP_DATA; *when = cm_time_now; } else if (cm_submit_need_rekey(state->cm_submit_state) == 0) { /* We need to generate a new key pair. */ cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; cm_log(3, "%s('%s') needs to be rekeyed.\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_NEED_KEY_PAIR; *when = cm_time_soonish; } else { /* Don't know what's going on. HELP! */ cm_log(1, "Unable to determine course of action " "for %s('%s').\n", entry->cm_busname, entry->cm_nickname); cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; entry->cm_state = CM_NEED_GUIDANCE; *when = cm_time_now; } } else { /* Wait for status update, or poll. */ *readfd = cm_submit_get_fd(state->cm_submit_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_TO_SAVE_CERT: if (!cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } state->cm_hook_state = cm_hook_start_presave(entry, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_hook_state != NULL) { /* Note that we're doing the pre-save. */ entry->cm_state = CM_PRE_SAVE_CERT; /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start the pre-save, or nothing to do; skip * it. */ entry->cm_state = CM_START_SAVING_CERT; *when = cm_time_now; } break; case CM_PRE_SAVE_CERT: if (cm_hook_ready(state->cm_hook_state) == 0) { cm_hook_done(state->cm_hook_state); state->cm_hook_state = NULL; entry->cm_state = CM_START_SAVING_CERT; *when = cm_time_now; } else { /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_START_SAVING_CERT: state->cm_certsave_state = cm_certsave_start(entry); if (state->cm_certsave_state != NULL) { /* Note that we're saving the cert. */ entry->cm_state = CM_SAVING_CERT; /* Wait for status update, or poll. */ *readfd = cm_certsave_get_fd(state->cm_certsave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start saving the certificate; try again. */ *when = cm_time_soonish; } break; case CM_SAVING_CERT: if (cm_certsave_ready(state->cm_certsave_state) == 0) { if (cm_certsave_saved(state->cm_certsave_state) == 0) { /* Saved certificate. */ cm_certsave_done(state->cm_certsave_state); state->cm_certsave_state = NULL; entry->cm_state = CM_SAVED_CERT; *when = cm_time_now; } else if (cm_certsave_permissions_error(state->cm_certsave_state) == 0) { /* Whoops, we need help. */ cm_certsave_done(state->cm_certsave_state); state->cm_certsave_state = NULL; entry->cm_state = CM_NEED_CERTSAVE_PERMS; *when = cm_time_now; } else if (cm_certsave_token_error(state->cm_certsave_state) == 0) { /* Whoops, we need help. */ cm_certsave_done(state->cm_certsave_state); state->cm_certsave_state = NULL; entry->cm_state = CM_NEED_CERTSAVE_TOKEN; *when = cm_time_now; } else if (cm_certsave_pin_error(state->cm_certsave_state) == 0) { /* Whoops, we need help. */ cm_certsave_done(state->cm_certsave_state); state->cm_certsave_state = NULL; entry->cm_state = CM_NEED_CERTSAVE_PIN; *when = cm_time_now; } else { /* Failed to save cert; make a note and try * again in a bit. */ cm_certsave_done(state->cm_certsave_state); state->cm_certsave_state = NULL; entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_certsave_get_fd(state->cm_certsave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_CERTSAVE_PERMS: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_CERTSAVE_TOKEN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_CERTSAVE_PIN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_TO_READ_CERT: /* We should already have the lock here. In cases where we're * resuming things at startup, try to acquire it if we don't * have it. */ if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } state->cm_certread_state = cm_certread_start(entry); if (state->cm_certread_state != NULL) { /* Note that we're reading the cert. */ entry->cm_state = CM_READING_CERT; /* Wait for status update, or poll. */ *readfd = cm_certread_get_fd(state->cm_certread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start re-reading the certificate; try * again. */ *when = cm_time_soonish; } break; case CM_READING_CERT: if (cm_certread_ready(state->cm_certread_state) == 0) { /* Finished reloading certificate. */ cm_certread_done(state->cm_certread_state); state->cm_certread_state = NULL; if (emit_entry_saved_cert != NULL) { (*emit_entry_saved_cert)(context, entry); } /* Start the post-save hoook, if there is one. */ state->cm_hook_state = cm_hook_start_postsave(entry, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_hook_state != NULL) { /* Note that we're doing the post-save. */ entry->cm_state = CM_POST_SAVED_CERT; /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start the post-save, or nothing to do; * skip it. */ entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_SAVED; *when = cm_time_now; } } else { /* Wait for status update, or poll. */ *readfd = cm_certread_get_fd(state->cm_certread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_POST_SAVED_CERT: if (cm_hook_ready(state->cm_hook_state) == 0) { cm_hook_done(state->cm_hook_state); state->cm_hook_state = NULL; entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_SAVED; *when = cm_time_now; } else { /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_SAVED_CERT: entry->cm_state = CM_NEED_TO_SAVE_CA_CERTS; *when = cm_time_now; break; case CM_CA_REJECTED: *when = cm_time_no_time; break; case CM_CA_WORKING: entry->cm_state = CM_NEED_TO_SUBMIT; *when = cm_time_now; break; case CM_CA_UNREACHABLE: entry->cm_state = CM_NEED_TO_SUBMIT; *when = cm_time_soonish; break; case CM_CA_UNCONFIGURED: *when = cm_time_no_time; break; case CM_NEED_GUIDANCE: *when = cm_time_no_time; break; case CM_NEED_CA: *when = cm_time_no_time; break; case CM_MONITORING: if (entry->cm_monitor && (cm_check_expiration_is_noteworthy(entry, &cm_prefs_notify_ttls, &entry->cm_last_need_notify_check) == 0)) { /* Kick off a notification. */ entry->cm_state = CM_NEED_TO_NOTIFY_VALIDITY; *when = cm_time_now; } else if (entry->cm_autorenew && (cm_check_expiration_is_noteworthy(entry, &cm_prefs_enroll_ttls, &entry->cm_last_need_enroll_check) == 0)) { /* Kick off an enrollment attempt. We need to go all * the way back to generating the CSR because the user * may have asked us to request with parameters that * have changed since we last generated a CSR. */ entry->cm_state = cm_check_rekey_is_expected(entry) ? CM_NEED_KEY_PAIR : CM_NEED_CSR; *when = cm_time_now; } else { /* Nothing to do here. Check again at an appropriate time. */ *when = cm_time_delay; *delay = cm_decide_monitor_delay(remaining, &cm_prefs_notify_ttls, &cm_prefs_enroll_ttls); } break; case CM_NEED_TO_NOTIFY_VALIDITY: state->cm_notify_state = cm_notify_start(entry, cm_notify_event_validity_ending); if (state->cm_notify_state != NULL) { entry->cm_state = CM_NOTIFYING_VALIDITY; /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start notifying; try again. */ *when = cm_time_soonish; } break; case CM_NOTIFYING_VALIDITY: if (cm_notify_ready(state->cm_notify_state) == 0) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; if (entry->cm_autorenew && (cm_check_expiration_is_noteworthy(entry, &cm_prefs_enroll_ttls, &entry->cm_last_need_enroll_check) == 0)) { /* Kick off an enrollment attempt. We need to go all * the way back to generating the CSR because the user * may have asked us to request with parameters that * have changed since we last generated a CSR. */ entry->cm_state = cm_check_rekey_is_expected(entry) ? CM_NEED_KEY_PAIR : CM_NEED_CSR; *when = cm_time_now; } else { entry->cm_state = CM_MONITORING; *when = cm_time_delay; *delay = cm_decide_monitor_delay(remaining, &cm_prefs_notify_ttls, &cm_prefs_enroll_ttls); } } else { /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_TO_NOTIFY_REJECTION: state->cm_notify_state = cm_notify_start(entry, cm_notify_event_rejected); if (state->cm_notify_state != NULL) { entry->cm_state = CM_NOTIFYING_REJECTION; /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start notifying; try again. */ *when = cm_time_soonish; } break; case CM_NOTIFYING_REJECTION: if (cm_notify_ready(state->cm_notify_state) == 0) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; entry->cm_state = CM_CA_REJECTED; *when = cm_time_soon; } else { /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED: /* We should already have the lock here. In cases where we're * resuming things at startup, try to acquire it if we don't * have it. */ if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } state->cm_notify_state = cm_notify_start(entry, cm_notify_event_issued_not_saved); if (state->cm_notify_state != NULL) { entry->cm_state = CM_NOTIFYING_ISSUED_SAVE_FAILED; /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start notifying; try again. */ *when = cm_time_soonish; } break; case CM_NOTIFYING_ISSUED_SAVE_FAILED: if (cm_notify_ready(state->cm_notify_state) == 0) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; entry->cm_state = CM_START_SAVING_CERT; *when = cm_time_soonish; } else { /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_TO_SAVE_CA_CERTS: /* We should already have the lock here. In cases where we're * resuming things at startup, try to acquire it if we don't * have it. */ if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } entry->cm_state = CM_START_SAVING_CA_CERTS; *when = cm_time_now; break; case CM_START_SAVING_CA_CERTS: state->cm_casave_state = cm_casave_start(entry, NULL, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_casave_state != NULL) { entry->cm_state = CM_SAVING_CA_CERTS; /* Wait for status update, or poll. */ *readfd = cm_casave_get_fd(state->cm_casave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start saving CA certs; try again. */ *when = cm_time_soonish; } break; case CM_SAVING_CA_CERTS: if (cm_casave_ready(state->cm_casave_state) == 0) { if (cm_casave_saved(state->cm_casave_state) == 0) { /* Saved CA certificates, no go re-read the * issued certificate. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; entry->cm_state = CM_NEED_TO_READ_CERT; *when = cm_time_now; } else if (cm_casave_permissions_error(state->cm_casave_state) == 0) { /* Whoops, we need help. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; entry->cm_state = CM_NEED_CA_CERT_SAVE_PERMS; *when = cm_time_now; } else { /* Failed to save CA certs. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; entry->cm_state = CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_casave_get_fd(state->cm_casave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_CA_CERT_SAVE_PERMS: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_TO_NOTIFY_ISSUED_SAVED: /* We should already have the lock here. In cases where we're * resuming things at startup, try to acquire it if we don't * have it. */ if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } state->cm_notify_state = cm_notify_start(entry, cm_notify_event_issued_and_saved); if (state->cm_notify_state != NULL) { entry->cm_state = CM_NOTIFYING_ISSUED_SAVED; /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start notifying; try again. */ *when = cm_time_soonish; } break; case CM_NOTIFYING_ISSUED_SAVED: if (cm_notify_ready(state->cm_notify_state) == 0) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; entry->cm_state = CM_MONITORING; *when = cm_time_soon; } else { /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED: /* We should already have the lock here. In cases where we're * resuming things at startup, try to acquire it if we don't * have it. */ if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } state->cm_notify_state = cm_notify_start(entry, cm_notify_event_issued_ca_not_saved); if (state->cm_notify_state != NULL) { entry->cm_state = CM_NOTIFYING_ISSUED_CA_SAVE_FAILED; /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start notifying; try again. */ *when = cm_time_soonish; } break; case CM_NOTIFYING_ISSUED_CA_SAVE_FAILED: if (cm_notify_ready(state->cm_notify_state) == 0) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; entry->cm_state = CM_NEED_TO_SAVE_CA_CERTS; *when = cm_time_soonish; } else { /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_TO_SAVE_ONLY_CA_CERTS: if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } entry->cm_state = CM_START_SAVING_ONLY_CA_CERTS; *when = cm_time_now; break; case CM_START_SAVING_ONLY_CA_CERTS: state->cm_casave_state = cm_casave_start(entry, NULL, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_casave_state != NULL) { entry->cm_state = CM_SAVING_ONLY_CA_CERTS; /* Wait for status update, or poll. */ *readfd = cm_casave_get_fd(state->cm_casave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start saving CA certs; try again. */ *when = cm_time_soonish; } break; case CM_SAVING_ONLY_CA_CERTS: if (cm_casave_ready(state->cm_casave_state) == 0) { if (cm_casave_saved(state->cm_casave_state) == 0) { if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } /* Saved certificates. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; entry->cm_state = CM_MONITORING; *when = cm_time_now; } else if (cm_casave_permissions_error(state->cm_casave_state) == 0) { if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } /* Whoops, we need help. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; entry->cm_state = CM_NEED_ONLY_CA_CERT_SAVE_PERMS; *when = cm_time_now; } else { /* Failed to save certs. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; entry->cm_state = CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_casave_get_fd(state->cm_casave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEED_ONLY_CA_CERT_SAVE_PERMS: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED: /* We should already have the lock here. In cases where we're * resuming things at startup, try to acquire it if we don't * have it. */ if (!cm_writing_has_lock(entry, cm_ca_phase_invalid) && !cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for saving lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release saving " "lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } state->cm_notify_state = cm_notify_start(entry, cm_notify_event_ca_not_saved); if (state->cm_notify_state != NULL) { entry->cm_state = CM_NOTIFYING_ONLY_CA_SAVE_FAILED; /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start notifying; try again. */ *when = cm_time_soonish; } break; case CM_NOTIFYING_ONLY_CA_SAVE_FAILED: if (cm_notify_ready(state->cm_notify_state) == 0) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; entry->cm_state = CM_MONITORING; *when = cm_time_soonish; } else { /* Wait for status update, or poll. */ *readfd = cm_notify_get_fd(state->cm_notify_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEWLY_ADDED: /* Take the lock here because the database is opened read-write * in case we need to set a password on it. */ if (!cm_writing_lock_by_entry(entry)) { /* Just hang out in this state while we're messing * around with the outside world for another entry. */ cm_log(3, "%s('%s') waiting for reading lock\n", entry->cm_busname, entry->cm_nickname); *when = cm_time_soon; break; } /* We need to do some recon, and then decide what we need to * do to make things the way the user has specified that they * should be. */ if (entry->cm_key_storage_type != cm_key_storage_none) { entry->cm_state = CM_NEWLY_ADDED_START_READING_KEYINFO; *when = cm_time_now; } else { entry->cm_state = CM_NEWLY_ADDED_START_READING_CERT; *when = cm_time_now; } break; case CM_NEWLY_ADDED_START_READING_KEYINFO: /* Try to read information about the key. */ state->cm_keyiread_state = cm_keyiread_start(entry); if (state->cm_keyiread_state != NULL) { entry->cm_state = CM_NEWLY_ADDED_READING_KEYINFO; /* Note that we're reading information about * the key. */ *readfd = cm_keyiread_get_fd(state->cm_keyiread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start reading info about the key; * try again soon. */ *when = cm_time_soonish; } break; case CM_NEWLY_ADDED_READING_KEYINFO: /* If we finished reading info about the key, move on to try * and read the certificate. */ if (cm_keyiread_ready(state->cm_keyiread_state) == 0) { if (cm_keyiread_finished_reading(state->cm_keyiread_state) == 0) { entry->cm_state = CM_NEWLY_ADDED_START_READING_CERT; *when = cm_time_now; } else if (cm_keyiread_need_token(state->cm_keyiread_state) == 0) { if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to * release the lock that we have, try * to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release " "reading lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } /* If we need the token, just hang on. */ entry->cm_state = CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN; *when = cm_time_now; } else if (cm_keyiread_need_pin(state->cm_keyiread_state) == 0) { if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to * release the lock that we have, try * to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release " "reading lock, probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } /* If we need the PIN, just hang on. */ entry->cm_state = CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN; *when = cm_time_now; } else { /* Otherwise try to move on. */ entry->cm_state = CM_NEWLY_ADDED_START_READING_CERT; *when = cm_time_now; } cm_keyiread_done(state->cm_keyiread_state); state->cm_keyiread_state = NULL; } else { /* Wait for status update, or poll. */ *readfd = cm_keyiread_get_fd(state->cm_keyiread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN: /* Revisit this later. */ *when = cm_time_no_time; break; case CM_NEWLY_ADDED_START_READING_CERT: /* Try to read the certificate. */ state->cm_certread_state = cm_certread_start(entry); if (state->cm_certread_state != NULL) { entry->cm_state = CM_NEWLY_ADDED_READING_CERT; /* Note that we're reading information about * the certificate. */ *readfd = cm_certread_get_fd(state->cm_certread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start reading info about the certificate; * try again soon. */ *when = cm_time_soonish; } break; case CM_NEWLY_ADDED_READING_CERT: /* If we finished reading info about the cert, move on to try * to figure out what we should do next. */ if (cm_certread_ready(state->cm_certread_state) == 0) { cm_certread_done(state->cm_certread_state); state->cm_certread_state = NULL; entry->cm_state = CM_NEWLY_ADDED_DECIDING; *when = cm_time_now; } else { /* Wait for status update, or poll. */ *readfd = cm_certread_get_fd(state->cm_certread_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_NEWLY_ADDED_DECIDING: if (!cm_writing_unlock_by_entry(entry)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s') failed to release reading lock, " "probably a bug\n", entry->cm_busname, entry->cm_nickname); break; } /* Decide what to do next. Assign a CA if it doesn't have one * assigned to it already. */ if ((entry->cm_ca_nickname == NULL) && (entry->cm_cert_issuer != NULL)) { /* Walk the list of known names of known CAs and try to * match one with the issuer of the certificate we * already have. */ for (i = 0; i < (*get_n_cas)(context); i++) { tmp_ca = (*get_ca_by_index)(context, i); for (j = 0; (tmp_ca->cm_ca_known_issuer_names != NULL) && (tmp_ca->cm_ca_known_issuer_names[j] != NULL); j++) { if (strcmp(tmp_ca->cm_ca_known_issuer_names[j], entry->cm_cert_issuer) == 0) { entry->cm_ca_nickname = talloc_strdup(entry, tmp_ca->cm_nickname); } } } } /* No match -> assign the default. */ if (entry->cm_ca_nickname == NULL) { for (i = 0; i < (*get_n_cas)(context); i++) { tmp_ca = (*get_ca_by_index)(context, i); if (tmp_ca->cm_ca_is_default) { entry->cm_ca_nickname = talloc_strdup(entry, tmp_ca->cm_nickname); } } } /* No default in our data store -> use the config file's. */ if (entry->cm_ca_nickname == NULL) { tmp_ca_name = cm_prefs_default_ca(); if (tmp_ca_name != NULL) { entry->cm_ca_nickname = talloc_strdup(entry, tmp_ca_name); } } /* If we have a certificate in the expected location, we go * straight to monitoring it. If we didn't get any explicit * requests for names, SAN, KU and EKU values, then try to pull * them from the certificate, too. */ if (entry->cm_cert != NULL) { cm_store_set_if_not_set_s(entry, &entry->cm_template_subject_der, entry->cm_cert_subject_der); cm_store_set_if_not_set_s(entry, &entry->cm_template_subject, entry->cm_cert_subject); cm_store_set_if_not_set_as(entry, &entry->cm_template_hostname, entry->cm_cert_hostname); cm_store_set_if_not_set_as(entry, &entry->cm_template_email, entry->cm_cert_email); cm_store_set_if_not_set_as(entry, &entry->cm_template_principal, entry->cm_cert_principal); cm_store_set_if_not_set_as(entry, &entry->cm_template_ipaddress, entry->cm_cert_ipaddress); cm_store_set_if_not_set_s(entry, &entry->cm_template_ku, entry->cm_cert_ku); cm_store_set_if_not_set_s(entry, &entry->cm_template_eku, entry->cm_cert_eku); cm_store_set_if_not_set_s(entry, &entry->cm_template_ns_comment, entry->cm_cert_ns_comment); cm_store_set_if_not_set_s(entry, &entry->cm_template_profile, entry->cm_cert_profile); cm_store_set_if_not_set_s(entry, &entry->cm_template_ns_certtype, entry->cm_cert_ns_certtype); /* Walk the list of known names of known CAs and try to * find the entry's CA. */ tmp_ca = NULL; for (i = 0; i < (*get_n_cas)(context); i++) { tmp_ca = (*get_ca_by_index)(context, i); if ((tmp_ca->cm_nickname != NULL) && (entry->cm_ca_nickname != NULL) && (strcmp(entry->cm_ca_nickname, tmp_ca->cm_nickname) == 0)) { break; } tmp_ca = NULL; } /* If there's an associated CA, and we know of * certificates for it, and we need them to be stored * somewhere, we need to make sure they'll show up in * the expected locations. */ if ((tmp_ca != NULL) && (((tmp_ca->cm_ca_root_certs != NULL) && ((entry->cm_root_cert_store_files != NULL) || (entry->cm_root_cert_store_nssdbs != NULL))) || ((tmp_ca->cm_ca_other_root_certs != NULL) && ((entry->cm_other_root_cert_store_files != NULL) || (entry->cm_other_root_cert_store_nssdbs != NULL))) || ((tmp_ca->cm_ca_other_certs != NULL) && ((entry->cm_other_cert_store_files != NULL) || (entry->cm_other_cert_store_nssdbs != NULL))))) { cm_log(3, "%s('%s') already had a " "certificate, making sure CA " "certificates will be there\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_NEED_TO_SAVE_ONLY_CA_CERTS; } else { cm_log(3, "%s('%s') has a certificate, " "monitoring it\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_MONITORING; } *when = cm_time_now; } else /* If we don't have a certificate, but we know where the key * should be, we have some options. */ if (entry->cm_key_storage_type != cm_key_storage_none) { /* If we don't have a certificate, but we have a key, * the next step is to generate a CSR. */ if (entry->cm_key_type.cm_key_size > 0) { cm_log(3, "%s('%s') has no certificate, will " "attempt enrollment using " "already-present key\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_NEED_CSR; *when = cm_time_now; } else { /* No certificate, no key, start with * generating the key. */ cm_log(3, "%s('%s') has no key or certificate, " "will generate keys and attempt " "enrollment\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_NEED_KEY_PAIR; *when = cm_time_now; } } else { /* And if we don't have a place for the key, we're * screwed. Hopefully this didn't happen normally. */ cm_log(3, "%s('%s') has no key or certificate location," " don't know what to do about that\n", entry->cm_busname, entry->cm_nickname); entry->cm_state = CM_NEED_GUIDANCE; *when = cm_time_now; } break; case CM_INVALID: /* not reached */ abort(); break; } if (old_entry->cm_state != entry->cm_state) { cm_log(3, "%s('%s') moved to state '%s'\n", entry->cm_busname, entry->cm_nickname ? entry->cm_nickname : "(unnamed entry)", cm_store_state_as_string(entry->cm_state)); cm_store_entry_save(entry); } if (emit_entry_changes != NULL) { (*emit_entry_changes)(context, old_entry, entry); } talloc_free(old_entry); return 0; } /* Cancel and clean up any in-progress work and then free the working state. */ int cm_iterate_entry_done(struct cm_store_entry *entry, void *cm_iterate_state) { struct cm_entry_state *state; state = cm_iterate_state; if (state != NULL) { if (state->cm_submit_state != NULL) { cm_submit_done(state->cm_submit_state); state->cm_submit_state = NULL; } if (state->cm_csrgen_state != NULL) { cm_csrgen_done(state->cm_csrgen_state); state->cm_csrgen_state = NULL; } if (state->cm_scepgen_state != NULL) { cm_scepgen_done(state->cm_scepgen_state); state->cm_scepgen_state = NULL; } if (state->cm_keyiread_state != NULL) { cm_keyiread_done(state->cm_keyiread_state); state->cm_keyiread_state = NULL; } if (state->cm_keygen_state != NULL) { cm_keygen_done(state->cm_keygen_state); state->cm_keygen_state = NULL; } if (state->cm_notify_state != NULL) { cm_notify_done(state->cm_notify_state); state->cm_notify_state = NULL; } if (state->cm_casave_state != NULL) { cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; } talloc_free(state); } cm_entry_reset_state(entry); cm_log(3, "%s('%s') ends in state '%s'\n", entry->cm_busname, entry->cm_nickname, cm_store_state_as_string(entry->cm_state)); if (cm_writing_has_lock(entry, cm_ca_phase_invalid)) { cm_writing_unlock_by_entry(entry); } return 0; } /* Set up run-time data associated with the CA. */ int cm_iterate_ca_init(struct cm_store_ca *ca, enum cm_ca_phase phase, void **cm_iterate_state) { struct cm_ca_state *state; state = talloc_ptrtype(ca, state); if (state == NULL) { return ENOMEM; } memset(state, 0, sizeof(*state)); state->cm_phase = phase; ca->cm_ca_state[phase] = CM_CA_NEED_TO_REFRESH; *cm_iterate_state = state; if (cm_writing_has_lock(ca, phase)) { cm_writing_unlock_by_ca(ca, phase); } cm_store_ca_save(ca); cm_log(3, "%s('%s').%s starts (%s)\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase), cm_store_ca_state_as_string(ca->cm_ca_state[phase])); return 0; } int cm_iterate_ca(struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *), void (*emit_ca_changes)(struct cm_context *, struct cm_store_ca *, struct cm_store_ca *), void *cm_iterate_state, enum cm_time *when, int *delay, int *readfd) { struct cm_store_ca *old_ca; struct cm_ca_state *state = cm_iterate_state; *readfd = -1; old_ca = cm_store_ca_dup(ca, ca); switch (ca->cm_ca_state[state->cm_phase]) { case CM_CA_NEED_TO_REFRESH: switch (state->cm_phase) { case cm_ca_phase_identify: state->cm_task_state = cm_cadata_start_identify(ca); break; case cm_ca_phase_certs: state->cm_task_state = cm_cadata_start_certs(ca); break; case cm_ca_phase_profiles: state->cm_task_state = cm_cadata_start_profiles(ca); break; case cm_ca_phase_default_profile: state->cm_task_state = cm_cadata_start_default_profile(ca); break; case cm_ca_phase_enroll_reqs: state->cm_task_state = cm_cadata_start_enroll_reqs(ca); break; case cm_ca_phase_renew_reqs: state->cm_task_state = cm_cadata_start_renew_reqs(ca); break; case cm_ca_phase_capabilities: state->cm_task_state = cm_cadata_start_capabilities(ca); break; case cm_ca_phase_encryption_certs: state->cm_task_state = cm_cadata_start_encryption_certs(ca); break; case cm_ca_phase_invalid: abort(); break; } if (state->cm_task_state == NULL) { if (ca->cm_ca_type == cm_ca_external) { /* Reap any failed child processes to prevent zombies */ cm_casave_done(state->cm_casave_state); } ca->cm_ca_state[state->cm_phase] = CM_CA_DISABLED; *when = cm_time_now; } else { ca->cm_ca_state[state->cm_phase] = CM_CA_REFRESHING; *readfd = cm_cadata_get_fd(state->cm_task_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_CA_REFRESHING: if (cm_cadata_ready(state->cm_task_state) == 0) { if (cm_cadata_modified(state->cm_task_state) == 0) { cm_log(3, "%s('%s').%s data updated\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; switch (state->cm_phase) { case cm_ca_phase_certs: ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_SAVE_DATA; break; case cm_ca_phase_identify: case cm_ca_phase_profiles: case cm_ca_phase_default_profile: case cm_ca_phase_enroll_reqs: case cm_ca_phase_renew_reqs: case cm_ca_phase_capabilities: if (emit_ca_changes != NULL) { cm_restart_entries_by_ca(context, ca->cm_nickname); } ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_ANALYZE; break; case cm_ca_phase_encryption_certs: if (emit_ca_changes != NULL) { cm_restart_entries_by_ca(context, ca->cm_nickname); } ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_ANALYZE; break; case cm_ca_phase_invalid: abort(); break; } *when = cm_time_now; } else if (cm_cadata_needs_retry(state->cm_task_state) == 0) { *when = cm_time_delay; *delay = cm_cadata_specified_delay(state->cm_task_state); if (*delay < 0) { *delay = cm_decide_cadata_delay(); } cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; cm_log(3, "%s('%s').%s server needs retry\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_REFRESH; } else if (cm_cadata_rejected(state->cm_task_state) == 0) { cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; cm_log(3, "%s('%s').%s server doesn't support that\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); ca->cm_ca_state[state->cm_phase] = CM_CA_IDLE; *when = cm_time_delay; *delay = CM_DELAY_CA_POLL_MAXIMUM; } else if (cm_cadata_unreachable(state->cm_task_state) == 0) { cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; cm_log(3, "%s('%s').%s server unreachable\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); ca->cm_ca_state[state->cm_phase] = CM_CA_DATA_UNREACHABLE; *when = cm_time_delay; *delay = cm_decide_cadata_delay(); } else if (cm_cadata_unsupported(state->cm_task_state) == 0) { cm_cadata_done(state->cm_task_state); switch (state->cm_phase) { case cm_ca_phase_certs: ca->cm_ca_root_certs = NULL; ca->cm_ca_other_root_certs = NULL; ca->cm_ca_other_certs = NULL; break; case cm_ca_phase_identify: break; case cm_ca_phase_profiles: break; case cm_ca_phase_default_profile: break; case cm_ca_phase_enroll_reqs: break; case cm_ca_phase_renew_reqs: break; case cm_ca_phase_capabilities: ca->cm_ca_capabilities = NULL; break; case cm_ca_phase_encryption_certs: ca->cm_ca_encryption_cert = NULL; ca->cm_ca_encryption_issuer_cert = NULL; ca->cm_ca_encryption_cert_pool = NULL; break; case cm_ca_phase_invalid: abort(); break; } state->cm_task_state = NULL; cm_log(3, "%s('%s').%s retrieval unsupported\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); ca->cm_ca_state[state->cm_phase] = CM_CA_DISABLED; *when = cm_time_now; } else if (cm_cadata_unconfigured(state->cm_task_state) == 0) { cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; cm_log(3, "%s('%s').%s missing configuration\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); ca->cm_ca_state[state->cm_phase] = CM_CA_DATA_UNREACHABLE; *when = cm_time_delay; *delay = cm_decide_cadata_delay(); } else { cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; cm_log(3, "%s('%s').%s data is unchanged\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_ANALYZE; *when = cm_time_now; } } else { /* Wait for status update, or poll. */ *readfd = cm_cadata_get_fd(state->cm_task_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_CA_NEED_TO_SAVE_DATA: if (!cm_writing_lock_by_ca(ca, state->cm_phase)) { /* Just hang out in this state while we're messing * around with the outside world for another CA. */ cm_log(3, "%s('%s').%s waiting for saving lock\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); *when = cm_time_soon; break; } state->cm_hook_state = cm_hook_start_ca_presave(ca, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_hook_state != NULL) { /* Note that we're doing the pre-save. */ ca->cm_ca_state[state->cm_phase] = CM_CA_PRE_SAVE_DATA; /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start the pre-save; skip it. */ ca->cm_ca_state[state->cm_phase] = CM_CA_START_SAVING_DATA; *when = cm_time_now; } break; case CM_CA_PRE_SAVE_DATA: if (cm_hook_ready(state->cm_hook_state) == 0) { cm_hook_done(state->cm_hook_state); state->cm_hook_state = NULL; ca->cm_ca_state[state->cm_phase] = CM_CA_START_SAVING_DATA; *when = cm_time_now; } else { /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_CA_START_SAVING_DATA: state->cm_casave_state = cm_casave_start(NULL, ca, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_casave_state != NULL) { ca->cm_ca_state[state->cm_phase] = CM_CA_SAVING_DATA; /* Wait for status update, or poll. */ *readfd = cm_casave_get_fd(state->cm_casave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_CA_SAVING_DATA: if (cm_casave_ready(state->cm_casave_state) == 0) { if (cm_casave_saved(state->cm_casave_state) == 0) { /* Saved certificates. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_POST_SAVE_DATA; *when = cm_time_now; } else if (cm_casave_permissions_error(state->cm_casave_state) == 0) { /* Whoops, we need help. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_POST_SAVE_DATA; *when = cm_time_now; } else { /* Failed to save certs. */ cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_POST_SAVE_DATA; *when = cm_time_soonish; } } else { /* Wait for status update, or poll. */ *readfd = cm_casave_get_fd(state->cm_casave_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_CA_NEED_POST_SAVE_DATA: state->cm_hook_state = cm_hook_start_ca_postsave(ca, context, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); if (state->cm_hook_state != NULL) { /* Note that we're doing the post-save. */ ca->cm_ca_state[state->cm_phase] = CM_CA_POST_SAVE_DATA; /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } else { /* Failed to start the post-save, or nothing to do; * skip it. */ ca->cm_ca_state[state->cm_phase] = CM_CA_SAVED_DATA; *when = cm_time_now; } break; case CM_CA_POST_SAVE_DATA: if (cm_hook_ready(state->cm_hook_state) == 0) { cm_hook_done(state->cm_hook_state); state->cm_hook_state = NULL; ca->cm_ca_state[state->cm_phase] = CM_CA_SAVED_DATA; *when = cm_time_now; } else { /* Wait for status update, or poll. */ *readfd = cm_hook_get_fd(state->cm_hook_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case CM_CA_SAVED_DATA: if (!cm_writing_unlock_by_ca(ca, state->cm_phase)) { /* If for some reason we fail to release the lock that * we have, try to release it again soon. */ *when = cm_time_soon; cm_log(1, "%s('%s').%s failed to release saving " "lock, probably a bug\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase)); break; } ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_ANALYZE; *when = cm_time_now; break; case CM_CA_NEED_TO_ANALYZE: switch (state->cm_phase) { case cm_ca_phase_certs: state->cm_ca_cert_analyze_state = cm_ca_analyze_start_certs(ca); if (state->cm_ca_cert_analyze_state == NULL) { ca->cm_ca_state[state->cm_phase] = CM_CA_DISABLED; *when = cm_time_now; } else { *readfd = cm_ca_analyze_get_fd(state->cm_ca_cert_analyze_state); if (*readfd == -1) { cm_ca_analyze_done(state->cm_ca_cert_analyze_state); ca->cm_ca_state[state->cm_phase] = CM_CA_DISABLED; } else { ca->cm_ca_state[state->cm_phase] = CM_CA_ANALYZING; *when = cm_time_no_time; } } break; case cm_ca_phase_identify: case cm_ca_phase_profiles: case cm_ca_phase_default_profile: case cm_ca_phase_enroll_reqs: case cm_ca_phase_renew_reqs: case cm_ca_phase_capabilities: ca->cm_ca_state[state->cm_phase] = CM_CA_IDLE; *when = cm_time_now; break; case cm_ca_phase_encryption_certs: state->cm_ca_ecert_analyze_state = cm_ca_analyze_start_encryption_certs(ca); if (state->cm_ca_ecert_analyze_state == NULL) { ca->cm_ca_state[state->cm_phase] = CM_CA_DISABLED; *when = cm_time_now; } else { *readfd = cm_ca_analyze_get_fd(state->cm_ca_ecert_analyze_state); if (*readfd == -1) { cm_ca_analyze_done(state->cm_ca_ecert_analyze_state); ca->cm_ca_state[state->cm_phase] = CM_CA_DISABLED; } else { ca->cm_ca_state[state->cm_phase] = CM_CA_ANALYZING; *when = cm_time_no_time; } } break; case cm_ca_phase_invalid: abort(); break; } break; case CM_CA_ANALYZING: switch (state->cm_phase) { case cm_ca_phase_certs: if (cm_ca_analyze_ready(state->cm_ca_cert_analyze_state) == 0) { state->cm_cert_refresh_delay = cm_ca_analyze_get_delay(state->cm_ca_cert_analyze_state); cm_ca_analyze_done(state->cm_ca_cert_analyze_state); state->cm_ca_cert_analyze_state = NULL; if (state->cm_cert_refresh_delay != 0) { ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_REFRESH; *delay = state->cm_cert_refresh_delay; if (*delay < CM_DELAY_CA_POLL_MINIMUM) { *delay = CM_DELAY_CA_POLL_MINIMUM; } if (*delay > CM_DELAY_CA_POLL_MAXIMUM) { *delay = CM_DELAY_CA_POLL_MAXIMUM; } *when = cm_time_delay; } else { ca->cm_ca_state[state->cm_phase] = CM_CA_IDLE; *when = cm_time_now; } } else { /* Wait for status update, or poll. */ *readfd = cm_ca_analyze_get_fd(state->cm_ca_cert_analyze_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case cm_ca_phase_encryption_certs: if (cm_ca_analyze_ready(state->cm_ca_ecert_analyze_state) == 0) { state->cm_ecert_refresh_delay = cm_ca_analyze_get_delay(state->cm_ca_ecert_analyze_state); cm_ca_analyze_done(state->cm_ca_ecert_analyze_state); state->cm_ca_ecert_analyze_state = NULL; if (state->cm_ecert_refresh_delay != 0) { ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_REFRESH; *delay = state->cm_ecert_refresh_delay; if (*delay < CM_DELAY_CA_POLL_MINIMUM) { *delay = CM_DELAY_CA_POLL_MINIMUM; } if (*delay > CM_DELAY_CA_POLL_MAXIMUM) { *delay = CM_DELAY_CA_POLL_MAXIMUM; } *when = cm_time_delay; } else { ca->cm_ca_state[state->cm_phase] = CM_CA_IDLE; *when = cm_time_now; } } else { /* Wait for status update, or poll. */ *readfd = cm_ca_analyze_get_fd(state->cm_ca_ecert_analyze_state); if (*readfd == -1) { *when = cm_time_soon; } else { *when = cm_time_no_time; } } break; case cm_ca_phase_identify: case cm_ca_phase_profiles: case cm_ca_phase_default_profile: case cm_ca_phase_enroll_reqs: case cm_ca_phase_renew_reqs: case cm_ca_phase_capabilities: case cm_ca_phase_invalid: abort(); break; } break; case CM_CA_DATA_UNREACHABLE: ca->cm_ca_state[state->cm_phase] = CM_CA_NEED_TO_REFRESH; *when = cm_time_soonish; break; case CM_CA_IDLE: case CM_CA_DISABLED: *when = cm_time_no_time; break; } if (ca->cm_ca_state[state->cm_phase] != old_ca->cm_ca_state[state->cm_phase]) { cm_log(3, "%s('%s').%s moved to state '%s'\n", ca->cm_busname, ca->cm_nickname, cm_store_ca_phase_as_string(state->cm_phase), cm_store_ca_state_as_string(ca->cm_ca_state[state->cm_phase])); cm_store_ca_save(ca); } if (emit_ca_changes != NULL) { (*emit_ca_changes)(context, old_ca, ca); } talloc_free(old_ca); return 0; } /* Cancel and clean up any in-progress work and then free the working state. */ int cm_iterate_ca_done(struct cm_store_ca *ca, void *cm_iterate_state) { struct cm_ca_state *state; enum cm_ca_phase phase = cm_ca_phase_invalid; const char *phases, *states; state = cm_iterate_state; phases = cm_store_ca_phase_as_string(phase); states = cm_store_ca_state_as_string(CM_CA_DISABLED); if (state != NULL) { phase = state->cm_phase, phases = cm_store_ca_phase_as_string(phase), states = cm_store_ca_state_as_string(ca->cm_ca_state[phase]); if (state->cm_ca_cert_analyze_state != NULL) { cm_ca_analyze_done(state->cm_ca_cert_analyze_state); state->cm_ca_cert_analyze_state = NULL; } if (state->cm_ca_ecert_analyze_state != NULL) { cm_ca_analyze_done(state->cm_ca_ecert_analyze_state); state->cm_ca_ecert_analyze_state = NULL; } if (state->cm_task_state != NULL) { cm_cadata_done(state->cm_task_state); state->cm_task_state = NULL; } if (state->cm_hook_state != NULL) { cm_hook_done(state->cm_hook_state); state->cm_hook_state = NULL; } if (state->cm_casave_state != NULL) { cm_casave_done(state->cm_casave_state); state->cm_casave_state = NULL; } talloc_free(state); } cm_log(3, "%s('%s').%s ends (%s)\n", ca->cm_busname, ca->cm_nickname, phases, states); if (cm_writing_has_lock(ca, phase)) { cm_writing_unlock_by_ca(ca, phase); } return 0; } certmonger-0.79.19/src/iterate.h0000644000175000017500000000553414511314133016036 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef iterate_h #define iterate_h struct cm_store_entry; struct cm_store_ca; struct cm_context; enum cm_ca_phase; /* Start tracking a working state for this entry. */ int cm_iterate_entry_init(struct cm_store_entry *entry, void **cm_iterate_state); /* Start tracking a working state for a CA's maintenance tasks. */ int cm_iterate_ca_init(struct cm_store_ca *ca, enum cm_ca_phase phase, void **cm_iterate_state); /* Figure out what to do next about this specific entry or CA. */ enum cm_time { cm_time_now, /* Poke again without delay. */ cm_time_soon, /* Soon - small delays ok. */ cm_time_soonish,/* Small delay. */ cm_time_delay, /* At specified delay. */ cm_time_no_time /* Wait for data on specified descriptor. */ }; int cm_iterate_entry(struct cm_store_entry *entry, struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *), void (*emit_entry_saved_cert)(struct cm_context *, struct cm_store_entry *), void (*emit_entry_changes)(struct cm_context *, struct cm_store_entry *, struct cm_store_entry *), void *cm_iterate_state, enum cm_time *when, int *delay, int *readfd); int cm_iterate_ca(struct cm_store_ca *ca, struct cm_context *context, struct cm_store_ca *(*get_ca_by_index)(struct cm_context *, int), int (*get_n_cas)(struct cm_context *), struct cm_store_entry *(*get_entry_by_index)(struct cm_context *, int), int (*get_n_entries)(struct cm_context *), void (*emit_ca_changes)(struct cm_context *, struct cm_store_ca *, struct cm_store_ca *), void *cm_iterate_state, enum cm_time *when, int *delay, int *readfd); /* We're shutting down. */ int cm_iterate_entry_done(struct cm_store_entry *entry, void *cm_iterate_state); int cm_iterate_ca_done(struct cm_store_ca *ca, void *cm_iterate_state); /* Wait for the descriptor to become readable. */ void cm_waitfor_readable_fd(int fd, int delay); #endif certmonger-0.79.19/src/json.c0000644000175000017500000005475514511314133015356 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include "json.h" struct cm_json { enum cm_json_type type; union { struct { char *s; ssize_t l; } s; long long l; long double d; unsigned char b; struct { size_t n; struct cm_json_object_rec { char *key; struct cm_json *val; } *o; } o; struct { size_t n; struct cm_json **a; } a; }; }; enum cm_json_type cm_json_type(struct cm_json *json) { if (json == NULL) { return cm_json_type_undefined; } return json->type; } struct cm_json * cm_json_new_null(void *parent) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_null; } return json; } struct cm_json * cm_json_new_string(void *parent, const char *string, ssize_t length) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_string; if (length < 0) { json->s.s = talloc_strdup(json, string); json->s.l = strlen(json->s.s); } else { json->s.s = talloc_size(json, length + 1); if (json->s.s != NULL) { memcpy(json->s.s, string, length); json->s.s[length] = '\0'; } json->s.l = length; } if (json->s.s == NULL) { talloc_free(json); json = NULL; } } return json; } struct cm_json * cm_json_new_numberl(void *parent, long long number) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_numberl; json->l = number; } return json; } struct cm_json * cm_json_new_numberd(void *parent, long double number) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_numberd; json->d = number; } return json; } struct cm_json * cm_json_new_boolean(void *parent, unsigned char value) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_boolean; json->b = value; } return json; } struct cm_json * cm_json_new_object(void *parent) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_object; json->o.n = 0; json->o.o = NULL; } return json; } struct cm_json * cm_json_new_array(void *parent) { struct cm_json *json; json = talloc_zero(parent, struct cm_json); if (json != NULL) { json->type = cm_json_type_array; json->a.n = 0; json->a.a = NULL; } return json; } const char * cm_json_string(struct cm_json *json, ssize_t *length) { if (cm_json_type(json) != cm_json_type_string) { return NULL; } if (length != NULL) { *length = json->s.l; } return json->s.s; } long double cm_json_numberd(struct cm_json *json) { if (cm_json_type(json) != cm_json_type_numberd) { return -1; } return json->d; } long long cm_json_numberl(struct cm_json *json) { if (cm_json_type(json) != cm_json_type_numberl) { return -1; } return json->l; } unsigned char cm_json_boolean(struct cm_json *json) { if (cm_json_type(json) != cm_json_type_boolean) { return -1; } return json->b; } ssize_t cm_json_n_keys(struct cm_json *json) { if (cm_json_type(json) != cm_json_type_object) { return -1; } return json->o.n; } const char * cm_json_nth_key(struct cm_json *json, size_t n) { if ((cm_json_type(json) != cm_json_type_object) || (n >= json->o.n)) { return NULL; } return json->o.o[n].key; } struct cm_json * cm_json_nth_val(struct cm_json *json, size_t n) { if ((cm_json_type(json) != cm_json_type_object) || (n >= json->o.n)) { return NULL; } return json->o.o[n].val; } ssize_t cm_json_array_size(struct cm_json *json) { if (cm_json_type(json) != cm_json_type_array) { return -1; } return json->a.n; } struct cm_json * cm_json_n(struct cm_json *json, size_t n) { if ((cm_json_type(json) != cm_json_type_array) || (n >= json->a.n)) { return NULL; } return json->a.a[n]; } struct cm_json * cm_json_get(struct cm_json *json, const char *key) { ssize_t n; if ((cm_json_type(json) != cm_json_type_object) || (key == NULL)) { return NULL; } for (n = json->o.n - 1; n >= 0; n--) { if (strcmp(key, json->o.o[n].key) == 0) { return json->o.o[n].val; } } return NULL; } int cm_json_set(struct cm_json *json, const char *key, struct cm_json *value) { struct cm_json_object_rec *recs; ssize_t n; for (n = json->o.n - 1; n >= 0; n--) { if (strcmp(key, json->o.o[n].key) == 0) { if (value != NULL) { talloc_steal(json, value); } json->o.o[n].val = value; break; } } if (n < 0) { n = json->o.n; recs = talloc_realloc(json, json->o.o, struct cm_json_object_rec, n + 1); if (recs == NULL) { return ENOMEM; } json->o.o = recs; recs[n].key = talloc_strdup(json, key); if (recs[n].key == NULL) { return ENOMEM; } if (value != NULL) { talloc_steal(json, value); } recs[n].val = value; json->o.n = n + 1; } return 0; } int cm_json_append(struct cm_json *json, struct cm_json *value) { struct cm_json **recs; ssize_t n; n = json->a.n; recs = talloc_realloc(json, json->a.a, struct cm_json *, n + 1); if (recs == NULL) { return ENOMEM; } json->a.a = recs; talloc_steal(json, value); recs[n] = value; json->a.n = n + 1; return 0; } int cm_json_set_n(struct cm_json *json, size_t n, struct cm_json *value) { struct cm_json **recs; size_t size, i; if (json->a.n < n + 1) { size = n + 1; recs = talloc_realloc(json, json->a.a, struct cm_json *, size); if (recs == NULL) { return ENOMEM; } json->a.a = recs; for (i = json->a.n; i < n; i++) { json->a.a[i] = NULL; } json->a.n = size; } talloc_steal(json, value); json->a.a[n] = value; return 0; } int cm_json_utf8_to_point(const char *p, uint32_t *point) { const unsigned char *u; uint32_t ret; int count, i; unsigned char uc; u = (const unsigned char *)p; uc = *u; if ((uc & 0x80) == 0) { *point = uc; return 1; } if ((uc & 0x40) == 0) { /* sync error: not the first of a utf-8 multibyte character */ *point = 0; return -1; } count = 0; /* the number of bytes */ while ((uc & 0x80) != 0) { count++; uc <<= 1; } if (count > 6) { /* shouldn't happen - code point way too high */ *point = 0; return -5; } ret = *u & (0xff >> (count + 1)); for (i = 1; i < count; i++) { uc = u[i]; if (uc == '\0') { /* not enough input bytes */ *point = 0; return -3; } if ((uc & 0xc0) != 0x80) { /* sync error: not a subsequent byte */ *point = 0; return -2; } ret = (ret << 6) | (uc & 0x3f); } *point = ret; return count; } static char * cm_json_escape(void *parent, const char *s, ssize_t l) { char *ret, *q; const unsigned char *p; unsigned char uc; uint32_t uni; int esc = 0, n; if (l < 0) { l = strlen(s); } for (p = (const unsigned char *) s; (const char *) p < s + l; p++) { uc = *p; if ((uc < 0x20) || (uc == 0x22) || (uc == 0x5c) || (uc > 0x7f)) { esc++; } } ret = talloc_size(parent, l + esc * 12 + 2 + 1); if (ret != NULL) { q = ret; *q++ = '"'; for (p = (const unsigned char *) s; (const char *) p < s + l; p++) { uc = *p; switch (uc) { case '"': case '\\': *q++ = '\\'; *q++ = *p; break; case '\b': *q++ = '\\'; *q++ = 'b'; break; case '\f': *q++ = '\\'; *q++ = 'f'; break; case '\n': *q++ = '\\'; *q++ = 'n'; break; case '\r': *q++ = '\\'; *q++ = 'r'; break; case '\t': *q++ = '\\'; *q++ = 't'; break; default: if ((uc >= 0x20) && (uc < 0x80)) { *q++ = *p; } else { n = cm_json_utf8_to_point((const char *) p, &uni); if ((n < 0) || (n > 6)) { /* invalid */ talloc_free(ret); return NULL; } if (uni > 0x10ffff) { /* invalid */ talloc_free(ret); return NULL; } p += n; if ((uni < 0xd800) || ((uni >= 0xe000) && (uni <= 0xffff))) { sprintf(q, "\\u%04X", uni); q += 6; } else { uni -= 0x10000; sprintf(q, "\\u%04X\\u%04X", (uni >> 10) | 0xd800, (uni & 0x3ff) | 0xdc00); q += 12; } p--; } break; } } *q++ = '"'; *q = '\0'; } return ret; } char * cm_json_encode(void *parent, struct cm_json *json) { char *ret = NULL, *key, *val; size_t i; if (json == NULL) { return talloc_strdup(parent, ""); } switch (json->type) { case cm_json_type_undefined: break; case cm_json_type_null: ret = talloc_strdup(parent, "null"); break; case cm_json_type_string: ret = cm_json_escape(ret, json->s.s, json->s.l); break; case cm_json_type_numberl: ret = talloc_asprintf(parent, "%lld", json->l); break; case cm_json_type_numberd: ret = talloc_asprintf(parent, "%Lf", json->d); break; case cm_json_type_boolean: ret = talloc_strdup(parent, json->b ? "true" : "false"); break; case cm_json_type_object: ret = talloc_strdup(parent, "{"); for (i = 0; i < json->o.n; i++) { if ((json->o.o[i].key == NULL) || (json->o.o[i].val == NULL)) { continue; } key = cm_json_escape(ret, json->o.o[i].key, -1); val = cm_json_encode(ret, json->o.o[i].val); if ((key == NULL) || (val == NULL)) { talloc_free(ret); ret = NULL; break; } else { ret = talloc_asprintf_append(ret, "%s%s:%s", i > 0 ? "," : "", key, val); talloc_free(key); talloc_free(val); } } ret = talloc_strdup_append(ret, "}"); break; case cm_json_type_array: ret = talloc_strdup(parent, "["); for (i = 0; i < json->a.n; i++) { val = cm_json_encode(ret, json->a.a[i]); if (val == NULL) { talloc_free(ret); ret = NULL; break; } else { ret = talloc_asprintf_append(ret, "%s%s", i > 0 ? "," : "", val); talloc_free(val); } } ret = talloc_strdup_append(ret, "]"); break; } return ret; } int cm_json_point_to_utf8_length(uint32_t point) { int ret; if (point < 0x80) { return 1; } if ((point >= 0xd800) && (point <= 0xdfff)){ return -1; } ret = 2; point >>= 11; while (point != 0) { ret++; point >>= 5; } return ret; } int cm_json_point_to_utf8(uint32_t point, char *out, ssize_t max) { int count, i; unsigned char final; count = cm_json_point_to_utf8_length(point); if ((count < 0) || (count > max)) { return -1; } if (point < 0x80) { *out = (point & 0x7f); return 1; } final = 0x80; for (i = 0; i < count - 1; i++) { out[count - i - 1] = 0x80 | (point & 0x3f); point >>= 6; final = (final >> 1) | 0x80; } *out = final | (point & 0x3f); return count; } static char * cm_json_decode_string(void *parent, const char *s, ssize_t length, const char **next, ssize_t *out_length) { char *ret = NULL, *q, *end; const char *p, *hex, *hexchars = "00112233445566778899AaBbCcDdEeFf", *psave; int unesc = 0, i, closed = 0; uint32_t point, point2; if (out_length != NULL) { *out_length = 0; } *next = s; if (*s != '"') { return NULL; } s++; length--; for (p = s; p < s + length; p++) { switch (*p) { case '"': length = p - s; *next = s + length + 1; closed++; break; case '\\': psave = p; p++; switch (*p) { case 'u': p++; point = 0; for (i = 0; i < 4; i++) { hex = strchr(hexchars, *p); if (hex == NULL) { break; } point = (point << 4) | ((hex - hexchars) / 2); p++; } if ((point >= 0xd800) && (point < 0xdc000) && (p + 2 < s + length) && (p[0] == '\\') && (p[1] == 'u')) { psave = p; p += 2; point2 = 0; for (i = 0; (i < 4) && (p + 2 + i < s + length); i++) { hex = strchr(hexchars, *p); if (hex == NULL) { break; } point2 = (point2 << 4) | ((hex - hexchars) / 2); p++; } if ((point >= 0xd800) && (point < 0xdc00) && (point2 >= 0xdc00) && (point2 <= 0xdcff)) { point = ((point & 0x3ff) << 10) | (point2 & 0x3ff); point += 0x10000; } else { p = psave; } } i = cm_json_point_to_utf8_length(point); if (i < 0) { *next = psave; return NULL; } unesc += i; p--; break; default: unesc++; break; } break; default: unesc++; break; } } if (!closed) { *next = p; return NULL; } ret = talloc_size(parent, unesc + 1); end = ret + unesc + 1; for (p = s, q = ret; p < s + length; p++) { switch (*p) { case '\\': psave = p; p++; switch (*p) { case 'u': p++; point = 0; for (i = 0; i < 4; i++) { hex = strchr(hexchars, *p); if (hex == NULL) { break; } point = (point << 4) | ((hex - hexchars) / 2); p++; } if ((point >= 0xd800) && (point < 0xdc00) && (p + 2 < s + length) && (p[0] == '\\') && (p[1] == 'u')) { psave = p; p += 2; point2 = 0; for (i = 0; (i < 4) && (p + 2 + i < s + length); i++) { hex = strchr(hexchars, *p); if (hex == NULL) { break; } point2 = (point2 << 4) | ((hex - hexchars) / 2); p++; } if ((point >= 0xd800) && (point < 0xdc00) && (point2 >= 0xdc00) && (point2 <= 0xdcff)) { point = ((point & 0x3ff) << 10) | (point2 & 0x3ff); point += 0x10000; } else { p = psave; } } i = cm_json_point_to_utf8(point, q, end - q); if (i < 0) { *next = psave; return NULL; } q += i; p--; break; case 'b': *q++ = '\b'; break; case 'f': *q++ = '\f'; break; case 'n': *q++ = '\n'; break; case 'r': *q++ = '\r'; break; case 't': *q++ = '\t'; break; default: *q++ = *p; break; } break; default: *q++ = *p; break; } } *q = '\0'; if (out_length != NULL) { *out_length = q - ret; } return ret; } static long double my_strtold(const char *nptr, char **endptr) { #if HAVE_DECL_STRTOLD return strtold(nptr, endptr); #else return strtod(nptr, endptr); #endif } int cm_json_decode(void *parent, const char *encoded, ssize_t length, struct cm_json **json, const char **next) { int ret = 0; const char *p, *q, *nextp; char *s = NULL, *tmp; struct cm_json *agg = NULL, *sub = NULL; enum cm_json_type aggtype; ssize_t slength; enum {key, keyorclose, colon, commaorclose, expr, exprorclose} expect = expr; p = encoded; if (next == NULL) { next = &nextp; } *next = p; if (length == -1) { length = strlen(encoded); } aggtype = cm_json_type_undefined; *json = NULL; while ((p < encoded + length) && (*json == NULL)) { switch (*p) { case ' ': case '\t': case '\r': case '\n': p++; continue; break; case '[': switch (expect) { case key: case keyorclose: case colon: case commaorclose: goto done; break; case expr: case exprorclose: break; } if (aggtype != cm_json_type_undefined) { /* This is an array item in an aggregate. */ ret = cm_json_decode(parent, p, length - (p - encoded), &sub, &p); if (ret != 0) { goto done; } expect = commaorclose; } else { /* This level is an array. */ aggtype = cm_json_type_array; agg = cm_json_new_array(parent); p++; expect = exprorclose; } break; case ']': switch (expect) { case key: case colon: case expr: goto done; break; case keyorclose: case exprorclose: case commaorclose: break; } if (aggtype != cm_json_type_array) { /* Not expecting an array close. */ goto done; } if (sub != NULL) { ret = cm_json_append(agg, sub); sub = NULL; } *json = agg; p++; break; case '{': switch (expect) { case keyorclose: case key: case colon: case commaorclose: goto done; break; case exprorclose: case expr: break; } if (aggtype != cm_json_type_undefined) { /* This is an object item in an aggregate. */ ret = cm_json_decode(parent, p, length - (p - encoded), &sub, &p); if (ret != 0) { goto done; } expect = commaorclose; } else { /* This level is an object. */ aggtype = cm_json_type_object; agg = cm_json_new_object(parent); expect = keyorclose; p++; } break; case '}': switch (expect) { case key: case colon: case expr: goto done; break; case keyorclose: case exprorclose: case commaorclose: break; } if (aggtype != cm_json_type_object) { goto done; } if ((s != NULL) && (sub != NULL)) { ret = cm_json_set(agg, s, sub); } talloc_free(s); s = NULL; sub = NULL; *json = agg; p++; break; case ',': switch (expect) { case key: case colon: case expr: case keyorclose: case exprorclose: goto done; break; case commaorclose: break; } if (aggtype == cm_json_type_object) { if ((s == NULL) || (sub == NULL)) { goto done; } ret = cm_json_set(agg, s, sub); talloc_free(s); s = NULL; sub = NULL; expect = key; } else if (aggtype == cm_json_type_array) { if (sub == NULL) { goto done; } ret = cm_json_append(agg, sub); sub = NULL; expect = expr; } else { goto done; } p++; break; case ':': switch (expect) { case colon: break; case keyorclose: case key: case exprorclose: case expr: case commaorclose: goto done; break; } if (aggtype != cm_json_type_object) { goto done; } expect = expr; p++; break; case '"': switch (expect) { case colon: case commaorclose: goto done; break; case keyorclose: case key: case exprorclose: case expr: break; } if (aggtype == cm_json_type_undefined) { /* This level is a string. */ if (s != NULL) { goto done; } s = cm_json_decode_string(parent, p, length - (p - encoded), &p, &slength); if (s == NULL) { goto done; } *json = cm_json_new_string(parent, s, slength); talloc_free(s); s = NULL; } else { tmp = cm_json_decode_string(parent, p, length - (p - encoded), &p, &slength); if (tmp == NULL) { goto done; } if ((expect == key) || (expect == keyorclose)) { /* It's a key in an object. */ s = tmp; expect = colon; } else { /* It's a value in an object or array. */ sub = cm_json_new_string(parent, tmp, slength); talloc_free(tmp); tmp = NULL; expect = commaorclose; } } break; default: switch (expect) { case keyorclose: case key: case colon: case commaorclose: goto done; break; case exprorclose: case expr: break; } if (sub != NULL) { goto done; } if ((length - (p - encoded) >= 4) && (memcmp(p, "null", 4) == 0)) { sub = cm_json_new_null(parent); p += 4; } else if ((length - (p - encoded) >= 4) && (memcmp(p, "true", 4) == 0)) { sub = cm_json_new_boolean(parent, 1); p += 4; } else if ((length - (p - encoded) >= 5) && (memcmp(p, "false", 4) == 0)) { sub = cm_json_new_boolean(parent, 0); p += 5; } else if (strchr("0123456789+-", *p) != NULL) { q = p + 1; while ((q < encoded + length) && (strchr("0123456789+-Ee.", *q) != NULL)) { q++; } tmp = talloc_strndup(parent, p, q - p); if (tmp == NULL) { ret = ENOMEM; goto done; } if (strcspn(tmp, "Ee.") == strlen(tmp)) { sub = cm_json_new_numberl(parent, strtoll(tmp, NULL, 10)); } else { sub = cm_json_new_numberd(parent, my_strtold(tmp, NULL)); } talloc_free(tmp); if (sub == NULL) { ret = ENOMEM; goto done; } p = q; } else { /* Doesn't look like a valid token. */ goto done; } if (aggtype == cm_json_type_undefined) { /* This level is a simple item. */ *json = sub; } else { expect = commaorclose; } break; } } done: while ((p < encoded + length) && (strchr(" \t\r\n", *p) != NULL)) { p++; } *next = p; if ((*json == NULL) && (ret == 0)) { switch (expect) { case keyorclose: ret = CM_JSON_EXPECTED_KEY_OR_CLOSE; break; case key: ret = CM_JSON_EXPECTED_KEY; break; case colon: ret = CM_JSON_EXPECTED_COLON; break; case commaorclose: ret = CM_JSON_EXPECTED_COMMA_OR_CLOSE; break; case exprorclose: ret = CM_JSON_EXPECTED_EXPRESSION_OR_CLOSE; break; case expr: ret = CM_JSON_EXPECTED_EXPRESSION; break; } } return ret; } const char * cm_json_decode_strerror(int error) { switch (error) { case CM_JSON_EXPECTED_KEY_OR_CLOSE: return "expected an object key or close ('}')"; break; case CM_JSON_EXPECTED_KEY: return "expected an object key"; break; case CM_JSON_EXPECTED_COLON: return "expected a colon (':')"; break; case CM_JSON_EXPECTED_COMMA_OR_CLOSE: return "expected a comma or close ('}' or ']')"; break; case CM_JSON_EXPECTED_EXPRESSION_OR_CLOSE: return "expected an expression or close ('}' or ']')"; break; case CM_JSON_EXPECTED_EXPRESSION: return "expected an expression"; break; } return "unknown error"; } struct cm_json * cm_json_find(struct cm_json *json, const char *path) { const char *p, *q; char *component, *end; long l; struct cm_json *this = json; while ((*path != '\0') && (this != NULL)) { while (*path == '/') { path++; } p = path; q = p + strcspn(p, "/"); if (p == q) { break; } path = q; component = talloc_strndup(json, p, q - p); if (this->type == cm_json_type_object) { this = cm_json_get(this, component); if (this == NULL) { l = strtol(component, &end, 10); if ((end == NULL) || ((*end != '/') && (*end != '\0')) || (l < 0)) { this = NULL; talloc_free(component); continue; } this = cm_json_nth_val(this, l); } talloc_free(component); continue; } if (this->type == cm_json_type_array) { end = component; l = strtol(component, &end, 10); if ((end == NULL) || ((*end != '/') && (*end != '\0')) || (l < 0)) { this = NULL; talloc_free(component); continue; } this = cm_json_n(this, l); talloc_free(component); continue; } this = NULL; } return this; } certmonger-0.79.19/src/json.h0000644000175000017500000000563714511314133015356 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmjson_h #define cmjson_h struct cm_json; enum cm_json_type { cm_json_type_undefined = 0, cm_json_type_null, cm_json_type_string, cm_json_type_numberl, cm_json_type_numberd, cm_json_type_boolean, cm_json_type_object, cm_json_type_array, }; #define CM_JSON_EXPECTED_KEY_OR_CLOSE -2 #define CM_JSON_EXPECTED_KEY -3 #define CM_JSON_EXPECTED_COLON -4 #define CM_JSON_EXPECTED_COMMA_OR_CLOSE -5 #define CM_JSON_EXPECTED_EXPRESSION_OR_CLOSE -6 #define CM_JSON_EXPECTED_EXPRESSION -7 int cm_json_decode(void *parent, const char *encoded, ssize_t length, struct cm_json **json, const char **next); const char *cm_json_decode_strerror(int error); struct cm_json *cm_json_find(struct cm_json *json, const char *path); char *cm_json_encode(void *parent, struct cm_json *json); enum cm_json_type cm_json_type(struct cm_json *json); ssize_t cm_json_n_keys(struct cm_json *json); const char *cm_json_nth_key(struct cm_json *json, size_t n); struct cm_json *cm_json_get(struct cm_json *json, const char *key); struct cm_json *cm_json_nth_val(struct cm_json *json, size_t n); int cm_json_set(struct cm_json *json, const char *key, struct cm_json *value); ssize_t cm_json_array_size(struct cm_json *json); struct cm_json *cm_json_n(struct cm_json *json, size_t n); int cm_json_append(struct cm_json *json, struct cm_json *value); int cm_json_set_n(struct cm_json *json, size_t n, struct cm_json *value); const char *cm_json_string(struct cm_json *json, ssize_t *length); long double cm_json_numberd(struct cm_json *json); long long cm_json_numberl(struct cm_json *json); unsigned char cm_json_boolean(struct cm_json *json); struct cm_json *cm_json_new_null(void *parent); struct cm_json *cm_json_new_string(void *parent, const char *string, ssize_t length); struct cm_json *cm_json_new_numberl(void *parent, long long number); struct cm_json *cm_json_new_numberd(void *parent, long double number); struct cm_json *cm_json_new_boolean(void *parent, unsigned char value); struct cm_json *cm_json_new_object(void *parent); struct cm_json *cm_json_new_array(void *parent); int cm_json_utf8_to_point(const char *p, uint32_t *point); int cm_json_point_to_utf8_length(uint32_t point); int cm_json_point_to_utf8(uint32_t point, char *out, ssize_t max); #endif certmonger-0.79.19/src/keygen-int.h0000644000175000017500000000307314511314133016447 0ustar gitgit00000000000000/* * Copyright (C) 2009,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmkeygenint_h #define cmkeygenint_h struct cm_keygen_state_pvt { /* Check if the keypair is ready. */ int (*ready)(struct cm_keygen_state *state); /* Get a selectable-for-read descriptor which will either have data or * be closed when status changes. */ int (*get_fd)(struct cm_keygen_state *state); /* Tell us if the keypair was saved to the right location. */ int (*saved_keypair)(struct cm_keygen_state *state); /* Tell us if we need filesystem permissions to write the key. */ int (*need_perms)(struct cm_keygen_state *state); /* Tell us if we need a PIN (or a new PIN) to access the key store. */ int (*need_pin)(struct cm_keygen_state *state); /* Tell us if we need a token to be inserted to access the key store. */ int (*need_token)(struct cm_keygen_state *state); /* Clean up after key generation. */ void (*done)(struct cm_keygen_state *state); }; #endif certmonger-0.79.19/src/keygen-n.c0000644000175000017500000006246114511314133016113 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "keygen.h" #include "keygen-int.h" #include "log.h" #include "pin.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-n.h" #define PRIVKEY_LIST_EMPTY(l) PRIVKEY_LIST_END(PRIVKEY_LIST_HEAD(l), l) struct cm_keygen_state { struct cm_keygen_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; struct cm_keygen_n_settings { unsigned int readwrite:1; }; #ifdef CM_ENABLE_DSA static int pqg_size(int key_size) { if (key_size < 512) { key_size = 512; } if (key_size < 1024) { key_size = howmany(key_size, 64) * 64; } if (key_size > 1024) { key_size = howmany(key_size, 1024) * 1024; } if (key_size > 3072) { key_size = 3072; } return key_size; } #endif static char * make_nickname(const char *prefix, char **marker) { unsigned char suffix[6]; char *ret; size_t l; if (PK11_GenerateRandom(suffix, sizeof(suffix)) != SECSuccess) { /* Try again sometime later. */ cm_log(1, "Error generating suffix: %s.\n", PR_ErrorToName(PORT_GetError())); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } *marker = cm_store_base64_from_bin(NULL, suffix, sizeof(suffix)); if (*marker == NULL) { /* Try again sometime later. */ cm_log(1, "Error generating suffix.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } while ((l = strcspn(*marker, "+/")) != strlen(*marker)) { switch ((*marker)[l]) { case '+': (*marker)[l] = '='; break; case '/': (*marker)[l] = '_'; break; } } ret = util_build_next_nickname(prefix, *marker); return ret; } static int cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { FILE *status; enum cm_key_algorithm cm_key_algorithm; int cm_key_size, cm_requested_key_size, readwrite, ec; CK_MECHANISM_TYPE mech, pmech; SECStatus error; NSSInitContext *ctx; PK11SlotList *slotlist; PK11SlotListElement *sle; PK11SlotInfo *slot = NULL; PK11RSAGenParams rsa_params; #ifdef CM_ENABLE_DSA PQGParams *pqg_params = NULL; PQGVerify *pqg_verify; SECStatus pqg_ok; SECKEYPQGParams dsa_params; int pqg_s; #endif SECItem *spki; CERTSubjectPublicKeyInfo *pubkeyinfo; void *params; #ifdef CM_ENABLE_EC SECOidData *ecurve; SECItem ec_params; #endif SECKEYPrivateKey *privkey, *delkey, *ckey; SECKEYPrivateKeyList *privkeys; SECKEYPrivateKeyListNode *node; SECKEYPublicKey *pubkey; CERTCertList *certs; CERTCertListNode *cnode; CERTCertificate *cert; const char *es, *token, *keyname, *reason; char *nickname, *marker = "", *markertmp; char *pin, *pubhex, *pubihex; struct cm_keygen_n_settings *settings; struct cm_pin_cb_data cb_data; int retry, generated_size; status = fdopen(fd, "w"); if (status == NULL) { _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Start up NSS and open the database. */ settings = userdata; readwrite = settings->readwrite; errno = 0; ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); ec = PORT_GetError(); if (ctx == NULL) { if ((ec == SEC_ERROR_READ_ONLY) && readwrite) { ec = PR_NO_ACCESS_RIGHTS_ERROR; } else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { switch (errno) { case EACCES: case EPERM: case ENOENT: ec = PR_NO_ACCESS_RIGHTS_ERROR; break; default: /* Sigh. Not a lot of detail. Check if we * succeed in read-only mode, which we'll * interpret as lack of write permissions. */ ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); if (ctx != NULL) { error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down " "NSS.\n"); } ctx = NULL; ec = PR_NO_ACCESS_RIGHTS_ERROR; } break; } } if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { fprintf(status, "Error initializing database " "'%s': %s.\n", entry->cm_key_storage_location, es); cm_log(1, "Error initializing database '%s': %s.\n", entry->cm_key_storage_location, es); } else { fprintf(status, "Error initializing database '%s'.\n", entry->cm_key_storage_location); cm_log(1, "Error initializing database '%s'.\n", entry->cm_key_storage_location); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: _exit(CM_SUB_STATUS_ERROR_INITIALIZING); break; } } if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(0, "Error shutting down NSS.\n"); _exit(1); } ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT); if (ctx == NULL) { cm_log(0, "Unable to initialize NSS %s.\n", entry->cm_key_storage_location); _exit(1); } reason = util_n_fips_hook(); if (reason != NULL) { cm_log(1, "Error putting NSS into FIPS mode: %s\n", reason); _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } /* Handle the key size. */ cm_key_algorithm = entry->cm_key_type.cm_key_gen_algorithm; if (cm_key_algorithm == cm_key_unspecified) { cm_key_algorithm = CM_DEFAULT_PUBKEY_TYPE; } cm_requested_key_size = entry->cm_key_type.cm_key_gen_size; if (cm_requested_key_size <= 0) { cm_requested_key_size = CM_DEFAULT_PUBKEY_SIZE; } /* Convert our key type to a mechanism. */ switch (cm_key_algorithm) { case cm_key_rsa: mech = CKM_RSA_PKCS_KEY_PAIR_GEN; pmech = CKM_RSA_PKCS_KEY_PAIR_GEN; break; #ifdef CM_ENABLE_DSA case cm_key_dsa: cm_requested_key_size = pqg_size(cm_requested_key_size); mech = CKM_DSA_KEY_PAIR_GEN; pmech = CKM_DSA_PARAMETER_GEN; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: mech = CKM_EC_KEY_PAIR_GEN; pmech = CKM_EC_KEY_PAIR_GEN; break; #endif default: fprintf(status, "Unknown or unsupported key type.\n"); cm_log(1, "Unknown or unsupported key type.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); break; } /* Find the tokens that we might use for key generation. */ slotlist = PK11_GetAllTokens(mech, PR_TRUE, PR_FALSE, NULL); if (slotlist == NULL) { fprintf(status, "Error locating token for key generation.\n"); cm_log(1, "Error locating token for key generation.\n"); _exit(CM_SUB_STATUS_ERROR_NO_TOKEN); } if (entry->cm_cert_token == NULL) { entry->cm_cert_token = util_internal_token_name(entry); } /* Walk the list looking for the requested slot, or the first one if * none was requested. */ slot = NULL; for (sle = slotlist->head; ((sle != NULL) && (sle->slot != NULL)); sle = sle->next) { if (PK11_IsInternal(sle->slot) && !PK11_IsInternalKeySlot(sle->slot)) { cm_log(3, "Skipping NSS internal slot (%s).\n", PK11_GetTokenName(sle->slot)); goto next_slot; } token = PK11_GetTokenName(sle->slot); if (token != NULL) { cm_log(3, "Found token '%s'.\n", token); } else { cm_log(3, "Found unnamed token.\n"); } if ((entry->cm_key_token == NULL) || (strlen(entry->cm_key_token) == 0) || ((token != NULL) && (strcmp(entry->cm_key_token, token) == 0))) { slot = sle->slot; break; } next_slot: if (sle == slotlist->tail) { break; } } if (slot == NULL) { fprintf(status, "Error locating token for key generation.\n"); cm_log(1, "Error locating token for key generation.\n"); _exit(CM_SUB_STATUS_ERROR_NO_TOKEN); } /* Be ready to count our uses of a PIN. */ memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; pin = NULL; /* If we're supposed to be using a PIN, and we're offered a chance to * set one, do it now. */ if (readwrite) { if (PK11_NeedUserInit(slot)) { if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading PIN to assign " "to storage slot, skipping.\n"); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } PK11_InitPin(slot, NULL, pin ? pin : ""); ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (PK11_NeedUserInit(slot)) { if (es != NULL) { cm_log(1, "Key generation slot still " "needs user PIN to be set: " "%s.\n", es); } else { cm_log(1, "Key generation slot still " "needs user PIN to be set.\n"); } PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: _exit(CM_SUB_STATUS_ERROR_AUTH); break; } } /* We're authenticated now, so count this as a use of * the PIN. */ if ((pin != NULL) && (strlen(pin) > 0)) { cb_data.n_attempts++; } } } /* Now log in, if we have to. */ if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading PIN for key store, " "failing to generate CSR.\n"); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } PK11_SetPasswordFunc(&cm_pin_read_for_key_nss_cb); error = PK11_Authenticate(slot, PR_TRUE, &cb_data); ec = PORT_GetError(); if (error != SECSuccess) { if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error authenticating to key store: %s.\n", es); } else { cm_log(1, "Error authenticating to key store.\n"); } PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to auth to key " "store token %s, though one was provided. " "Treating this as an error.\n", token); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } /* Select an initial key size. */ if (cm_requested_key_size == 0) { cm_requested_key_size = CM_DEFAULT_PUBKEY_SIZE; } cm_key_size = cm_requested_key_size; retry_gen: /* Initialize the parameters. */ switch (cm_key_algorithm) { case cm_key_rsa: /* no parameters */ break; #ifdef CM_ENABLE_DSA case cm_key_dsa: cm_log(1, "Computing parameters for domain generation.\n"); pqg_ok = SECFailure; cm_key_size = pqg_size(cm_key_size); retry = 0; while (pqg_ok == SECFailure) { pqg_params = NULL; pqg_verify = NULL; pqg_s = cm_key_size / 32; if (pqg_s < 20) { pqg_s = 20; } else if (pqg_s > 64) { pqg_s = 64; } cm_log(1, "Generating domain parameters (L=%d,N=%d,S=%d).\n", cm_key_size, 0, pqg_s); while (PK11_PQG_ParamGenV2(cm_key_size, 0, pqg_s, &pqg_params, &pqg_verify) != SECSuccess) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error generating params: %s.\n", es); } else { cm_log(1, "Error generating params.\n"); } if ((ec != SEC_ERROR_BAD_DATA) || (++retry > 10)) { PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } cm_log(1, "Trying again.\n"); pqg_params = NULL; pqg_verify = NULL; goto retry_gen; } if (PK11_PQG_VerifyParams(pqg_params, pqg_verify, &pqg_ok) != SECSuccess) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error verifying params: %s.\n", es); } else { cm_log(1, "Error verifying params.\n"); } if (++retry > 10) { PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } } generated_size = pqg_params->prime.len * 8; if (generated_size < (cm_key_size * 9 / 10)) { cm_log(1, "Params are a too small (%d vs %d).\n", pqg_params->prime.len * 8, cm_key_size); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (pqg_ok == SECFailure) { cm_log(1, "Params are bad. Retrying.\n"); } } break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: /* no parameters to generate */ break; #endif default: params = NULL; break; } /* Initialize the key generation parameters. */ switch (cm_key_algorithm) { case cm_key_rsa: memset(&rsa_params, 0, sizeof(rsa_params)); rsa_params.keySizeInBits = cm_key_size; rsa_params.pe = CM_DEFAULT_RSA_EXPONENT; params = &rsa_params; break; #ifdef CM_ENABLE_DSA case cm_key_dsa: memset(&dsa_params, 0, sizeof(dsa_params)); PK11_PQG_GetPrimeFromParams(pqg_params, &dsa_params.prime); PK11_PQG_GetSubPrimeFromParams(pqg_params, &dsa_params.subPrime); PK11_PQG_GetBaseFromParams(pqg_params, &dsa_params.base); params = &dsa_params; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: memset(&ec_params, 0, sizeof(ec_params)); if (cm_key_size <= 256) ecurve = SECOID_FindOIDByTag(SEC_OID_ANSIX962_EC_PRIME256V1); else if (cm_key_size <= 384) ecurve = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP384R1); else ecurve = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP521R1); SEC_ASN1EncodeItem(NULL, &ec_params, &ecurve->oid, SEC_ObjectIDTemplate); params = &ec_params; break; #endif default: params = NULL; break; } /* Generate the key pair. */ cm_log(1, "Generating key pair.\n"); pubkey = NULL; privkey = PK11_GenerateKeyPair(slot, mech, params, &pubkey, PR_TRUE, PR_TRUE, NULL); /* Retry with the optimum key size. */ if (privkey == NULL) { cm_key_size = PK11_GetBestKeyLength(slot, pmech); if (cm_key_size != cm_requested_key_size) { cm_log(1, "Overriding requested key size of %d with %d.\n", cm_requested_key_size, cm_key_size); goto retry_gen; } ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error generating key pair: %s.\n", es); } else { cm_log(1, "Error generating key pair.\n"); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: _exit(CM_SUB_STATUS_INTERNAL_ERROR); break; } } cm_log(1, "Ended up with %d bit public key.\n", SECKEY_PublicKeyStrengthInBits(pubkey)); /* Check for keys with the desired name, selecting a new name if * there's already one with the desired name. */ nickname = strdup(entry->cm_key_nickname); if (nickname == NULL) { cm_log(1, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } privkeys = PK11_ListPrivKeysInSlot(slot, nickname, NULL); while ((privkeys != NULL) && !PRIVKEY_LIST_EMPTY(privkeys)) { markertmp = NULL; for (node = PRIVKEY_LIST_HEAD(privkeys); !PRIVKEY_LIST_EMPTY(privkeys) && !PRIVKEY_LIST_END(node, privkeys); node = PRIVKEY_LIST_NEXT(node)) { keyname = PK11_GetPrivateKeyNickname(node->key); if ((keyname != NULL) && (strcmp(keyname, nickname) == 0)) { /* We're going to need to use a different nickname. */ cm_log(1, "Key already exists with nickname \"%s\".\n", nickname); free(nickname); nickname = make_nickname(entry->cm_key_nickname, &markertmp); break; } } SECKEY_DestroyPrivateKeyList(privkeys); if (markertmp != NULL) { /* If we found at least one match, scan again for the new nickname. */ privkeys = PK11_ListPrivKeysInSlot(slot, nickname, NULL); marker = markertmp; } else { cm_log(1, "Nickname \"%s\" appears to be unused.\n", nickname); privkeys = NULL; } } if ((marker == NULL) || (strlen(marker) == 0)) { /* Look harder. Walk the list of certificates in the token, * looking at each one to see if it matches the specified * nickname. */ markertmp = NULL; certs = PK11_ListCertsInSlot(slot); while (certs != NULL) { cert = NULL; for (cnode = CERT_LIST_HEAD(certs); !CERT_LIST_EMPTY(certs) && !CERT_LIST_END(cnode, certs); cnode = CERT_LIST_NEXT(cnode)) { cert = cnode->cert; if ((nickname != NULL) && (strcmp(cert->nickname, nickname) == 0)) { cm_log(3, "Located a certificate with " "the desired nickname (\"%s\").\n", nickname); ckey = PK11_FindPrivateKeyFromCert(slot, cert, NULL); if (ckey != NULL) { cm_log(3, "And we found " "its private key.\n"); SECKEY_DestroyPrivateKey(ckey); } else { cm_log(3, "But we didn't find " "its private key.\n"); } break; } cert = NULL; } if (cert == NULL) { cm_log(1, "Nickname \"%s\" appears to be unused.\n", nickname); CERT_DestroyCertList(certs); certs = NULL; } else { free(nickname); nickname = make_nickname(entry->cm_key_nickname, &markertmp); marker = markertmp; } } } /* Attach the specified nickname to the key. */ error = PK11_SetPrivateKeyNickname(privkey, nickname); if (error != SECSuccess) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Error setting nickname \"%s\" on private key: " "%s.\n", nickname, es); } else { cm_log(1, "Error setting nickname \"%s\" on private key.\n", nickname); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: _exit(CM_SUB_STATUS_INTERNAL_ERROR); break; } } cm_log(1, "Set nickname \"%s\" on private key.\n", nickname); /* Encode the public key to hex, and print it. */ spki = SECKEY_EncodeDERSubjectPublicKeyInfo(pubkey); if (spki != NULL) { pubihex = cm_store_hex_from_bin(NULL, spki->data, spki->len); SECITEM_FreeItem(spki, PR_TRUE); } else { pubihex = ""; } pubkeyinfo = SECKEY_CreateSubjectPublicKeyInfo(pubkey); if (pubkeyinfo != NULL) { pubhex = cm_store_hex_from_bin(NULL, pubkeyinfo->subjectPublicKey.data, howmany(pubkeyinfo->subjectPublicKey.len, 8)); SECKEY_DestroySubjectPublicKeyInfo(pubkeyinfo); } else { pubhex = ""; } fprintf(status, "%s\n%s\n%s\n", pubihex, pubhex, marker ? marker : ""); SECKEY_DestroyPrivateKey(privkey); SECKEY_DestroyPublicKey(pubkey); /* Try to remove any keys with old candidate names. */ if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { free(nickname); nickname = util_build_next_nickname(entry->cm_key_nickname, entry->cm_key_next_marker); privkeys = PK11_ListPrivKeysInSlot(slot, nickname, NULL); while ((privkeys != NULL) && !PRIVKEY_LIST_EMPTY(privkeys)) { delkey = NULL; for (node = PRIVKEY_LIST_HEAD(privkeys); !PRIVKEY_LIST_EMPTY(privkeys) && !PRIVKEY_LIST_END(node, privkeys); node = PRIVKEY_LIST_NEXT(node)) { keyname = PK11_GetPrivateKeyNickname(node->key); if ((keyname != NULL) && (nickname != NULL) && (strcmp(keyname, nickname) == 0)) { /* Avoid stealing the key reference from the * list. */ delkey = SECKEY_CopyPrivateKey(node->key); break; } } SECKEY_DestroyPrivateKeyList(privkeys); if (delkey != NULL) { PK11_DeleteTokenPrivateKey(delkey, PR_FALSE); cm_log(1, "Removing key with nickname \"%s\".\n", nickname); /* If we found at least one key before, scan again. */ privkeys = PK11_ListPrivKeysInSlot(slot, nickname, NULL); } else { privkeys = NULL; } } } PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); free(nickname); util_set_db_entry_key_owner(entry->cm_key_storage_location, entry); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } fclose(status); return 0; } /* Check if the keypair is ready. */ static int cm_keygen_n_ready(struct cm_keygen_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_keygen_n_get_fd(struct cm_keygen_state *state) { return cm_subproc_get_fd(state->subproc); } /* Tell us if the keypair was saved to the location specified in the entry. */ static int cm_keygen_n_saved_keypair(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == 0)) { return 0; } return -1; } /* Tell us if we don't have permissions. */ static int cm_keygen_n_need_perms(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_PERMS)) { return 0; } return -1; } /* Tell us if we need a new/correct PIN to use the key store. */ static int cm_keygen_n_need_pin(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to generate the key. */ static int cm_keygen_n_need_token(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Clean up after key generation. */ static void cm_keygen_n_done(struct cm_keygen_state *state) { const char *output, *p, *q; char *pubkey_info, *pubkey, *marker = NULL; int len; if (state->subproc != NULL) { output = cm_subproc_get_msg(state->subproc, NULL); if (output != NULL) { p = output; len = strcspn(output, "\r\n"); pubkey_info = talloc_strndup(state->entry, p, len); q = p + len; p = q + strspn(q, "\r\n"); len = strcspn(p, "\r\n"); pubkey = talloc_strndup(state->entry, p, len); q = p + len; p = q + strspn(q, "\r\n"); len = strcspn(p, "\r\n"); if (len > 0) { marker = talloc_strndup(state->entry, p, len); } if ((marker != NULL) && (strlen(marker) > 0)) { state->entry->cm_key_next_pubkey_info = pubkey_info; state->entry->cm_key_next_pubkey = pubkey; state->entry->cm_key_next_marker = marker; state->entry->cm_key_next_generated_date = time(NULL); state->entry->cm_key_next_requested_count = 0; } else { state->entry->cm_key_next_pubkey_info = NULL; state->entry->cm_key_next_pubkey = NULL; state->entry->cm_key_next_marker = NULL; state->entry->cm_key_next_generated_date = 0; state->entry->cm_key_pubkey_info = pubkey_info; state->entry->cm_key_pubkey = pubkey; state->entry->cm_key_generated_date = time(NULL); state->entry->cm_key_requested_count = 0; state->entry->cm_key_issued_count = 0; } } cm_subproc_done(state->subproc); } talloc_free(state); } /* Start keypair generation using parameters stored in the entry. */ struct cm_keygen_state * cm_keygen_n_start(struct cm_store_entry *entry) { struct cm_keygen_state *state; struct cm_keygen_n_settings settings = { .readwrite = 1, }; if (entry->cm_key_storage_type != cm_key_storage_nssdb) { return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = cm_keygen_n_ready; state->pvt.get_fd = cm_keygen_n_get_fd; state->pvt.saved_keypair = cm_keygen_n_saved_keypair; state->pvt.need_perms = cm_keygen_n_need_perms; state->pvt.need_pin = cm_keygen_n_need_pin; state->pvt.need_token = cm_keygen_n_need_token; state->pvt.done = cm_keygen_n_done; state->entry = entry; state->subproc = cm_subproc_start(cm_keygen_n_main, state, NULL, entry, &settings); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/keygen-o.c0000644000175000017500000003274714511314133016120 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #ifdef CM_ENABLE_DSA #include #endif #ifdef CM_ENABLE_EC #include #endif #include #include #include #include #include #include "keygen.h" #include "keygen-int.h" #include "log.h" #include "pin.h" #include "prefs.h" #include "prefs-o.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-o.h" struct cm_keygen_state { struct cm_keygen_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; static char * make_filename(const char *prefix, char **marker) { unsigned char suffix[6]; char *ret; size_t l; if (!RAND_bytes(suffix, sizeof(suffix))) { /* Try again sometime later. */ cm_log(1, "Error generating suffix.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } *marker = cm_store_base64_from_bin(NULL, suffix, sizeof(suffix)); if (*marker == NULL) { /* Try again sometime later. */ cm_log(1, "Error generating suffix.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } while ((l = strcspn(*marker, "+/")) != strlen(*marker)) { switch ((*marker)[l]) { case '+': (*marker)[l] = '='; break; case '/': (*marker)[l] = '_'; break; } } ret = util_build_next_filename(prefix, *marker); return ret; } static int cm_keygen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_pin_cb_data cb_data; FILE *fp, *status; EVP_PKEY *pkey; char buf[LINE_MAX], *pin, *pubhex, *pubihex, *oldfile; unsigned char *p, *q; long error, errno_save; enum cm_key_algorithm cm_key_algorithm; int cm_key_size; int len; int keyfd; char *filename; char *marker; BIGNUM *exponent; RSA *rsa; #ifdef CM_ENABLE_DSA DSA *dsa; #endif #ifdef CM_ENABLE_EC EC_KEY *ec; int ecurve; #endif status = fdopen(fd, "w"); if (status == NULL) { _exit(CM_SUB_STATUS_INTERNAL_ERROR); } cm_key_algorithm = entry->cm_key_type.cm_key_gen_algorithm; if (cm_key_algorithm == cm_key_unspecified) { cm_key_algorithm = CM_DEFAULT_PUBKEY_TYPE; } cm_key_size = entry->cm_key_type.cm_key_gen_size; if (cm_key_size <= 0) { cm_key_size = CM_DEFAULT_PUBKEY_SIZE; } util_o_init(); ERR_load_crypto_strings(); if (RAND_status() != 1) { cm_log(1, "PRNG not seeded for generating key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } retry_gen: pkey = EVP_PKEY_new(); if (pkey == NULL) { cm_log(1, "Error allocating new key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } switch (cm_key_algorithm) { case cm_key_rsa: exponent = BN_new(); if (exponent == NULL) { cm_log(1, "Error setting up exponent.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } BN_set_word(exponent, CM_DEFAULT_RSA_EXPONENT); rsa = RSA_new(); if (rsa == NULL) { cm_log(1, "Error allocating new RSA key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (RSA_generate_key_ex(rsa, cm_key_size, exponent, NULL) != 1) { if (cm_key_size != CM_DEFAULT_PUBKEY_SIZE) { cm_log(1, "Error generating %d-bit key, " "attempting %d bits.\n", cm_key_size, CM_DEFAULT_PUBKEY_SIZE); cm_key_size = CM_DEFAULT_PUBKEY_SIZE; goto retry_gen; } cm_log(1, "Error generating key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (RSA_check_key(rsa) != 1) { /* should be unnecessary */ cm_log(1, "Key fails checks. Retrying.\n"); goto retry_gen; } EVP_PKEY_set1_RSA(pkey, rsa); break; #ifdef CM_ENABLE_DSA case cm_key_dsa: dsa = DSA_new(); if (dsa == NULL) { cm_log(1, "Error allocating new DSA key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (DSA_generate_parameters_ex(dsa, cm_key_size, NULL, 0, NULL, NULL, NULL) != 1) { if (cm_key_size != CM_DEFAULT_PUBKEY_SIZE) { cm_log(1, "Error generating %d-bit key, " "attempting %d bits.\n", cm_key_size, CM_DEFAULT_PUBKEY_SIZE); cm_key_size = CM_DEFAULT_PUBKEY_SIZE; goto retry_gen; } cm_log(1, "Error generating parameters.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (DSA_generate_key(dsa) != 1) { cm_log(1, "Error generating key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } EVP_PKEY_set1_DSA(pkey, dsa); break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: if (cm_key_size <= 256) ecurve = NID_X9_62_prime256v1; else if (cm_key_size <= 384) ecurve = NID_secp384r1; else ecurve = NID_secp521r1; ec = EC_KEY_new_by_curve_name(ecurve); while ((ec == NULL) && (ecurve != NID_X9_62_prime256v1)) { cm_log(1, "Error allocating new EC key.\n"); switch (ecurve) { case NID_secp521r1: cm_log(1, "Trying with a smaller key.\n"); ecurve = NID_secp384r1; ec = EC_KEY_new_by_curve_name(ecurve); break; case NID_secp384r1: cm_log(1, "Trying with a smaller key.\n"); ecurve = NID_X9_62_prime256v1; ec = EC_KEY_new_by_curve_name(ecurve); break; } } if (ec == NULL) { cm_log(1, "Error allocating new EC key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (EC_KEY_generate_key(ec) != 1) { cm_log(1, "Error generating key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); EVP_PKEY_set1_EC_KEY(pkey, ec); break; #endif default: cm_log(1, "Unknown or unsupported key type.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); break; } filename = strdup(entry->cm_key_storage_location); marker = ""; keyfd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if (keyfd != -1) { fp = fdopen(keyfd, "w"); } else { while ((keyfd == -1) && (errno == EEXIST)) { /* Check if there's also a permissions problem, which * we care about more than getting the naming right. */ keyfd = open(filename, O_RDWR, S_IRUSR | S_IWUSR); if (keyfd == -1) { switch (errno) { case EACCES: case EPERM: _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: break; } } else { errno_save = errno; close(keyfd); errno = errno_save; } cm_log(1, "Error opening key file \"%s\" " "for writing: %s.\n", filename, strerror(errno)); free(filename); filename = make_filename(entry->cm_key_storage_location, &marker); cm_log(1, "Attempting to open key file \"%s\" " "for writing.\n", filename); keyfd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); } if (keyfd == -1) { switch (errno) { case EACCES: case EPERM: _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: cm_log(1, "Error opening key file \"%s\" " "for writing: %s.\n", filename, strerror(errno)); _exit(CM_SUB_STATUS_INTERNAL_ERROR); break; } } fp = fdopen(keyfd, "w"); } if (fp == NULL) { if (errno != ENOENT) { error = errno; cm_log(1, "Error opening key file \"%s\" " "for writing: %s.\n", filename, strerror(errno)); switch (error) { case EACCES: case EPERM: _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: break; } } _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } util_set_fd_entry_key_owner(keyfd, filename, entry); free(filename); if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading key encryption PIN.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; if (PEM_write_PKCS8PrivateKey(fp, pkey, pin ? cm_prefs_ossl_cipher() : NULL, NULL, 0, cm_pin_read_for_key_ossl_cb, &cb_data) == 0) { errno_save = errno; cm_log(1, "Error storing key.\n"); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } switch (errno_save) { case EACCES: case EPERM: _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: break; } _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } pubihex = ""; len = i2d_PUBKEY(pkey, NULL); if (len > 0) { p = malloc(len); if (p != NULL) { q = p; if (i2d_PUBKEY(pkey, &q) == len) { pubihex = cm_store_hex_from_bin(NULL, p, q - p); } free(p); } } pubhex = ""; len = i2d_PublicKey(pkey, NULL); if (len > 0) { p = malloc(len); if (p != NULL) { q = p; if (i2d_PublicKey(pkey, &q) == len) { pubhex = cm_store_hex_from_bin(NULL, p, q - p); } free(p); } } fprintf(status, "%s\n%s\n%s\n", pubihex, pubhex, marker); fclose(fp); fclose(status); /* Try to remove any keys with old candidate names. */ if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { oldfile = util_build_next_filename(entry->cm_key_storage_location, entry->cm_key_next_marker); if (oldfile != NULL) { if (remove(oldfile) != 0) { cm_log(1, "Error removing \"%s\": %s.\n", oldfile, strerror(errno)); } free(oldfile); } } return 0; } /* Check if the keypair is ready. */ static int cm_keygen_o_ready(struct cm_keygen_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_keygen_o_get_fd(struct cm_keygen_state *state) { return cm_subproc_get_fd(state->subproc); } /* Tell us if the keypair was saved to the location specified in the entry. */ static int cm_keygen_o_saved_keypair(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == 0)) { return 0; } return -1; } /* Tell us if we don't have permissions. */ static int cm_keygen_o_need_perms(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_PERMS)) { return 0; } return -1; } /* Tell us if we need a new/correct PIN to use the key store. */ static int cm_keygen_o_need_pin(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to generate the key. */ static int cm_keygen_o_need_token(struct cm_keygen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Clean up after key generation. */ static void cm_keygen_o_done(struct cm_keygen_state *state) { const char *output, *p, *q; char *pubkey_info, *pubkey, *marker = NULL; int len; if (state->subproc != NULL) { output = cm_subproc_get_msg(state->subproc, NULL); if (output != NULL) { p = output; len = strcspn(output, "\r\n"); pubkey_info = talloc_strndup(state->entry, p, len); q = p + len; p = q + strspn(q, "\r\n"); len = strcspn(p, "\r\n"); pubkey = talloc_strndup(state->entry, p, len); q = p + len; p = q + strspn(q, "\r\n"); len = strcspn(p, "\r\n"); if (len > 0) { marker = talloc_strndup(state->entry, p, len); } if ((marker != NULL) && (strlen(marker) > 0)) { state->entry->cm_key_next_pubkey_info = pubkey_info; state->entry->cm_key_next_pubkey = pubkey; state->entry->cm_key_next_marker = marker; state->entry->cm_key_next_generated_date = time(NULL); state->entry->cm_key_next_requested_count = 0; } else { state->entry->cm_key_next_pubkey_info = NULL; state->entry->cm_key_next_pubkey = NULL; state->entry->cm_key_next_marker = NULL; state->entry->cm_key_next_generated_date = 0; state->entry->cm_key_pubkey_info = pubkey_info; state->entry->cm_key_pubkey = pubkey; state->entry->cm_key_generated_date = time(NULL); state->entry->cm_key_requested_count = 0; state->entry->cm_key_issued_count = 0; } } cm_subproc_done(state->subproc); } talloc_free(state); } /* Start keypair generation using parameters stored in the entry. */ struct cm_keygen_state * cm_keygen_o_start(struct cm_store_entry *entry) { struct cm_keygen_state *state; if (entry->cm_key_storage_type != cm_key_storage_file) { return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = cm_keygen_o_ready; state->pvt.get_fd = cm_keygen_o_get_fd; state->pvt.saved_keypair = cm_keygen_o_saved_keypair; state->pvt.need_perms = cm_keygen_o_need_perms; state->pvt.need_pin = cm_keygen_o_need_pin; state->pvt.need_token = cm_keygen_o_need_token; state->pvt.done = cm_keygen_o_done; state->entry = entry; state->subproc = cm_subproc_start(cm_keygen_o_main, state, NULL, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/keygen.c0000644000175000017500000000550714511314133015656 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2013 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include "keygen.h" #include "keygen-int.h" #include "log.h" #include "store-int.h" struct cm_keygen_state * cm_keygen_start(struct cm_store_entry *entry) { switch (entry->cm_key_storage_type) { case cm_key_storage_none: cm_log(1, "Can't generate key for %s('%s') without knowing " "where to store it.\n", entry->cm_busname, entry->cm_nickname); break; #ifdef HAVE_OPENSSL case cm_key_storage_file: return cm_keygen_o_start(entry); break; #endif #ifdef HAVE_NSS case cm_key_storage_nssdb: return cm_keygen_n_start(entry); break; #endif } return NULL; } /* Check if the keypair is ready. */ int cm_keygen_ready(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; return pvt->ready(state); } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_keygen_get_fd(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; return pvt->get_fd(state); } /* Tell us if the keypair was saved to the location specified in the entry. */ int cm_keygen_saved_keypair(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; return pvt->saved_keypair(state); } /* Tell us if we need filesystem permissions to write the key. */ int cm_keygen_need_perms(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; return pvt->need_perms(state); } /* Tell us if we need a PIN (or a new PIN) to access the key store. */ int cm_keygen_need_pin(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; return pvt->need_pin(state); } /* Tell us if we need a token to be inserted to access the key store. */ int cm_keygen_need_token(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; return pvt->need_token(state); } /* Clean up after key generation. */ void cm_keygen_done(struct cm_keygen_state *state) { struct cm_keygen_state_pvt *pvt = (struct cm_keygen_state_pvt *) state; pvt->done(state); } certmonger-0.79.19/src/keygen.h0000644000175000017500000000363614511314133015664 0ustar gitgit00000000000000/* * Copyright (C) 2009,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmkeygen_h #define cmkeygen_h struct cm_keygen_state; struct cm_store_entry; /* Start keypair generation using parameters stored in the entry. */ struct cm_keygen_state *cm_keygen_start(struct cm_store_entry *entry); struct cm_keygen_state *cm_keygen_n_start(struct cm_store_entry *entry); struct cm_keygen_state *cm_keygen_o_start(struct cm_store_entry *entry); /* Check if the keypair is ready. */ int cm_keygen_ready(struct cm_keygen_state *state); /* Get a selectable-for-read descriptor which will either have data or be * closed when status changes. */ int cm_keygen_get_fd(struct cm_keygen_state *state); /* Check if we need a PIN (or a new PIN) to generate a key pair. */ int cm_keygen_need_pin(struct cm_keygen_state *state); /* Check if we need the right token to be present to generate a key pair. */ int cm_keygen_need_token(struct cm_keygen_state *state); /* Tell us if the keypair was saved to the location specified in the entry. */ int cm_keygen_saved_keypair(struct cm_keygen_state *state); /* Tell us if we need filesystem permissions to write the key. */ int cm_keygen_need_perms(struct cm_keygen_state *state); /* Clean up after key generation. */ void cm_keygen_done(struct cm_keygen_state *state); #endif certmonger-0.79.19/src/keyiread-int.h0000644000175000017500000000305614511314133016763 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmkeyireadint_h #define cmkeyireadint_h struct cm_keyiread_state_pvt { /* Check if something changed, for example we finished reading the * key info. */ int (*ready)(struct cm_keyiread_state *state); /* Check if we successfully read the info. */ int (*finished_reading)(struct cm_keyiread_state *state); /* Check if we need a PIN (or a new PIN) to succeed with the task. */ int (*need_pin)(struct cm_keyiread_state *state); /* Check if we need the token to succeed with the task. */ int (*need_token)(struct cm_keyiread_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. * */ int (*get_fd)(struct cm_keyiread_state *state); /* Clean up after reading the key info. */ void (*done)(struct cm_keyiread_state *state); }; void cm_keyiread_read_data_from_buffer(struct cm_store_entry *entry, const char *p); #endif certmonger-0.79.19/src/keyiread-n.c0000644000175000017500000005032614511314133016423 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "keyiread.h" #include "keyiread-int.h" #include "keyiread-n.h" #include "log.h" #include "pin.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-n.h" #ifndef PRIVKEY_LIST_EMPTY #define PRIVKEY_LIST_EMPTY(l) PRIVKEY_LIST_END(PRIVKEY_LIST_HEAD(l), l) #endif struct cm_keyiread_state { struct cm_keyiread_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; struct cm_keyiread_n_settings { unsigned int readwrite:1; }; struct cm_keyiread_n_ctx_and_keys * cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite) { const char *token, *nickname = "(no such key)", *reason, *es; char *pin, *pubhex, *nextnick; PLArenaPool *arena; SECStatus error; NSSInitContext *ctx; PK11SlotInfo *slot; PK11SlotList *slotlist; PK11SlotListElement *sle; SECKEYPrivateKeyList *keys; SECKEYPrivateKeyListNode *knode; SECKEYPrivateKey *key, *ckey, *nextkey = NULL; SECKEYPublicKey *pubkey, *nextpubkey = NULL; CK_MECHANISM_TYPE mech; CERTCertList *certs; CERTCertListNode *cnode; CERTCertificate *cert; CERTSubjectPublicKeyInfo *spki; SECItem item; struct cm_pin_cb_data cb_data; int n_tokens, ec; struct cm_keyiread_n_ctx_and_keys *ret; /* Open the database. */ ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); if (ctx == NULL) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Unable to open NSS database '%s': %s.\n", entry->cm_key_storage_location, es); } else { cm_log(1, "Unable to open NSS database '%s'.\n", entry->cm_key_storage_location); } switch (PORT_GetError()) { case PR_NO_ACCESS_RIGHTS_ERROR: _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: _exit(CM_SUB_STATUS_ERROR_INITIALIZING); break; } } if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(0, "Error shutting down NSS.\n"); _exit(1); } ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, (readwrite ? 0 : NSS_INIT_READONLY) | NSS_INIT_NOROOTINIT); if (ctx == NULL) { cm_log(0, "Unable to initialize NSS %s.\n", entry->cm_key_storage_location); _exit(1); } reason = util_n_fips_hook(); if (reason != NULL) { cm_log(1, "Error putting NSS into FIPS mode: %s\n", reason); _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } /* Allocate a memory pool. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Out of memory opening database '%s'.\n", entry->cm_key_storage_location); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } /* Find the tokens that we might use for key storage. */ mech = 0; slotlist = PK11_GetAllTokens(mech, PR_FALSE, PR_FALSE, NULL); if (slotlist == NULL) { cm_log(1, "Error locating token to be used for key storage.\n"); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_NO_TOKEN); } /* Walk the list looking for the requested token, or look at all of * them if none specifically was requested. */ key = NULL; pin = NULL; if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading PIN for key storage.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb); if (entry->cm_key_token == NULL) { entry->cm_key_token = util_internal_token_name(entry); } n_tokens = 0; pubkey = NULL; /* In practice, the internal slot is either a non-storage slot (in * non-FIPS mode) or the database slot (in FIPS mode), and we only want * to skip over the one that can't be used to store things. */ for (sle = slotlist->head; (key == NULL) && ((sle != NULL) && (sle->slot != NULL)); sle = sle->next) { slot = sle->slot; if (PK11_IsInternal(slot) && !PK11_IsInternalKeySlot(slot)) { cm_log(3, "Skipping NSS internal slot (%s).\n", PK11_GetTokenName(slot)); goto next_slot; } /* Read the token's name. */ token = PK11_GetTokenName(slot); if (token != NULL) { cm_log(3, "Found token '%s'.\n", token); } else { cm_log(3, "Found unnamed token.\n"); } /* If this is the wrong token, move on. */ if ((entry->cm_key_token != NULL) && (strlen(entry->cm_key_token) > 0) && ((token == NULL) || (strcmp(entry->cm_key_token, token) != 0))) { if (token != NULL) { cm_log(1, "Token is named \"%s\", not \"%s\", " "skipping.\n", token, entry->cm_key_token); } else { cm_log(1, "Token is unnamed, not \"%s\", " "skipping.\n", entry->cm_key_token); } goto next_slot; } n_tokens++; /* Be ready to count our uses of a PIN. */ memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; /* If we're supposed to be using a PIN, and we're offered a * chance to set one, do it now. */ if (readwrite) { if (PK11_NeedUserInit(slot)) { if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading PIN to assign " "to storage slot, skipping.\n"); goto next_slot; } PK11_InitPin(slot, NULL, pin ? pin : ""); if (PK11_NeedUserInit(slot)) { cm_log(1, "Key storage slot still " "needs user PIN to be set.\n"); goto next_slot; } if ((pin != NULL) && (strlen(pin) > 0)) { /* We're authenticated now, so count * this as a use of the PIN. */ cb_data.n_attempts++; } } } /* Now log in, if we have to. */ if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading PIN for key storage " "token \"%s\", skipping.\n", token); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } error = PK11_Authenticate(slot, PR_TRUE, &cb_data); if (error != SECSuccess) { cm_log(1, "Error authenticating to token " "\"%s\".\n", token); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to auth to token" ", though one was provided. " "Treating this as an error.\n"); PK11_FreeSlotList(slotlist); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_AUTH); } /* Look up the "next" key. */ if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) != 0)) { nextnick = util_build_next_nickname(entry->cm_key_nickname, entry->cm_key_next_marker); keys = PK11_ListPrivKeysInSlot(slot, nextnick, NULL); if (keys != NULL) { for (knode = PRIVKEY_LIST_HEAD(keys); !PRIVKEY_LIST_EMPTY(keys) && !PRIVKEY_LIST_END(knode, keys); knode = PRIVKEY_LIST_NEXT(knode)) { nickname = PK11_GetPrivateKeyNickname(knode->key); if ((nickname != NULL) && (strcmp(nextnick, nickname) == 0)) { cm_log(3, "Located the key '%s'.\n", nextnick); nextkey = SECKEY_CopyPrivateKey(knode->key); break; } } SECKEY_DestroyPrivateKeyList(keys); } /* Try to recover a public key. */ nextpubkey = nextkey ? SECKEY_ConvertToPublicKey(nextkey) : NULL; if (pubkey != NULL) { cm_log(3, "Converted private key '%s' to public key.\n", nextnick); } } /* Walk the list of private keys in the token, looking at each * one to see if it matches the specified nickname. */ keys = PK11_ListPrivKeysInSlot(slot, entry->cm_key_nickname, NULL); if (keys != NULL) { for (knode = PRIVKEY_LIST_HEAD(keys); !PRIVKEY_LIST_EMPTY(keys) && !PRIVKEY_LIST_END(knode, keys); knode = PRIVKEY_LIST_NEXT(knode)) { nickname = PK11_GetPrivateKeyNickname(knode->key); if ((nickname != NULL) && (entry->cm_key_nickname != NULL) && (strcmp(entry->cm_key_nickname, nickname) == 0)) { cm_log(3, "Located the key '%s'.\n", nickname); key = SECKEY_CopyPrivateKey(knode->key); break; } } SECKEY_DestroyPrivateKeyList(keys); } /* Try to recover a public key. */ pubkey = key ? SECKEY_ConvertToPublicKey(key) : NULL; if (pubkey != NULL) { cm_log(3, "Converted private key '%s' to public key.\n", nickname); } /* Walk the list of certificates in the token, looking at each * one to see if it matches the specified nickname and has a * private key associated with it. */ if ((key == NULL) || (pubkey == NULL)) { certs = PK11_ListCertsInSlot(slot); } else { certs = NULL; } if (certs != NULL) { cert = NULL; for (cnode = CERT_LIST_HEAD(certs); !CERT_LIST_EMPTY(certs) && !CERT_LIST_END(cnode, certs); cnode = CERT_LIST_NEXT(cnode)) { nickname = entry->cm_key_nickname; cert = cnode->cert; es = talloc_asprintf(entry, "%s:%s", entry->cm_cert_token, entry->cm_cert_nickname); if ((nickname != NULL) && ((strcmp(cert->nickname, nickname) == 0) || (strcmp(cert->nickname, es) == 0))) { cm_log(3, "Located a certificate with " "the key's nickname (\"%s\").\n", nickname); ckey = PK11_FindPrivateKeyFromCert(slot, cert, NULL); if (ckey != NULL) { if (key == NULL) { cm_log(3, "Located " "its private " "key.\n"); key = ckey; break; } else { if ((key->pkcs11Slot == ckey->pkcs11Slot) && (key->pkcs11ID == ckey->pkcs11ID)) { cm_log(3, "Located its " "private key.\n"); SECKEY_DestroyPrivateKey(ckey); break; } } } cm_log(3, "But we didn't find " "its private key.\n"); } cert = NULL; } /* If we don't have the public key, try to extract it * from the private key. */ if ((pubkey == NULL) && (key != NULL)) { pubkey = SECKEY_ConvertToPublicKey(key); if (pubkey != NULL) { cm_log(3, "Recovered public key " "from private key.\n"); } } /* If we don't have the public key, try to extract it * from the certificate. */ if ((pubkey == NULL) && (cert != NULL)) { spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&cert->derPublicKey); if (spki != NULL) { pubkey = SECKEY_ExtractPublicKey(spki); SECKEY_DestroySubjectPublicKeyInfo(spki); if (pubkey != NULL) { cm_log(3, "Recovered public key " "from certificate.\n"); } } } CERT_DestroyCertList(certs); } /* If we don't have the public key, try to use a cached copy of * it. */ if ((pubkey == NULL) && (entry->cm_key_pubkey_info != NULL)) { memset(&item, 0, sizeof(item)); pubhex = entry->cm_key_pubkey_info; item.len = strlen(pubhex) / 2; item.data = malloc(item.len); if (item.data != NULL) { item.len = cm_store_hex_to_bin(pubhex, item.data, item.len); spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&item); if (spki != NULL) { pubkey = SECKEY_ExtractPublicKey(spki); SECKEY_DestroySubjectPublicKeyInfo(spki); } } if (pubkey != NULL) { cm_log(3, "Using cached public key.\n"); } } next_slot: /* If this was the last token, stop walking. */ if (sle == slotlist->tail) { break; } } PK11_FreeSlotList(slotlist); if ((key == NULL) || ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) != 0) && (nextkey == NULL))) { cm_log(1, "Error locating a key.\n"); error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } PORT_FreeArena(arena, PR_TRUE); ret = NULL; } else { ret = PORT_ArenaZAlloc(arena, sizeof(*ret)); if (ret == NULL) { cm_log(1, "Out of memory searching database '%s'.\n", entry->cm_key_storage_location); if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } PORT_FreeArena(arena, PR_TRUE); _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } ret->arena = arena; ret->ctx = ctx; ret->privkey = key; ret->pubkey = pubkey; ret->privkey_next = nextkey; ret->pubkey_next = nextpubkey; } if ((n_tokens == 0) && (entry->cm_key_token != NULL) && (strlen(entry->cm_key_token) > 0)) { _exit(CM_SUB_STATUS_ERROR_NO_TOKEN); } return ret; } static int cm_keyiread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_keyiread_n_ctx_and_keys *keys; CERTSubjectPublicKeyInfo *spki; PK11SlotInfo *slot; const char *alg, *name; SECItem *info; char *pubhex, *pubihex; int status = 1, size, readwrite; FILE *fp; struct cm_keyiread_n_settings *settings; /* Open the status descriptor for stdio. */ fp = fdopen(fd, "w"); if (fp == NULL) { cm_log(1, "Unable to initialize I/O.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* Read the key. */ settings = userdata; readwrite = settings->readwrite; keys = cm_keyiread_n_get_keys(entry, readwrite); alg = ""; if (keys != NULL) { switch (SECKEY_GetPrivateKeyType(keys->privkey)) { case rsaKey: cm_log(3, "Key is an RSA key.\n"); alg = "RSA"; break; case dsaKey: cm_log(3, "Key is a DSA key.\n"); alg = "DSA"; break; case ecKey: cm_log(3, "Key is an EC key.\n"); alg = "EC"; break; case nullKey: default: cm_log(3, "Key is of an unknown type.\n"); break; } slot = PK11_GetSlotFromPrivateKey(keys->privkey); if (slot != NULL) { name = PK11_GetTokenName(slot); if ((name != NULL) && (strlen(name) == 0)) { name = NULL; } else { name = talloc_strdup(entry, name); } PK11_FreeSlot(slot); } else { name = NULL; } if (strlen(alg) > 0) { if (keys->pubkey != NULL) { size = SECKEY_PublicKeyStrengthInBits(keys->pubkey); cm_log(3, "Key size is %d.\n", size); info = SECKEY_EncodeDERSubjectPublicKeyInfo(keys->pubkey); pubihex = cm_store_hex_from_bin(NULL, info->data, info->len); spki = SECKEY_DecodeDERSubjectPublicKeyInfo(info); pubhex = cm_store_hex_from_bin(NULL, spki->subjectPublicKey.data, howmany(spki->subjectPublicKey.len, 8)); fprintf(fp, "%s/%d/%s/%s%s%s\n", alg, size, pubihex, pubhex, (name != NULL ? "/" : ""), (name != NULL ? name : "")); status = 0; SECITEM_FreeItem(info, PR_TRUE); } else { cm_log(1, "Error reading public key.\n"); } } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) != 0)) { if ((keys->privkey_next == NULL) || (keys->pubkey_next == NULL)) { cm_log(1, "Error reading next key.\n"); fprintf(fp, "\n"); } else { switch (SECKEY_GetPrivateKeyType(keys->privkey_next)) { case rsaKey: cm_log(3, "Next key is an RSA key.\n"); alg = "RSA"; break; case dsaKey: cm_log(3, "Next key is a DSA key.\n"); alg = "DSA"; break; case ecKey: cm_log(3, "Next key is an EC key.\n"); alg = "EC"; break; case nullKey: default: cm_log(3, "Next key is of an unknown type.\n"); break; } size = SECKEY_PublicKeyStrengthInBits(keys->pubkey_next); cm_log(3, "Next key size is %d.\n", size); info = SECKEY_EncodeDERSubjectPublicKeyInfo(keys->pubkey_next); pubihex = cm_store_hex_from_bin(NULL, info->data, info->len); spki = SECKEY_DecodeDERSubjectPublicKeyInfo(info); pubhex = cm_store_hex_from_bin(NULL, spki->subjectPublicKey.data, howmany(spki->subjectPublicKey.len, 8)); fprintf(fp, "%s/%d/%s/%s\n", alg, size, pubihex, pubhex); status = 0; SECITEM_FreeItem(info, PR_TRUE); } } if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } SECKEY_DestroyPrivateKey(keys->privkey); if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } } fclose(fp); if (keys != NULL) { if (NSS_ShutdownContext(keys->ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } PORT_FreeArena(keys->arena, PR_TRUE); } if (status != 0) { _exit(status); } return 0; } /* Check if something changed, for example we finished reading the data we need * from the key data. */ static int cm_keyiread_n_ready(struct cm_keyiread_state *state) { return cm_subproc_ready(state->subproc); } /* Check if we were able to successfully read the key information. */ static int cm_keyiread_n_finished_reading(struct cm_keyiread_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == 0)) { return 0; } return -1; } /* Check if we need a PIN (or a new PIN) to access the key information. */ static int cm_keyiread_n_need_pin(struct cm_keyiread_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to access the key information. */ static int cm_keyiread_n_need_token(struct cm_keyiread_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_keyiread_n_get_fd(struct cm_keyiread_state *state) { return cm_subproc_get_fd(state->subproc); } /* Clean up after reading the key info. */ static void cm_keyiread_n_done(struct cm_keyiread_state *state) { if (state->subproc != NULL) { cm_keyiread_read_data_from_buffer(state->entry, cm_subproc_get_msg(state->subproc, NULL)); cm_subproc_done(state->subproc); } talloc_free(state); } /* Start reading the key info from the configured location. */ struct cm_keyiread_state * cm_keyiread_n_start(struct cm_store_entry *entry) { struct cm_keyiread_state *state; struct cm_keyiread_n_settings settings = { .readwrite = 0, }; if (entry->cm_key_storage_type != cm_key_storage_nssdb) { cm_log(1, "Wrong read method: can only read keys " "from an NSS database.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.finished_reading = cm_keyiread_n_finished_reading; state->pvt.need_pin = cm_keyiread_n_need_pin; state->pvt.need_token = cm_keyiread_n_need_token; state->pvt.ready = cm_keyiread_n_ready; state->pvt.get_fd= cm_keyiread_n_get_fd; state->pvt.done= cm_keyiread_n_done; state->entry = entry; state->subproc = cm_subproc_start(cm_keyiread_n_main, state, NULL, entry, &settings); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/keyiread-n.h0000644000175000017500000000205214511314133016421 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmkeyireadn_h #define cmkeyireadn_h struct cm_keyiread_n_ctx_and_keys { PLArenaPool *arena; /* owns this structure */ NSSInitContext *ctx; SECKEYPrivateKey *privkey, *privkey_next; SECKEYPublicKey *pubkey, *pubkey_next; }; struct cm_keyiread_n_ctx_and_keys *cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite); #endif certmonger-0.79.19/src/keyiread-o.c0000644000175000017500000002171114511314133016420 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "keyiread.h" #include "keyiread-int.h" #include "log.h" #include "pin.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "util-o.h" struct cm_keyiread_state { struct cm_keyiread_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; static int cm_keyiread_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_pin_cb_data cb_data; FILE *pem, *fp; EVP_PKEY *pkey, *nextpkey = NULL; int status; char buf[LINE_MAX]; const char *alg; int bits, length; long error; char *pin, *pubkey, *pubikey, *nextfile; unsigned char *tmp; util_o_init(); ERR_load_crypto_strings(); status = CM_SUB_STATUS_INTERNAL_ERROR; fp = fdopen(fd, "w"); if (fp == NULL) { cm_log(1, "Unable to initialize I/O.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } pem = fopen(entry->cm_key_storage_location, "r"); if (pem != NULL) { if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(1, "Error reading key encryption PIN.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; pkey = PEM_read_PrivateKey(pem, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); if (pkey == NULL) { cm_log(1, "Internal error reading key from \"%s\".\n", entry->cm_key_storage_location); status = CM_SUB_STATUS_ERROR_AUTH; /* XXX */ } else { if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to read private " "key '%s', though one was provided. " "Treating this as an error.\n", entry->cm_key_storage_location); status = CM_SUB_STATUS_ERROR_AUTH; /* XXX */ } else { status = 0; } } fclose(pem); if ((status == 0) && (entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { nextfile = util_build_next_filename(entry->cm_key_storage_location, entry->cm_key_next_marker); pem = fopen(nextfile, "r"); if (pem != NULL) { nextpkey = PEM_read_PrivateKey(pem, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); if (nextpkey == NULL) { cm_log(1, "Internal error reading key from \"%s\".\n", nextfile); status = CM_SUB_STATUS_ERROR_AUTH; /* XXX */ } else { if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(1, "PIN was not needed to read private " "key '%s', though one was provided. " "Treating this as an error.\n", nextfile); status = CM_SUB_STATUS_ERROR_AUTH; /* XXX */ } } fclose(pem); } else { cm_log(1, "Error opening key file '%s' " "for reading: %s.\n", nextfile, strerror(errno)); nextpkey = NULL; } free(nextfile); } } else { if (errno != ENOENT) { cm_log(1, "Error opening key file '%s' " "for reading: %s.\n", entry->cm_key_storage_location, strerror(errno)); } pkey = NULL; } if (status == 0) { alg = ""; bits = 0; pubkey = ""; pubikey = ""; if (pkey != NULL) { switch (util_EVP_PKEY_base_id(pkey)) { case EVP_PKEY_RSA: cm_log(3, "Key is an RSA key.\n"); alg = "RSA"; break; #ifdef CM_ENABLE_DSA case EVP_PKEY_DSA: cm_log(3, "Key is a DSA key.\n"); alg = "DSA"; break; #endif #ifdef CM_ENABLE_EC case EVP_PKEY_EC: cm_log(3, "Key is an EC key.\n"); alg = "EC"; break; #endif default: cm_log(3, "Key is for an unknown algorithm.\n"); alg = ""; break; } bits = EVP_PKEY_bits(pkey); cm_log(3, "Key size is %d.\n", bits); tmp = NULL; length = i2d_PUBKEY(pkey, (unsigned char **) &tmp); if (length > 0) { pubikey = cm_store_hex_from_bin(NULL, tmp, length); } tmp = NULL; length = i2d_PublicKey(pkey, NULL); if (length > 0) { tmp = malloc(length); if (tmp != NULL) { length = i2d_PublicKey(pkey, (unsigned char **) &tmp); pubkey = cm_store_hex_from_bin(NULL, tmp, length); } } } fprintf(fp, "%s/%d/%s/%s\n", alg, bits, pubikey, pubkey); if (nextpkey != NULL) { switch (util_EVP_PKEY_base_id(nextpkey)) { case EVP_PKEY_RSA: cm_log(3, "Next key is an RSA key.\n"); alg = "RSA"; break; #ifdef CM_ENABLE_DSA case EVP_PKEY_DSA: cm_log(3, "Next key is a DSA key.\n"); alg = "DSA"; break; #endif #ifdef CM_ENABLE_EC case EVP_PKEY_EC: cm_log(3, "Next key is an EC key.\n"); alg = "EC"; break; #endif default: cm_log(3, "Next key is for an unknown algorithm.\n"); alg = ""; break; } bits = EVP_PKEY_bits(nextpkey); cm_log(3, "Next key size is %d.\n", bits); tmp = NULL; length = i2d_PUBKEY(nextpkey, (unsigned char **) &tmp); if (length > 0) { pubikey = cm_store_hex_from_bin(NULL, tmp, length); } tmp = NULL; length = i2d_PublicKey(nextpkey, NULL); if (length > 0) { tmp = malloc(length); if (tmp != NULL) { length = i2d_PublicKey(nextpkey, (unsigned char **) &tmp); pubkey = cm_store_hex_from_bin(NULL, tmp, length); } } fprintf(fp, "%s/%d/%s/%s\n", alg, bits, pubikey, pubkey); } else { fprintf(fp, "\n"); } status = 0; } else { while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } } fclose(fp); if (status != 0) { _exit(status); } return 0; } /* Check if we were able to successfully read the key information. */ static int cm_keyiread_o_finished_reading(struct cm_keyiread_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == 0)) { return 0; } return -1; } /* Check if we need a PIN (or a new PIN) to access the key information. */ static int cm_keyiread_o_need_pin(struct cm_keyiread_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to access the key information. */ static int cm_keyiread_o_need_token(struct cm_keyiread_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Check if something changed, for example we finished reading the data we need * from the key file. */ static int cm_keyiread_o_ready(struct cm_keyiread_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_keyiread_o_get_fd(struct cm_keyiread_state *state) { return cm_subproc_get_fd(state->subproc); } /* Clean up after reading the key. */ static void cm_keyiread_o_done(struct cm_keyiread_state *state) { if (state->subproc != NULL) { cm_keyiread_read_data_from_buffer(state->entry, cm_subproc_get_msg(state->subproc, NULL)); cm_subproc_done(state->subproc); } talloc_free(state); } /* Start reading the key from the configured location. */ struct cm_keyiread_state * cm_keyiread_o_start(struct cm_store_entry *entry) { struct cm_keyiread_state *state; if (entry->cm_key_storage_type != cm_key_storage_file) { cm_log(1, "Wrong read method: can only read keys " "from a file.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.finished_reading = cm_keyiread_o_finished_reading; state->pvt.need_pin = cm_keyiread_o_need_pin; state->pvt.need_token = cm_keyiread_o_need_token; state->pvt.ready = cm_keyiread_o_ready; state->pvt.get_fd= cm_keyiread_o_get_fd; state->pvt.done= cm_keyiread_o_done; state->entry = entry; state->subproc = cm_subproc_start(cm_keyiread_o_main, state, NULL, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/keyiread.c0000644000175000017500000001346114511314133016167 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include "keyiread.h" #include "keyiread-int.h" #include "log.h" #include "store-int.h" /* Start refreshing the key info from the entry from the configured location. */ struct cm_keyiread_state * cm_keyiread_start(struct cm_store_entry *entry) { switch (entry->cm_key_storage_type) { case cm_key_storage_none: break; #ifdef HAVE_OPENSSL case cm_key_storage_file: if (entry->cm_key_storage_location != NULL) { return cm_keyiread_o_start(entry); } else { return NULL; } break; #endif #ifdef HAVE_NSS case cm_key_storage_nssdb: if ((entry->cm_key_storage_location != NULL) && (entry->cm_key_nickname != NULL)) { return cm_keyiread_n_start(entry); } else { return NULL; } break; #endif } return NULL; } /* Check if something changed, for example we finished reading the key info. */ int cm_keyiread_ready(struct cm_keyiread_state *state) { struct cm_keyiread_state_pvt *pvt; pvt = (struct cm_keyiread_state_pvt *) state; return pvt->ready(state); } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_keyiread_get_fd(struct cm_keyiread_state *state) { struct cm_keyiread_state_pvt *pvt; pvt = (struct cm_keyiread_state_pvt *) state; return pvt->get_fd(state); } /* Check if we finished reading the key information. */ int cm_keyiread_finished_reading(struct cm_keyiread_state *state) { struct cm_keyiread_state_pvt *pvt; pvt = (struct cm_keyiread_state_pvt *) state; return pvt->finished_reading(state); } /* Check if we need a PIN (or a new PIN) in order to access the key info. */ int cm_keyiread_need_pin(struct cm_keyiread_state *state) { struct cm_keyiread_state_pvt *pvt; pvt = (struct cm_keyiread_state_pvt *) state; return pvt->need_pin(state); } /* Check if we need a token to be present in order to access the key info. */ int cm_keyiread_need_token(struct cm_keyiread_state *state) { struct cm_keyiread_state_pvt *pvt; pvt = (struct cm_keyiread_state_pvt *) state; return pvt->need_token(state); } /* Clean up after reading the key info. */ void cm_keyiread_done(struct cm_keyiread_state *state) { struct cm_keyiread_state_pvt *pvt; pvt = (struct cm_keyiread_state_pvt *) state; pvt->done(state); } /* Parse what we know about this key from a buffer. */ void cm_keyiread_read_data_from_buffer(struct cm_store_entry *entry, const char *p) { const char *q; int size = 0; enum cm_key_algorithm alg; /* Break out the algorithm. */ q = p + strcspn(p, "/"); if (((q - p) == strlen("RSA")) && (strncasecmp(p, "RSA", 3) == 0)) { alg = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (((q - p) == strlen("DSA")) && (strncasecmp(p, "DSA", 3) == 0)) { alg = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if (((q - p) == strlen("EC")) && (strncasecmp(p, "EC", 2) == 0)) { alg = cm_key_ecdsa; #endif } else { alg = cm_key_unspecified; } if (alg != cm_key_unspecified) { p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { size = atoi(p); if (size > 0) { entry->cm_key_type.cm_key_algorithm = alg; entry->cm_key_type.cm_key_size = size; if (entry->cm_key_type.cm_key_gen_algorithm == 0) { entry->cm_key_type.cm_key_gen_algorithm = alg; entry->cm_key_type.cm_key_gen_size = size; } } p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { talloc_free(entry->cm_key_pubkey_info); entry->cm_key_pubkey_info = talloc_strndup(entry, p, q - p); } p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { talloc_free(entry->cm_key_pubkey); entry->cm_key_pubkey = talloc_strndup(entry, p, q - p); } talloc_free(entry->cm_key_token); entry->cm_key_token = NULL; if (strchr("\r\n", *q) == NULL) { p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { entry->cm_key_token = talloc_strndup(entry, p, q - p); } } } } /* Break out the algorithm. */ p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (((q - p) == strlen("RSA")) && (strncasecmp(p, "RSA", 3) == 0)) { alg = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (((q - p) == strlen("DSA")) && (strncasecmp(p, "DSA", 3) == 0)) { alg = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if (((q - p) == strlen("EC")) && (strncasecmp(p, "EC", 2) == 0)) { alg = cm_key_ecdsa; #endif } else { alg = cm_key_unspecified; } if (alg != cm_key_unspecified) { p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { size = atoi(p); if (size > 0) { entry->cm_key_next_type.cm_key_algorithm = alg; entry->cm_key_next_type.cm_key_size = size; } p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { talloc_free(entry->cm_key_next_pubkey_info); entry->cm_key_next_pubkey_info = talloc_strndup(entry, p, q - p); } p = q + strspn(q, "/\r\n"); q = p + strcspn(p, "/\r\n"); if (p != q) { talloc_free(entry->cm_key_next_pubkey); entry->cm_key_next_pubkey = talloc_strndup(entry, p, q - p); } } } } certmonger-0.79.19/src/keyiread.h0000644000175000017500000000354314511314133016174 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmkeyiread_h #define cmkeyiread_h struct cm_keyiread_state; struct cm_store_entry; /* Check if we have a key in the designated location, and report the algorithm * and key size. */ struct cm_keyiread_state *cm_keyiread_start(struct cm_store_entry *entry); struct cm_keyiread_state *cm_keyiread_n_start(struct cm_store_entry *entry); struct cm_keyiread_state *cm_keyiread_o_start(struct cm_store_entry *entry); /* Check if something changed, for example we finished reading the key info. */ int cm_keyiread_ready(struct cm_keyiread_state *state); /* Check if we were able to read the information. */ int cm_keyiread_finished_reading(struct cm_keyiread_state *state); /* Check if we need to supply a PIN (or a new PIN) to try again. */ int cm_keyiread_need_pin(struct cm_keyiread_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_keyiread_get_fd(struct cm_keyiread_state *state); /* Check if we need the token to be reinserted to read information about the * key. */ int cm_keyiread_need_token(struct cm_keyiread_state *state); /* Clean up after reading the key info. */ void cm_keyiread_done(struct cm_keyiread_state *state); #endif certmonger-0.79.19/src/kudict.c0000644000175000017500000000327414511314133015656 0ustar gitgit00000000000000/* * Copyright (C) 2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include "kudict.h" static struct { int bit; const char *name; } key_usage_dict[] = { { .bit = 0, .name = "digitalSignature" }, { .bit = 1, .name = "nonRepudiation" }, { .bit = 1, .name = "contentCommitment" }, /* an alias */ { .bit = 2, .name = "keyEncipherment" }, { .bit = 3, .name = "dataEncipherment" }, { .bit = 4, .name = "keyAgreement" }, { .bit = 5, .name = "keyCertSign" }, { .bit = 6, .name = "cRLSign" }, { .bit = 7, .name = "encipherOnly" }, { .bit = 8, .name = "decipherOnly" }, }; int cm_ku_n_names(void) { return (int) (sizeof(key_usage_dict) / sizeof(key_usage_dict[0])); } const char * cm_ku_to_name(int bit) { int i; for (i = 0; i < cm_ku_n_names(); i++) { if (bit == key_usage_dict[i].bit) { return key_usage_dict[i].name; } } return NULL; } int cm_ku_from_name(const char *name) { int i; for (i = 0; i < cm_ku_n_names(); i++) { if (strcasecmp(name, key_usage_dict[i].name) == 0) { return key_usage_dict[i].bit; } } return -1; } certmonger-0.79.19/src/kudict.h0000644000175000017500000000151114511314133015653 0ustar gitgit00000000000000/* * Copyright (C) 2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmkudict_h #define cmkudict_h const char *cm_ku_to_name(int bit); int cm_ku_n_names(void); int cm_ku_from_name(const char *name); #endif certmonger-0.79.19/src/local-getcert.1.in0000644000175000017500000000430314511314133017435 0ustar gitgit00000000000000.TH CERTMONGER 1 "June 7, 2014" "certmonger Manual" .SH NAME local\-getcert .SH SYNOPSIS local\-getcert request [options] local\-getcert resubmit [options] local\-getcert start\-tracking [options] local\-getcert status [options] local\-getcert stop\-tracking [options] local\-getcert list [options] local\-getcert list\-cas [options] local\-getcert refresh\-cas [options] .SH DESCRIPTION The \fIlocal\-getcert\fR tool issues requests to a @CM_DBUS_NAME@ service on behalf of the invoking user. It can ask the service to begin enrollment, optionally generating a key pair to use, it can ask the service to begin monitoring a certificate in a specified location for expiration, and optionally to refresh it when expiration nears, it can list the set of certificates that the service is already monitoring, or it can list the set of CAs that the service is capable of using. If no command is given as the first command\-line argument, \fIlocal\-getcert\fR will print short usage information for each of its functions. The \fIlocal\-getcert\fR tool behaves identically to the generic \fIgetcert\fR tool when it is used with the \fB\-c \fIlocal\fR option. \fBcertmonger\fR supports retrieving the list of current and previously\-used local CA certificates. See \fBgetcert\-request\fR(1) and \fBgetcert\-resubmit\fR(1) for information about using the \fB\-F\fR and \fB\-a\fR options to specify where those certificates should be stored. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/local-getcert.c0000644000175000017500000000011314511314133017105 0ustar gitgit00000000000000#include "config.h" #define FORCE_CA CM_LOCAL_CA_NAME #include "getcert.c" certmonger-0.79.19/src/local.c0000644000175000017500000004310514511314133015462 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "env.h" #include "log.h" #include "prefs.h" #include "prefs-o.h" #include "store.h" #include "submit-e.h" #include "submit-o.h" #include "submit-u.h" #include "util.h" #include "util-o.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif #define CONSTANTCN "Local Signing Authority" static unsigned char uuid[16]; static void set_ca_extensions(void *parent, X509_REQ *req, EVP_PKEY *key) { STACK_OF(X509_EXTENSION) *exts; BASIC_CONSTRAINTS basic; AUTHORITY_KEYID akid; ASN1_OCTET_STRING *skid; ASN1_BIT_STRING *ku; unsigned char *p, *q, md[CM_DIGEST_MAX]; unsigned int mdlen; long len; exts = sk_X509_EXTENSION_new(NULL); memset(&basic, 0, sizeof(basic)); basic.ca = 255; // set all bits for TRUE X509V3_add1_i2d(&exts, NID_basic_constraints, &basic, TRUE, 0); len = i2d_PUBKEY(key, NULL); p = malloc(len); q = p; len = i2d_PUBKEY(key, &q); if (EVP_Digest(p, len, md, &mdlen, EVP_sha1(), NULL)) { skid = util_ASN1_OCTET_STRING_new(); util_ASN1_OCTET_STRING_set(skid, md, mdlen); memset(&akid, 0, sizeof(akid)); akid.keyid = skid; X509V3_add1_i2d(&exts, NID_subject_key_identifier, skid, 0, 0); X509V3_add1_i2d(&exts, NID_authority_key_identifier, &akid, 0, 0); } ku = util_ASN1_BIT_STRING_new(); ASN1_BIT_STRING_set_bit(ku, 0, 1); ASN1_BIT_STRING_set_bit(ku, 5, 1); ASN1_BIT_STRING_set_bit(ku, 6, 1); X509V3_add1_i2d(&exts, NID_key_usage, ku, TRUE, 0); X509_REQ_add_extensions(req, exts); } static char * make_ca_csr(void *parent, EVP_PKEY *key, X509 *oldcert) { X509_REQ *req; X509_NAME *subject; BIO *bio; char *cn, *ret = NULL; unsigned char *bmp; unsigned int bmplen; long len; req = X509_REQ_new(); if (req != NULL) { if ((oldcert != NULL) && (X509_get_subject_name(oldcert) != NULL)) { X509_REQ_set_subject_name(req, X509_get_subject_name(oldcert)); } else { subject = X509_NAME_new(); if (subject != NULL) { X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_UTF8, (unsigned char *) CONSTANTCN, strlen(CONSTANTCN), -1, 0); cn = talloc_asprintf(parent, "%.02x%.02x%.02x%.02x-" "%.02x%.02x%.02x%.02x-" "%.02x%.02x%.02x%.02x-" "%.02x%.02x%.02x%.02x", (unsigned char) uuid[0], (unsigned char) uuid[1], (unsigned char) uuid[2], (unsigned char) uuid[3], (unsigned char) uuid[4], (unsigned char) uuid[5], (unsigned char) uuid[6], (unsigned char) uuid[7], (unsigned char) uuid[8], (unsigned char) uuid[9], (unsigned char) uuid[10], (unsigned char) uuid[11], (unsigned char) uuid[12], (unsigned char) uuid[13], (unsigned char) uuid[14], (unsigned char) uuid[15]); X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_UTF8, (unsigned char *) cn, strlen(cn), -1, 0); X509_REQ_set_subject_name(req, subject); } } X509_REQ_set_pubkey(req, key); set_ca_extensions(parent, req, key); if (cm_store_utf8_to_bmp_string(CONSTANTCN, &bmp, &bmplen) == 0) { X509_REQ_add1_attr_by_NID(req, NID_friendlyName, V_ASN1_BMPSTRING, bmp, bmplen); free(bmp); } X509_REQ_sign(req, key, cm_prefs_ossl_hash()); bio = BIO_new(BIO_s_mem()); if (PEM_write_bio_X509_REQ(bio, req)) { len = BIO_get_mem_data(bio, &ret); if (ret != NULL) { ret = talloc_strndup(parent, ret, len); cm_log(3, "New CA signing request \"%s\".\n", ret); } } else { cm_log(1, "Error encoding CA signing request.\n"); } } return ret; } static int get_signer_info(void *parent, char *localdir, X509 ***roots, X509 **signer_cert, EVP_PKEY **signer_key) { FILE *fp; char *creds, *hexserial = NULL, *serial, buf[LINE_MAX], *csr; STACK_OF(X509) *cas = NULL; PKCS12 *p12 = NULL; BIGNUM *exponent = NULL; RSA *rsa; dbus_bool_t save = FALSE; time_t now, then, life, lifedelta; int i; *roots = NULL; *signer_cert = NULL; *signer_key = NULL; /* Read our signer creds. */ creds = talloc_asprintf(parent, "%s/%s", localdir, "creds"); fp = fopen(creds, "r"); if ((fp == NULL) && (errno != ENOENT)) { cm_log(1, "Error reading '%s': %s.\n", creds, strerror(errno)); return CM_SUBMIT_STATUS_UNREACHABLE; } if (fp != NULL) { p12 = d2i_PKCS12_fp(fp, NULL); if (p12 == NULL) { cm_log(0, "Bad data in '%s'.\n", creds); } fclose(fp); } else { p12 = NULL; save = TRUE; } if ((p12 != NULL) && !PKCS12_parse(p12, "", signer_key, signer_cert, &cas)) { cm_log(1, "Trouble parsing signer data.\n"); save = TRUE; } /* Read the desired lifetime. */ now = time(NULL); if (cm_submit_u_delta_from_string(cm_prefs_local_validity_period(), now, &lifedelta) == 0) { life = lifedelta; } else { if (cm_submit_u_delta_from_string(CM_DEFAULT_CERT_LIFETIME, now, &lifedelta) == 0) { life = lifedelta; } else { life = 365 * 24 * 60 * 60; } } /* If we already have a signer certificate, check how much time it has * left. */ if (*signer_cert != NULL) { if (cas == NULL) { cas = sk_X509_new(util_o_cert_cmp); if (cas == NULL) { cm_log(1, "Out of memory.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } } then = now + (life / 2); if ((X509_cmp_time(X509_get_notBefore(*signer_cert), &now) > 0) || (X509_cmp_time(X509_get_notAfter(*signer_cert), &then) < 0)) { cm_log(1, "CA certificate needs to be replaced.\n"); sk_X509_push(cas, *signer_cert); *signer_key = NULL; } } else { cm_log(1, "CA certificate needs to be generated.\n"); } /* If we need to generate or replace either, do both. */ if ((*signer_key == NULL) || (*signer_cert == NULL)) { /* Read the next-to-be-used serial number. */ serial = talloc_asprintf(parent, "%s/%s", localdir, "/serial"); fp = fopen(serial, "r"); if ((fp == NULL) && (errno != ENOENT)) { cm_log(1, "Error reading '%s': %s.\n", serial, strerror(errno)); return CM_SUBMIT_STATUS_UNREACHABLE; } if (fp != NULL) { if (fgets(buf, sizeof(buf), fp) == NULL) { cm_log(0, "Bad data in '%s'.\n", serial); } else { buf[strcspn(buf, "\r\n")] = '\0'; hexserial = talloc_strdup(parent, buf); cm_log(1, "Read serial number '%s'.\n", hexserial); } fclose(fp); } if (hexserial == NULL) { hexserial = cm_store_hex_from_bin(parent, uuid, sizeof(uuid)); if (strchr("89abcdefABCDEF", hexserial[0]) != NULL) { hexserial = talloc_asprintf(parent, "00%s", hexserial); } cm_log(3, "Using serial number '%s'.\n", hexserial); } /* Generate a new key. For now at least, generate RSA of the * default size with the default exponent. */ exponent = BN_new(); if (exponent == NULL) { cm_log(1, "Error setting up exponent.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } BN_set_word(exponent, CM_DEFAULT_RSA_EXPONENT); rsa = RSA_new(); if (rsa == NULL) { cm_log(1, "Error allocating new RSA key.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } retry_gen: if (RSA_generate_key_ex(rsa, CM_DEFAULT_PUBKEY_SIZE, exponent, NULL) != 1) { cm_log(1, "Error generating key.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } if (RSA_check_key(rsa) != 1) { /* should be unnecessary */ cm_log(1, "Key fails checks. Retrying.\n"); goto retry_gen; } *signer_key = EVP_PKEY_new(); EVP_PKEY_set1_RSA(*signer_key, rsa); /* Build a suitable CA signing request. */ csr = make_ca_csr(parent, *signer_key, *signer_cert); if (csr == NULL) { cm_log(1, "Error generating CA signing request.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } /* Sign it. */ if (cm_submit_o_sign(parent, csr, NULL, *signer_key, hexserial, time(NULL), life, signer_cert) == 0) { save = TRUE; } else { *signer_key = NULL; *signer_cert = NULL; save = FALSE; } } /* Save our signer creds. */ if (save) { /* Roll the serial number up. */ hexserial = cm_store_increment_serial(parent, hexserial); if (hexserial == NULL) { cm_log(1, "Error incrementing serial number.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } /* Save the next serial number. */ serial = talloc_asprintf(parent, "%s/%s", localdir, "/serial"); fp = fopen(serial, "w"); if (fp == NULL) { cm_log(1, "Error writing '%s': %s.\n", serial, strerror(errno)); return CM_SUBMIT_STATUS_UNREACHABLE; } fprintf(fp, "%s\n", hexserial); if (ferror(fp)) { cm_log(1, "Error writing '%s': %s.\n", serial, strerror(errno)); fclose(fp); return CM_SUBMIT_STATUS_UNREACHABLE; } fclose(fp); cm_log(3, "Wrote serial number '%s'.\n", hexserial); /* Save the new creds. */ fp = fopen(creds, "w"); if (fp == NULL) { cm_log(1, "Error preparing to write '%s': %s.\n", creds, strerror(errno)); return CM_SUBMIT_STATUS_UNREACHABLE; } p12 = PKCS12_create(NULL, CONSTANTCN, *signer_key, *signer_cert, cas, NID_aes_128_cbc, NID_aes_128_cbc, 0, 0, 0); if (p12 != NULL) { if (!i2d_PKCS12_fp(fp, p12)) { fclose(fp); cm_log(1, "Error writing PKCS12 bundle'.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } } else { cm_log(1, "Error creating PKCS12 bundle'.\n"); } fclose(fp); } if (cas != NULL) { *roots = talloc_array_ptrtype(parent, *roots, sk_X509_num(cas) + 1); if (*roots != NULL) { for (i = 0; i < sk_X509_num(cas); i++) { (*roots)[i] = sk_X509_value(cas, i); } (*roots)[i] = NULL; } } return CM_SUBMIT_STATUS_ISSUED; } static int local_lock(void *parent, const char *localdir) { char *lockfile; int lfd; lockfile = talloc_asprintf(parent, "%s/lock", localdir); cm_log(2, "Obtaining data lock.\n"); lfd = open(lockfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (lfd == -1) { fprintf(stderr, "Error opening lockfile \"%s\": %s\n", lockfile, strerror(errno)); exit(CM_SUBMIT_STATUS_UNREACHABLE); } if (lockf(lfd, F_LOCK, 0) != 0) { fprintf(stderr, "Error locking lockfile \"%s\": %s\n", lockfile, strerror(errno)); close(lfd); exit(CM_SUBMIT_STATUS_UNREACHABLE); } return lfd; } int main(int argc, const char **argv) { int i, c, verbose = 0, lfd = -1; void *parent; const char *mode = CM_OP_SUBMIT, *csrfile; char *csr, *localdir = NULL, *hexserial = NULL, *serial, buf[LINE_MAX]; FILE *fp; X509 **roots = NULL, *signer = NULL, *cert = NULL; EVP_PKEY *key = NULL; time_t now; poptContext pctx; const struct poptOption popts[] = { {"ca-data-directory", 'd', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &localdir, 0, "storage location for the CA's data", "DIRECTORY"}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); #endif if (getenv(CM_SUBMIT_OPERATION_ENV) != NULL) { mode = getenv(CM_SUBMIT_OPERATION_ENV); } if (strcasecmp(mode, CM_OP_IDENTIFY) == 0) { printf("%s (%s %s)\n", CONSTANTCN, PACKAGE_NAME, PACKAGE_VERSION); return 0; } else if (strcasecmp(mode, CM_OP_FETCH_ENROLL_REQUIREMENTS) == 0) { return 0; } else if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) { /* fall through */ } else if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0)) { /* fall through */ } else { /* unsupported request */ return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } localdir = getenv(CM_STORE_LOCAL_CA_DIRECTORY_ENV); if (localdir == NULL) { localdir = cm_env_local_ca_dir(); } pctx = poptGetContext(argv[0], argc, argv, popts, 0); if (pctx == NULL) { return CM_SUBMIT_STATUS_UNCONFIGURED; } poptSetOtherOptionHelp(pctx, "[options...] [csrfile]"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'v': verbose++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } umask(S_IRWXG | S_IRWXO); if (isatty(STDERR_FILENO)) cm_log_set_method(cm_log_stderr); else cm_log_set_method(cm_log_syslog); cm_log_set_level(verbose); if (localdir == NULL) { poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } csr = NULL; parent = talloc_init(CONSTANTCN); util_o_init(); #ifdef HAVE_UUID if (cm_submit_uuid_new(uuid) == 0) { /* we're good */ } else #endif if (!RAND_bytes(uuid, sizeof(uuid))) { /* Try again sometime later. */ cm_log(1, "Error generating UUID.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) { /* Take the lock. */ lfd = local_lock(parent, localdir); /* Read the signer information. */ i = get_signer_info(parent, localdir, &roots, &signer, &key); if ((i != 0) || (signer == NULL)) { cm_log(1, "Error reading signer info.\n"); /* Try again sometime later. */ return i ? i : CM_SUBMIT_STATUS_UNREACHABLE; } printf("%s\n", CONSTANTCN); if (!PEM_write_X509(stdout, signer)) { /* Well, try again sometime later. */ cm_log(1, "Error outputting certificate.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } for (i = 0; (roots != NULL) && (roots[i] != NULL); i++) { printf("%s %d\n", CONSTANTCN, i + 2); if (!PEM_write_X509(stdout, roots[i])) { /* Well, try again sometime later. */ cm_log(1, "Error outputting certificate.\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } } /* All done. */ close(lfd); return CM_SUBMIT_STATUS_ISSUED; } else if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) || (strcasecmp(mode, CM_OP_POLL) == 0)) { /* Read the CSR from the environment, or from the file named on * the command-line. */ csrfile = poptGetArg(pctx); if (csrfile != NULL) { csr = cm_submit_u_from_file(csrfile); } else { csr = getenv(CM_SUBMIT_CSR_ENV); if (csr != NULL) { csr = strdup(csr); } } if ((csr == NULL) || (strlen(csr) == 0)) { printf(_("Unable to read signing request.\n")); cm_log(1, "Unable to read signing request.\n"); poptPrintUsage(pctx, stdout, 0); free(csr); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Take the lock. */ lfd = local_lock(parent, localdir); /* Read in the signer information. */ i = get_signer_info(parent, localdir, &roots, &signer, &key); if ((i != 0) || (signer == NULL)) { cm_log(1, "Error reading signer info.\n"); free(csr); /* Try again sometime later. */ return CM_SUBMIT_STATUS_UNREACHABLE; } /* Read the next-to-be-used serial number. */ serial = talloc_asprintf(parent, "%s/%s", localdir, "/serial"); fp = fopen(serial, "r"); if ((fp == NULL) && (errno != ENOENT)) { cm_log(1, "Error reading '%s': %s.\n", serial, strerror(errno)); free(csr); return CM_SUBMIT_STATUS_UNREACHABLE; } if (fp != NULL) { if (fgets(buf, sizeof(buf), fp) == NULL) { fclose(fp); free(csr); return CM_SUBMIT_STATUS_UNREACHABLE; } buf[strcspn(buf, "\r\n")] = '\0'; hexserial = talloc_strdup(parent, buf); cm_log(3, "Read serial number '%s'.\n", hexserial); } if (hexserial == NULL) { hexserial = cm_store_hex_from_bin(parent, uuid, sizeof(uuid)); if (strchr("89abcdefABCDEF", hexserial[0]) != NULL) { hexserial = talloc_asprintf(parent, "00%s", hexserial); } cm_log(3, "Using serial number '%s'.\n", hexserial); } now = time(NULL); /* Actually sign the request. */ i = cm_submit_o_sign(parent, csr, signer, key, hexserial, now, 0, &cert); free(csr); if ((i == 0) && (cert != NULL)) { /* Roll the serial number up. */ hexserial = cm_store_increment_serial(parent, hexserial); if (hexserial == NULL) { cm_log(1, "Error incrementing serial number\n"); return CM_SUBMIT_STATUS_UNREACHABLE; } /* Save the next serial number. */ fp = fopen(serial, "w"); if (fp == NULL) { cm_log(1, "Error writing '%s': %s.\n", serial, strerror(errno)); return CM_SUBMIT_STATUS_UNREACHABLE; } fprintf(fp, "%s\n", hexserial); if (ferror(fp)) { cm_log(1, "Error writing '%s': %s.\n", serial, strerror(errno)); fclose(fp); return CM_SUBMIT_STATUS_UNREACHABLE; } fclose(fp); cm_log(3, "Wrote serial number '%s'.\n", hexserial); /* Okay, now provide the certificate. */ if (!PEM_write_X509(stdout, cert)) { cm_log(1, "Error outputting certificate: %s.\n", strerror(errno)); /* Well, try again sometime later. */ return CM_SUBMIT_STATUS_UNREACHABLE; } } close(lfd); return i; } return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } certmonger-0.79.19/src/log.c0000644000175000017500000000462114511314133015151 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "tm.h" static int cm_log_level = 0; static enum cm_log_method cm_log_method; int cm_log_set_level(int level) { int old_level; old_level = cm_log_level; cm_log_level = level; return old_level; } enum cm_log_method cm_log_set_method(enum cm_log_method method) { enum cm_log_method old_method; old_method = cm_log_method; cm_log_method = method; return old_method; } void cm_log(int level, const char *fmt, ...) { FILE *stream; va_list args; int slevel; char *p; struct tm lt; time_t now; if (level <= cm_log_level) { stream = stderr; switch (cm_log_method) { case cm_log_none: break; case cm_log_stdout: stream = stdout; /* fall through */ case cm_log_stderr: now = cm_time(NULL); localtime_r(&now, <); p = talloc_asprintf(NULL, "%04d-%02d-%02d %02d:%02d:%02d " "[%lu] %s", lt.tm_year + 1900, lt.tm_mon + 1, lt.tm_mday, lt.tm_hour, lt.tm_min, lt.tm_sec, (unsigned long) getpid(), fmt); if (p != NULL) { va_start(args, fmt); vfprintf(stream, p, args); va_end(args); talloc_free(p); } fflush(NULL); break; case cm_log_syslog: va_start(args, fmt); switch (level) { case -2: slevel = LOG_CRIT; break; case -1: slevel = LOG_WARNING; break; case 0: slevel = LOG_INFO; break; default: slevel = LOG_DEBUG; break; } vsyslog(LOG_DAEMON | slevel, fmt, args); va_end(args); break; } } } certmonger-0.79.19/src/log.h0000644000175000017500000000245114511314133015155 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmlog_h #define cmlog_h enum cm_sub_status { CM_SUB_STATUS_OK = 0, CM_SUB_STATUS_ERROR_INITIALIZING = 1, CM_SUB_STATUS_INTERNAL_ERROR = 2, CM_SUB_STATUS_ERROR_NO_TOKEN = 3, CM_SUB_STATUS_ERROR_AUTH = 4, CM_SUB_STATUS_ERROR_PERMS = 5, CM_SUB_STATUS_ERROR_KEY_TYPE = 6, CM_SUB_STATUS_NEED_SCEP_DATA = 16, }; enum cm_log_method { cm_log_none = 0, cm_log_syslog, cm_log_stderr, cm_log_stdout, }; int cm_log_set_level(int level); enum cm_log_method cm_log_set_method(enum cm_log_method method); void cm_log(int level, const char *fmt, ...) #ifdef __GNUC__ __attribute__((format(printf,2,3))) #endif ; #endif certmonger-0.79.19/src/main.c0000644000175000017500000002764514511314133015327 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "cm.h" #include "env.h" #include "log.h" #include "tdbus.h" #include "tdbusm.h" #include "util-n.h" #ifdef ENABLE_NLS #include #define N_(_text) _text #define _(_text) dgettext(PACKAGE, _text) #else #define N_(_text) _text #define _(_text) (_text) #endif int main(int argc, const char **argv) { struct tevent_context *ec; struct cm_context *ctx; enum cm_tdbus_type bus; int i, c, dlevel = 0, pfd = -1, lfd = -1, version = 0; unsigned int u; long l; pid_t pid; FILE *pfp; const char *pidfile = NULL, *tmpdir, *gate_command = NULL, *path = NULL; char *env_tmpdir, *hint, *address; dbus_bool_t dofork, server, server_only; enum force_fips_mode forcefips; int bustime; DBusError error; poptContext pctx; struct poptOption popts[] = { {"session-bus", 's', POPT_ARG_NONE, NULL, 's', N_("use session bus"), NULL}, {"system-bus", 'S', POPT_ARG_NONE, NULL, 'S', N_("use system bus"), NULL}, {"listening-socket", 'l', POPT_ARG_NONE, NULL, 'l', N_("start a dedicated listening socket"), NULL}, {"only-listening-socket", 'L', POPT_ARG_NONE, NULL, 'L', N_("only use a dedicated listening socket"), NULL}, {"listening-socket-path", 'P', POPT_ARG_STRING, &path, 0, N_("specify the dedicated listening socket"), N_("PATHNAME")}, {"nofork", 'n', POPT_ARG_NONE, NULL, 'n', N_("don't become a daemon"), NULL}, {"fork", 'f', POPT_ARG_NONE, NULL, 'f', N_("do become a daemon"), NULL}, {"bus-activation-timeout", 'b', POPT_ARG_INT, NULL, 'b', N_("bus-activated, idle timeout"), N_("SECONDS")}, {"no-bus-activation-timeout", 'B', POPT_ARG_NONE, NULL, 'B', N_("don't use an idle timeout"), NULL}, {"debug-level", 'd', POPT_ARG_INT, NULL, 'd', N_("set debugging level (implies -n)"), N_("NUMBER")}, {"command", 'c', POPT_ARG_STRING, &gate_command, 'c', N_("start COMMAND and exit when it does"), N_("COMMAND")}, /* this next one is there to paper over documentation that named the flag wrong */ {NULL, 'C', POPT_ARG_STRING | POPT_ARGFLAG_DOC_HIDDEN, &gate_command, 'c', N_("start COMMAND and exit when it does"), N_("COMMAND")}, {"pidfile", 'p', POPT_ARG_STRING, &pidfile, 0, N_("write service PID to file"), N_("FILENAME")}, {"fips", 'F', POPT_ARG_NONE, NULL, 'F', N_("force NSS into FIPS mode"), NULL}, {"help", 'h', POPT_ARG_NONE, NULL, 'h', NULL, NULL}, {"version", 'v', POPT_ARG_NONE, &version, 0, N_("print version information"), NULL}, {"autohelp", 'H', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, NULL, 'H', NULL, NULL}, POPT_TABLEEND }; bus = cm_env_default_bus(); dofork = cm_env_default_fork(); bustime = cm_env_default_bus_timeout(); forcefips = do_not_force_fips; server = FALSE; server_only = FALSE; #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); for (u = 0; u < sizeof(popts) / sizeof(popts[0]); u++) { if (popts[u].descrip != NULL) { popts[u].descrip = dgettext(PACKAGE, popts[u].descrip); } if (popts[u].argDescrip != NULL) { popts[u].argDescrip = dgettext(PACKAGE, popts[u].argDescrip); } } #endif if (cm_env_whoami() == NULL) { printf("internal error\n"); exit(1); } if ((cm_env_config_dir() == NULL) || (cm_env_request_dir() == NULL) || (cm_env_ca_dir() == NULL) || (cm_env_tmp_dir() == NULL)) { printf("%s: unable to determine storage locations\n", cm_env_whoami()); exit(1); }; pctx = poptGetContext(argv[0], argc, argv, popts, 0); if (pctx == NULL) { exit(1); } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': bus = cm_tdbus_session; break; case 'S': bus = cm_tdbus_system; break; case 'l': server = TRUE; break; case 'L': server = TRUE; server_only = TRUE; break; case 'c': bustime = 0; break; case 'f': dofork = TRUE; break; case 'b': gate_command = NULL; bustime = atoi(poptGetOptArg(pctx)); break; case 'B': bustime = 0; break; case 'd': dlevel = atoi(poptGetOptArg(pctx)); /* fall through */ case 'n': dofork = FALSE; break; case 'F': forcefips = do_force_fips; break; case 'H': poptPrintHelp(pctx, stdout, 0); exit(1); break; default: printf(_("Usage: %s [-s|-S] [-n|-f] [-d LEVEL] " "[-p FILE] [-F] [-v]\n"), cm_env_whoami()); printf("%s%s%s%s%s%s%s%s%s%s%s%s%s%s", _("\t-s use session bus\n"), _("\t-S use system bus\n"), _("\t-l start a dedicated listening socket\n"), _("\t-L only use a dedicated listening socket\n"), _("\t-P PATH specify the dedicated listening socket\n"), _("\t-n don't become a daemon\n"), _("\t-f do become a daemon\n"), _("\t-b TIMEOUT bus-activated, idle timeout\n"), _("\t-B don't use an idle timeout\n"), _("\t-d LEVEL set debugging level (implies -n)\n"), _("\t-c COMMAND start COMMAND and exit when it does\n"), _("\t-p FILE write service PID to file\n"), _("\t-F force NSS into FIPS mode\n"), _("\t-v print version information and exit\n")); exit(1); break; } } if (c != -1) { exit(1); } if (version) { printf("%s %s\n", PACKAGE, PACKAGE_VERSION); exit(0); } cm_log_set_level(dlevel); cm_log_set_method(dofork ? cm_log_syslog : cm_log_stderr); util_n_set_fips(forcefips); cm_log(3, "Starting up.\n"); tmpdir = cm_env_tmp_dir(); if (tmpdir != NULL) { env_tmpdir = malloc(8 + strlen(tmpdir)); if (env_tmpdir == NULL) { fprintf(stderr, "Out of memory.\n"); exit(1); } snprintf(env_tmpdir, 8 + strlen(tmpdir), "TMPDIR=%s", tmpdir); if (putenv(env_tmpdir) != 0) { printf("internal error: %s\n", strerror(errno)); exit(1); } } ec = tevent_context_init(NULL); if (ec == NULL) { fprintf(stderr, "Error initializing tevent.\n"); exit(1); } if (dlevel > 0) { tevent_set_debug_stderr(ec); } umask(S_IRWXG | S_IRWXO); /* Set our working directory - the root for a system instance, the * configuration directory for a session instance. */ switch (bus) { case cm_tdbus_private: case cm_tdbus_system: cm_log(2, "Changing to root directory.\n"); if (chdir("/") != 0) { cm_log(0, "Error in chdir(\"/\"): %s.\n", strerror(errno)); } cm_log(2, "Obtaining system lock.\n"); break; case cm_tdbus_session: cm_log(2, "Changing to config directory.\n"); if (chdir(cm_env_config_dir()) != 0) { cm_log(2, "Error in chdir(\"%s\"): %s.\n", cm_env_config_dir(), strerror(errno)); } cm_log(2, "Obtaining session lock.\n"); break; } /* Open the lock file. This is primarily here to avoid having multiple * session copies attempting to read and write and operate on the same * records at the same time. */ lfd = open(cm_env_lock_file(), O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (lfd == -1) { fprintf(stderr, "Error opening lockfile \"%s\": %s\n", cm_env_lock_file(), strerror(errno)); exit(1); } if (lockf(lfd, F_LOCK, 0) != 0) { fprintf(stderr, "Error locking lockfile \"%s\": %s\n", cm_env_lock_file(), strerror(errno)); close(lfd); exit(1); } l = fcntl(lfd, F_GETFD); if (l != -1) { l = fcntl(lfd, F_SETFD, l | FD_CLOEXEC); if (l == -1) { fprintf(stderr, "Error setting close-on-exec flag on " "\"%s\": %s\n", cm_env_lock_file(), strerror(errno)); close(lfd); exit(1); } } /* Load up all of our data. */ ctx = NULL; i = cm_init(ec, &ctx, bustime, gate_command); if (i != 0) { fprintf(stderr, "Error: %s\n", strerror(i)); talloc_free(ec); exit(1); } if (!server_only) { /* Join a bus and obtain our well-known name. */ if (cm_tdbus_setup_public(ec, bus, ctx, &error) != 0) { fprintf(stderr, "Error connecting to D-Bus.\n"); hint = cm_tdbusm_hint(ec, error.name, error.message); if (hint != NULL) { fprintf(stderr, "%s", hint); } talloc_free(ec); exit(1); } } if (server) { /* Set up a private listening socket. */ if (cm_tdbus_setup_private(ec, ctx, path, &address, &error) != 0) { fprintf(stderr, "Error setting up D-Bus listener.\n"); hint = cm_tdbusm_hint(ec, error.name, error.message); if (hint != NULL) { fprintf(stderr, "%s", hint); } talloc_free(ec); exit(1); } cm_set_server_address(ctx, address); } /* Create the pid file, if we need to. */ if (pidfile != NULL) { pfd = open(pidfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (pfd == -1) { fprintf(stderr, "Error opening pidfile \"%s\": %s\n", pidfile, strerror(errno)); exit(1); } if (lockf(pfd, F_TLOCK, 0) != 0) { fprintf(stderr, "Error locking pidfile \"%s\": %s\n", pidfile, strerror(errno)); close(pfd); exit(1); } if (ftruncate(pfd, 0) != 0) { fprintf(stderr, "Error truncating pidfile \"%s\": %s\n", pidfile, strerror(errno)); close(pfd); exit(1); } l = fcntl(pfd, F_GETFD); if (l != -1) { if (fcntl(pfd, F_SETFD, l | FD_CLOEXEC) != 0) { fprintf(stderr, "Error marking pidfile \"%s\" " "as close-on-exec: %s\n", pidfile, strerror(errno)); close(pfd); exit(1); } } pfp = fdopen(pfd, "w"); if (pfp == NULL) { fprintf(stderr, "Error opening pidfile \"%s\": %s\n", pidfile, strerror(errno)); close(pfd); exit(1); } } else { pfp = NULL; } if (dofork) { pid = fork(); switch (pid) { case -1: /* failure */ fprintf(stderr, "fork() error: %s\n", strerror(errno)); if ((pidfile != NULL) && (pfp != NULL)) { fclose(pfp); } exit(1); break; case 0: /* child; keep going */ if (daemon(0, 0) != 0) { fprintf(stderr, "daemon() error: %s\n", strerror(errno)); exit(1); } /* lock the pid file now that our parent is exiting and * thus losing its lock; it should be safe to block * here, even if the parent gives up the lock before we * get here, because we've already ensured that only we * and our parent have the named connection to the bus, * and wouldn't have gotten here otherwise */ if ((pidfile != NULL) && (pfp != NULL)) { if (lockf(pfd, F_LOCK, 0) != 0) { cm_log(0, "Error locking pidfile \"%s\": " "%s\n", pidfile, strerror(errno)); exit(1); } fprintf(pfp, "%ld\n", (long) getpid()); fflush(pfp); } break; default: /* parent; exit cleanly */ exit(0); break; } } else { if ((pidfile != NULL) && (pfp != NULL)) { fprintf(pfp, "%ld\n", (long) getpid()); fflush(pfp); } } /* Kick each request and CA's state machine off. */ if (cm_start_all(ctx) == 0) { do { i = tevent_loop_once(ec); if (i != 0) { cm_log(3, "Event loop exits with status %d.\n", i); break; } } while (cm_keep_going(ctx) == 0); cm_log(3, "Shutting down.\n"); cm_stop_all(ctx); } /* Clean up. */ talloc_free(ctx); talloc_free(ec); /* Remove the PID file. */ if ((pidfile != NULL) && (pfp != NULL)) { if (remove(pidfile) != 0) { cm_log(0, "Error removing pidfile \"%s\": %s.\n", pidfile, strerror(errno)); } fclose(pfp); } return 0; } certmonger-0.79.19/src/netlink.c0000644000175000017500000000454014511314133016034 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include "log.h" #include "netlink.h" #if defined(HAVE_LINUX_NETLINK_H) && defined(HAVE_LINUX_RTNETLINK_H) #include #include int cm_netlink_socket(void) { int fd; struct sockaddr_nl sn; fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); if (fd == -1) { return -1; } if (fcntl(fd, F_SETFL, (long) O_NONBLOCK) == -1) { close(fd); return -1; }; if (fcntl(fd, F_SETFD, (long) FD_CLOEXEC) == -1) { close(fd); return -1; }; memset(&sn, 0, sizeof(sn)); sn.nl_family = AF_NETLINK; sn.nl_pad = 0; sn.nl_pid = getpid(); sn.nl_groups = RTMGRP_NOTIFY | RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE; if (bind(fd, (struct sockaddr *) &sn, sizeof(sn)) == -1) { close(fd); return -1; } return fd; } int cm_netlink_pkt_is_route_change(char *buf, int len, struct sockaddr *src_addr, socklen_t addrlen) { struct nlmsghdr *nlmsg; struct sockaddr_nl *src; if (addrlen != sizeof(*src)) { return -1; } src = (struct sockaddr_nl *) src_addr; if (src->nl_pid != 0) { return -1; } for (nlmsg = (struct nlmsghdr *) buf; (len > 0) && NLMSG_OK(nlmsg, (unsigned int) len); nlmsg = NLMSG_NEXT(nlmsg, len)) { switch (nlmsg->nlmsg_type) { case RTM_NEWLINK: case RTM_DELLINK: case RTM_NEWROUTE: case RTM_DELROUTE: return 0; break; } } return -1; } #else int cm_netlink_socket(void) { return -1; } int cm_netlink_pkt_is_route_change(char *buf, int len, struct sockaddr *src_addr, socklen_t addrlen) { return -1; } #endif certmonger-0.79.19/src/netlink.h0000644000175000017500000000157714511314133016050 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmnetlink_h #define cmnetlink_h int cm_netlink_socket(void); int cm_netlink_pkt_is_route_change(char *buf, int len, struct sockaddr *src_addr, socklen_t addrlen); #endif certmonger-0.79.19/src/nl-check.c0000644000175000017500000001074114511314133016054 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include "netlink.h" #if !defined(HAVE_LINUX_NETLINK_H) || !defined(HAVE_LINUX_RTNETLINK_H) int main(int argc, char **argv) { printf("Netlink support not built.\n"); return 1; } #else #include #include static void dump_rta(struct rtattr *buf, int len) { struct rtattr *rta; for (rta = buf; RTA_OK(rta, len); rta = RTA_NEXT(rta, len)) { switch (rta->rta_type) { default: printf(" Got an unknown attribute of length %ld.\n", (long) RTA_PAYLOAD(rta)); break; } } printf(" %d leftover attribute bytes.\n", len); } static void dump_nlmsg(unsigned char *buf, int len, struct sockaddr_nl *nlmsgsrc) { struct nlmsghdr *nlmsg; struct rtmsg *rtm; for (nlmsg = (struct nlmsghdr *) buf; (len > 0) && NLMSG_OK(nlmsg, (unsigned int) len); nlmsg = NLMSG_NEXT(nlmsg, len)) { printf("Got a full message with payload length %ld from %ld.\n", (long) NLMSG_PAYLOAD(nlmsg, 0), (long) nlmsgsrc->nl_pid); rtm = NLMSG_DATA(nlmsg); switch (nlmsg->nlmsg_type) { case RTM_NEWLINK: printf(" Got a new-link message.\n"); break; case RTM_DELLINK: printf(" Got a del-link message.\n"); break; case RTM_GETLINK: printf(" Got a get-link message.\n"); break; case RTM_SETLINK: printf(" Got a set-link message.\n"); break; case RTM_NEWADDR: printf(" Got a new-addr message.\n"); break; case RTM_DELADDR: printf(" Got a del-addr message.\n"); break; case RTM_GETADDR: printf(" Got a get-addr message.\n"); break; case RTM_NEWROUTE: printf(" Got a new-route message.\n"); break; case RTM_DELROUTE: printf(" Got a del-route message.\n"); break; case RTM_GETROUTE: printf(" Got a get-route message.\n"); break; case RTM_NEWNEIGH: printf(" Got a new-neighbor message.\n"); break; case RTM_DELNEIGH: printf(" Got a del-neighbor message.\n"); break; case RTM_GETNEIGH: printf(" Got a get-neighbor message.\n"); break; case RTM_NEWRULE: printf(" Got a new-rule message.\n"); break; case RTM_DELRULE: printf(" Got a del-rule message.\n"); break; case RTM_GETRULE: printf(" Got a get-rule message.\n"); break; default: printf(" Got an unknown message %d.\n", rtm->rtm_type); rtm = NULL; break; } if (rtm != NULL) { switch (rtm->rtm_family) { case AF_INET: printf(" IPv4.\n"); break; case AF_INET6: printf(" IPv6.\n"); break; default: printf(" family %d.\n", rtm->rtm_family); break; } dump_rta(RTM_RTA(nlmsg), RTM_PAYLOAD(nlmsg)); } } printf("%d leftover message bytes.\n", len); } int main(int argc, char **argv) { fd_set fds; int nl, len, err; unsigned char buf[0x10000]; struct sockaddr_nl nlmsgsrc; socklen_t nlmsgsrclen; nl = cm_netlink_socket(); if (nl == -1) { printf("Error creating socket.\n"); return 1; } printf("Waiting for data.\n"); for (;;) { FD_ZERO(&fds); FD_SET(nl, &fds); select(nl + 1, &fds, NULL, NULL, NULL); memset(&nlmsgsrc, 0, sizeof(nlmsgsrc)); nlmsgsrclen = sizeof(nlmsgsrc); len = recvfrom(nl, buf, sizeof(buf), 0, (struct sockaddr *) &nlmsgsrc, &nlmsgsrclen); switch (len) { case 0: printf("EOF\n"); return 0; break; case -1: err = errno; printf("Error %s\n", strerror(errno)); return err; break; } if (nlmsgsrclen != sizeof(struct sockaddr_nl)) { /* The heck? */ printf("Sender did not have a netlink address-sized " "address?\n"); return -1; } if (nlmsgsrc.nl_family != AF_NETLINK) { /* The heck? */ printf("Sender did not have a netlink address?\n"); return -1; } printf("Received %d bytes.\n", len); dump_nlmsg(buf, len, &nlmsgsrc); } return 0; } #endif certmonger-0.79.19/src/notify.c0000644000175000017500000002743114511314133015704 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "notify.h" #include "prefs.h" #include "store.h" #include "store-int.h" #include "subproc.h" #include "tm.h" struct cm_notify_state { struct cm_subproc_state *subproc; }; struct cm_notify_details { enum cm_notify_event event; }; /* Fire off the proper notification. */ static int cm_notify_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_notify_details *details = userdata; enum cm_notification_method method; const char *dest, *p, *q, *message = NULL, *error; char *tok, t[15], **argv, *ltime; int facility, level; struct { const char *name; int value; } facilities[] = { {"auth", LOG_AUTH}, {"authpriv", LOG_AUTHPRIV}, {"cron", LOG_CRON}, {"daemon", LOG_DAEMON}, {"ftp", LOG_FTP}, {"kern", LOG_KERN}, {"local0", LOG_LOCAL0}, {"local1", LOG_LOCAL1}, {"local2", LOG_LOCAL2}, {"local3", LOG_LOCAL3}, {"local4", LOG_LOCAL4}, {"local5", LOG_LOCAL5}, {"local6", LOG_LOCAL6}, {"local7", LOG_LOCAL7}, {"lpr", LOG_LPR}, {"mail", LOG_MAIL}, {"news", LOG_NEWS}, {"user", LOG_USER}, {"uucp", LOG_UUCP}, }, levels[] = { {"emerg", LOG_EMERG}, {"alert", LOG_ALERT}, {"crit", LOG_CRIT}, {"err", LOG_ERR}, {"warning", LOG_WARNING}, {"notice", LOG_NOTICE}, {"info", LOG_INFO}, {"debug", LOG_DEBUG}, }; unsigned int i; switch (details->event) { case cm_notify_event_unknown: message = talloc_asprintf(entry, "Something happened with certificate named \"%s\" in token \"%s\"in database \"%s\".", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location); break; case cm_notify_event_validity_ending: if (entry->cm_cert_not_after > cm_time(NULL)) { ltime = cm_store_local_timestamp_from_time_for_display(entry->cm_cert_not_after); if (ltime == NULL) { ltime = cm_store_timestamp_from_time(entry->cm_cert_not_after, t); } switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "Certificate named \"%s\" in token \"%s\" in database \"%s\" will not be valid after %s.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location, ltime); } else { message = talloc_asprintf(entry, "Certificate named \"%s\" in database \"%s\" will expire at %s.", entry->cm_cert_nickname, entry->cm_cert_storage_location, ltime); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "Certificate in file \"%s\" will not be valid after %s.", entry->cm_cert_storage_location, ltime); break; } if (ltime != t) { free(ltime); } } else { switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "Certificate named \"%s\" in token \"%s\" in database \"%s\" is no longer valid.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location); } else { message = talloc_asprintf(entry, "Certificate named \"%s\" in database \"%s\" is no longer valid.", entry->cm_cert_nickname, entry->cm_cert_storage_location); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "Certificate in file \"%s\" is no longer valid.", entry->cm_cert_storage_location); break; } } break; case cm_notify_event_rejected: switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "Request for certificate to be named \"%s\" in token \"%s\" in database \"%s\" rejected by CA.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location); } else { message = talloc_asprintf(entry, "Request for certificate to be named \"%s\" in database \"%s\" rejected by CA.", entry->cm_cert_nickname, entry->cm_cert_storage_location); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "Request for certificate to be stored in file \"%s\" rejected by CA.", entry->cm_cert_storage_location); break; } break; case cm_notify_event_issued_not_saved: switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "Certificate named \"%s\" in token \"%s\" in database \"%s\" issued by CA but not saved.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location); } else { message = talloc_asprintf(entry, "Certificate named \"%s\" in database \"%s\" issued by CA but not saved.", entry->cm_cert_nickname, entry->cm_cert_storage_location); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "Certificate in file \"%s\" issued by CA but not saved.", entry->cm_cert_storage_location); break; } break; case cm_notify_event_issued_and_saved: switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "Certificate named \"%s\" in token \"%s\" in database \"%s\" issued by CA and saved.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location); } else { message = talloc_asprintf(entry, "Certificate named \"%s\" in database \"%s\" issued by CA and saved.", entry->cm_cert_nickname, entry->cm_cert_storage_location); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "Certificate in file \"%s\" issued by CA and saved.", entry->cm_cert_storage_location); break; } break; case cm_notify_event_issued_ca_not_saved: switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "Certificate named \"%s\" in token \"%s\" in database \"%s\" issued by CA and saved, but the CA certificate was not saved.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location); } else { message = talloc_asprintf(entry, "Certificate named \"%s\" in database \"%s\" issued by CA and saved, but the CA certificate was not saved.", entry->cm_cert_nickname, entry->cm_cert_storage_location); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "Certificate in file \"%s\" issued by CA and saved, but the CA certificate was not saved.", entry->cm_cert_storage_location); break; } break; case cm_notify_event_ca_not_saved: switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: if (entry->cm_cert_token != NULL) { message = talloc_asprintf(entry, "CA certificate for certificate named \"%s\" in token \"%s\" in database \"%s\" (CA \"%s\") not saved.", entry->cm_cert_nickname, entry->cm_cert_token, entry->cm_cert_storage_location, entry->cm_ca_nickname); } else { message = talloc_asprintf(entry, "CA certificate for certificate named \"%s\" in database \"%s\" (CA \"%s\") not saved.", entry->cm_cert_nickname, entry->cm_cert_storage_location, entry->cm_ca_nickname); } break; case cm_cert_storage_file: message = talloc_asprintf(entry, "CA certificate for certificate in file \"%s\" (CA \"%s\") not saved.", entry->cm_cert_storage_location, entry->cm_ca_nickname); break; } break; } method = entry->cm_notification_method; if (method == cm_notification_unspecified) { method = cm_prefs_notification_method(); } dest = entry->cm_notification_destination; if (dest == NULL) { dest = cm_prefs_notification_destination(); } switch (method) { case cm_notification_none: /* do nothing! */ break; case cm_notification_unspecified: abort(); break; case cm_notification_stdout: sleep(5); /* XXX that was SO wrong, but it makes the output of the test * suite consistent when we mix the parent printing the current * state and this process also outputting the warning */ printf("%s\n", message); fflush(NULL); break; case cm_notification_syslog: facility = LOG_USER; level = LOG_NOTICE; for (p = dest; *p != '\0'; p = q) { q = p + strcspn(p, ".,:/|"); tok = talloc_strndup(entry, p, q - p); if (tok == NULL) { continue; } for (i = 0; i < sizeof(facilities) / sizeof(facilities[0]); i++) { if (strcasecmp(facilities[i].name, tok) == 0) { facility = facilities[i].value; } } for (i = 0; i < sizeof(levels) / sizeof(levels[0]); i++) { if (strcasecmp(levels[i].name, tok) == 0) { level = levels[i].value; } } q += strspn(q, ".,:/|"); } cm_log(4, "0x%02x %s\n", facility | level, message); syslog(facility | level, "%s", message); break; case cm_notification_email: execlp("mail", "mail", "-s", message, dest, NULL); break; case cm_notification_command: argv = cm_subproc_parse_args(entry, dest, &error); if (argv == NULL) { if (error != NULL) { cm_log(0, "Error parsing \"%s\": %s.\n", dest, error); } else { cm_log(0, "Error parsing \"%s\".\n", dest); } return -1; } cm_log(1, "Running notification helper \"%s\".\n", argv[0]); cm_subproc_mark_most_cloexec(-1, -1, -1); setenv(CM_NOTIFICATION_ENV, message, 1); if (execvp(argv[0], argv) == -1) { cm_log(0, "Error execvp()ing command \"%s\" (\"%s\"): %s.\n", argv[0], entry->cm_post_certsave_command, strerror(errno)); return -1; } } return 0; } /* Start notifying the user that the certificate will expire soon. */ struct cm_notify_state * cm_notify_start(struct cm_store_entry *entry, enum cm_notify_event event) { struct cm_notify_state *state; struct cm_notify_details details; state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); memset(&details, 0, sizeof(details)); details.event = event; state->subproc = cm_subproc_start(cm_notify_main, state, NULL, entry, &details); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_notify_get_fd(struct cm_notify_state *state) { return cm_subproc_get_fd(state->subproc); } /* Check if our child process has exited. */ int cm_notify_ready(struct cm_notify_state *state) { return cm_subproc_ready(state->subproc); } /* Clean up after notification. */ void cm_notify_done(struct cm_notify_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } certmonger-0.79.19/src/notify.h0000644000175000017500000000310014511314133015674 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmnotify_h #define cmnotify_h struct cm_store_entry; struct cm_notify_state; enum cm_notify_event { cm_notify_event_unknown = 0, cm_notify_event_validity_ending, cm_notify_event_rejected, cm_notify_event_issued_not_saved, cm_notify_event_issued_and_saved, cm_notify_event_issued_ca_not_saved, cm_notify_event_ca_not_saved }; /* Start to notify the administrator or user that expiration is imminent. */ struct cm_notify_state *cm_notify_start(struct cm_store_entry *entry, enum cm_notify_event event); /* Get a selectable-for-read descriptor we can poll for status changes when * we're finished sending the notification. */ int cm_notify_get_fd(struct cm_notify_state *state); /* Check if we're ready to call notification done. */ int cm_notify_ready(struct cm_notify_state *state); /* Clean up after notification. */ void cm_notify_done(struct cm_notify_state *state); #endif certmonger-0.79.19/src/oiddict.c0000644000175000017500000000717014511314133016011 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include static const struct { const char *name; const char *oidish; } cm_named_oids[] = { {"iso.org.dod.internet.security", "1.3.6.1.5"}, {"iso.org.dod.internet.security.kerberosV5", "iso.org.dod.internet.security.2"}, {"iso.org.dod.internet.security.mechanisms", "iso.org.dod.internet.security.5"}, {"id-pkix", "iso.org.dod.internet.security.mechanisms.7"}, {"id-mod", "id-pkix.0"}, {"id-pe", "id-pkix.1"}, {"id-pe-authorityInfoAccess", "id-pe.1"}, {"id-pe-nsa", "id-pe.23"}, {"id-qt", "id-pkix.2"}, {"id-qt-cps", "id-qt.1"}, {"id-qt-unotice", "id-qt.2"}, {"id-kp", "id-pkix.3"}, {"id-kp-serverAuth", "id-kp.1"}, {"id-kp-clientAuth", "id-kp.2"}, {"id-kp-codeSigning", "id-kp.3"}, {"id-kp-emailProtection", "id-kp.4"}, {"id-kp-timeStamping", "id-kp.8"}, {"id-kp-OCSPSigning", "id-kp.9"}, {"id-on", "id-pkix.8"}, {"id-on-dnsSRV", "id-on.7"}, {"id-ad", "id-pkix.48"}, {"id-ad-ca-ocsp", "id-ad.1"}, {"id-pkix-ocsp-nocheck", "id-ad-ca-ocsp.5"}, {"id-ad-ca-Issuers", "id-ad.2"}, {"id-pkinit", "iso.org.dod.internet.security.kerberosV5.3"}, {"id-pkinit-KPClientAuth", "id-pkinit.4"}, {"id-pkinit-KPKdc", "id-pkinit.5"}, {"id-ms-kp-sc-logon", "1.3.6.1.4.1.311.20.2.2"}, {"id-ce", "2.5.29"}, {"id-ce-authorityKeyIdentifier", "id-ce.35"}, {"id-ce-subjectKeyIdentifier", "id-ce.14"}, {"id-ce-keyUsage", "id-ce.15"}, {"id-ce-subjectAltName", "id-ce.17"}, {"id-ce-issuerAltName", "id-ce.18"}, {"id-ce-basicConstraints", "id-ce.19"}, {"id-ce-cRLNumber", "id-ce.20"}, {"id-ce-cRLDistributionPoints", "id-ce.31"}, {"id-ce-extKeyUsage", "id-ce.37"}, {"id-ce-freshestCRL", "id-ce.46"}, {"id-IEC62351", "1.2.840.10070"}, {"id-IECuserRoles", "id-IEC62351.8.1"}, }; static int cm_is_a_prefix(const char *possible_prefix, const char *value) { unsigned int len; len = strlen(possible_prefix); if (strlen(value) < len) { return 0; } if (strncasecmp(possible_prefix, value, len) != 0) { return 0; } return ((value[len] == '.') || (value[len] == 0)); } char * cm_oid_to_name(void *ctx, const char *oid) { char *p, *q; unsigned int i, len; p = talloc_strdup(ctx, oid); for (i = 0; i < sizeof(cm_named_oids) / sizeof(cm_named_oids[0]); i++) { if (cm_is_a_prefix(cm_named_oids[i].oidish, p)) { len = strlen(cm_named_oids[i].oidish); q = talloc_asprintf(ctx, "%s%s", cm_named_oids[i].name, p + len); talloc_free(p); p = q; } } return p; } char * cm_oid_from_name(void *ctx, const char *name) { char *p, *q; int i, len; p = talloc_strdup(ctx, name); for (i = sizeof(cm_named_oids) / sizeof(cm_named_oids[0]) - 1; i >= 0; i--) { if (cm_is_a_prefix(cm_named_oids[i].name, p)) { len = strlen(cm_named_oids[i].name); q = talloc_asprintf(ctx, "%s%s", cm_named_oids[i].oidish, p + len); talloc_free(p); p = q; } } if (strspn(p, "0123456789.") != strlen(p)) { talloc_free(p); p = NULL; } return p; } certmonger-0.79.19/src/oiddict.h0000644000175000017500000000151514511314133016013 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmoiddict_h #define cmoiddict_h char *cm_oid_to_name(void *ctx, const char *oid); char *cm_oid_from_name(void *ctx, const char *oid); #endif certmonger-0.79.19/src/pin.c0000644000175000017500000001035714511314133015161 0ustar gitgit00000000000000/* * Copyright (C) 2010,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "pin.h" #include "store-int.h" enum cm_pin_type { cm_pin_for_key, cm_pin_for_cert, }; static int cm_pin_read(struct cm_store_entry *entry, enum cm_pin_type pin_type, char **pin) { const char *pinfile, *pinvalue; struct stat st; int fd, l, err; switch (pin_type) { case cm_pin_for_key: pinfile = entry->cm_key_pin_file; pinvalue = entry->cm_key_pin; break; case cm_pin_for_cert: pinfile = entry->cm_key_pin_file; /* XXX */ pinvalue = entry->cm_key_pin; /* XXX */ break; default: pinfile = NULL; pinvalue = NULL; break; } if (pin == NULL) { return EINVAL; } *pin = NULL; err = 0; if ((pinfile != NULL) && (strlen(pinfile) > 0)) { fd = open(pinfile, O_RDONLY); if (fd != -1) { if ((fstat(fd, &st) == 0) && (st.st_size > 0)) { *pin = talloc_zero_size(entry, st.st_size + 1); if (*pin != NULL) { if (read(fd, *pin, st.st_size) != -1) { l = strcspn(*pin, "\r\n"); if (l == 0) { talloc_free(*pin); *pin = NULL; } else { (*pin)[l] = '\0'; } } else { err = errno; cm_log(-1, "Error reading \"%s\": " "%s.\n", pinfile, strerror(err)); talloc_free(*pin); *pin = NULL; } } } else { err = errno; cm_log(-1, "Error determining size of \"%s\": " "%s.\n", pinfile, strerror(err)); } close(fd); } else { err = errno; cm_log(-1, "Error reading PIN from \"%s\": %s.\n", pinfile, strerror(err)); } } if ((pin != NULL) && (*pin == NULL) && (err == 0)) { if (pinvalue != NULL) { *pin = talloc_strdup(entry, pinvalue); } } return err; } int cm_pin_read_for_key_ossl_cb(char *buf, int size, int rwflag, void *u) { struct cm_pin_cb_data *cb_data; char *pin; int ret; /* Record that we were called, so a PIN was needed. */ cb_data = u; cb_data->n_attempts++; memset(buf, '\0', size); if (cm_pin_read(cb_data->entry, cm_pin_for_key, &pin) == 0) { if (pin != NULL) { ret = strlen(pin); if (ret < size) { strcpy(buf, pin); } else { ret = 0; } talloc_free(pin); } else { ret = 0; } } else { ret = 0; } return ret; } static char * cm_pin_nss_cb(PK11SlotInfo *slot, PRBool retry, void *arg, enum cm_pin_type pin_type) { struct cm_pin_cb_data *cb_data; char *pin, *ret; /* Record that we were called, so a PIN was needed. */ cb_data = arg; cb_data->n_attempts++; if (retry) { /* We're not going to change what we're suggesting. */ ret = NULL; } else { if (cm_pin_read(cb_data->entry, pin_type, &pin) == 0) { if (pin != NULL) { ret = PR_Malloc(strlen(pin) + 1); if (ret != NULL) { strcpy(ret, pin); } talloc_free(pin); } else { ret = NULL; } } else { ret = NULL; } } return ret; } int cm_pin_read_for_key(struct cm_store_entry *entry, char **pin) { return cm_pin_read(entry, cm_pin_for_key, pin); } char * cm_pin_read_for_key_nss_cb(PK11SlotInfo *slot, PRBool retry, void *arg) { return cm_pin_nss_cb(slot, retry, arg, cm_pin_for_key); } int cm_pin_read_for_cert(struct cm_store_entry *entry, char **pin) { return cm_pin_read(entry, cm_pin_for_cert, pin); } char * cm_pin_read_for_cert_nss_cb(PK11SlotInfo *slot, PRBool retry, void *arg) { return cm_pin_nss_cb(slot, retry, arg, cm_pin_for_cert); } certmonger-0.79.19/src/pin.h0000644000175000017500000000227514511314133015166 0ustar gitgit00000000000000/* * Copyright (C) 2010,2011,2013 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmpin_h #define cmpin_h struct cm_pin_cb_data { struct cm_store_entry *entry; int n_attempts; }; struct cm_store_entry; int cm_pin_read_for_key_ossl_cb(char *buf, int size, int rwflag, void *u); int cm_pin_read_for_key(struct cm_store_entry *entry, char **pin); int cm_pin_read_for_cert(struct cm_store_entry *entry, char **pin); char *cm_pin_read_for_key_nss_cb(PK11SlotInfo *slot, PRBool retry, void *arg); char *cm_pin_read_for_cert_nss_cb(PK11SlotInfo *slot, PRBool retry, void *arg); #endif certmonger-0.79.19/src/pkcs7.c0000644000175000017500000007131314511314133015421 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "pkcs7.h" #include "prefs.h" #include "prefs-o.h" #include "scep-o.h" #include "store.h" #include "submit-u.h" #include "util-o.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif /* Return 0 if we think "issuer" could have issued "issued", which includes * self-signing. */ static int issuerissued(X509 *issuer, X509 *issued) { if (X509_check_issued(issuer, issued) == X509_V_OK) { return 0; } return X509_name_cmp(util_X509_get0_subject_name(issuer), util_X509_get0_issuer_name(issued)); } /* Render the certificate as a PEM string. */ static char * pemx509(void *parent, X509 *x) { char *b64, *pem, *ret; unsigned char *der, *p; ssize_t length; length = i2d_X509(x, NULL); if (length < 0) { return NULL; } der = talloc_size(parent, length); if (der == NULL) { return NULL; } p = (unsigned char *) der; if (i2d_X509(x, &p) < 0) { return NULL; } b64 = cm_store_base64_from_bin(parent, der, length); if (b64 == NULL) { return NULL; } pem = cm_submit_u_pem_from_base64("CERTIFICATE", 0, b64); if (pem == NULL) { return NULL; } ret = talloc_strdup(parent, pem); free(pem); return ret; } /* Return 0 if "candidate" is more like what we're looking for than "current". */ static int betterleaf(X509 *candidate, X509 *current, unsigned int flags) { if (flags & CM_PKCS7_LEAF_PREFER_ENCRYPT) { if (((util_X509_get_key_usage(candidate) & (KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT)) != 0) && ((util_X509_get_key_usage(current) & (KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT)) == 0)) { return 0; } } return -1; } static int bettertop(X509 *candidate, X509 *current, unsigned int flags) { return -1; } /* Given either a single certificate or a PKCS#7 signed-data message, pull out * the end-entity certificate and, if there is one, the top-level certificate, * and if there are any others, any others. */ static void cm_pkcs7_parse_buffer(const unsigned char *buffer, size_t length, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, STACK_OF(X509) *sk); static void cm_pkcs7_parse_pem(const char *pem, size_t length, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, STACK_OF(X509) *sk) { const char *p, *q; unsigned char *buf; size_t len; int decoded; if (strncmp(pem, "-----BEGIN", 10) == 0) { p = pem; p += strcspn(p, "\r\n"); p += strspn(p, "\r\n"); q = p; while (q < pem + length) { q = q + strcspn(q, "\r\n"); q += strspn(q, "\r\n"); if (strncmp(q, "-----END", 8) == 0) { len = q - p; buf = malloc(len); if (buf != NULL) { decoded = cm_store_base64_to_bin(p, q - p, buf, len); if (decoded > 0) { cm_pkcs7_parse_buffer(buf, decoded, decrypt_envelope, decrypt_userdata, sk); } free(buf); } } } } } static void cm_pkcs7_parse_buffer(const unsigned char *buffer, size_t length, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, STACK_OF(X509) *sk) { PKCS7 *p7; X509 *x; const unsigned char *p; char *s, *sp, *sq; unsigned char *enveloped = NULL; size_t enveloped_length = 0; int i; if (length == 0) { return; } if (length == (size_t) -1) { length = strlen((const char *) buffer); } /* First, try to parse as a PKCS#7 signed or enveloped data item. */ p = buffer; p7 = d2i_PKCS7(NULL, &p, length); if ((p7 != NULL) && (p == buffer + length)) { /* Is it a signed-data item? */ if (PKCS7_type_is_signed(p7)) { for (i = 0; i < sk_X509_num(p7->d.sign->cert); i++) { x = sk_X509_value(p7->d.sign->cert, i); if (sk_X509_find(sk, x) < 0) { sk_X509_push(sk, X509_dup(x)); } } } else /* Is it an enveloped-data item that we can try to decrypt? */ if (PKCS7_type_is_enveloped(p7) && (decrypt_envelope != NULL)) { decrypt_envelope(buffer, length, decrypt_userdata, &enveloped, &enveloped_length); if ((enveloped != NULL) && (enveloped_length > 0)) { /* Parse out the payload. */ cm_pkcs7_parse_buffer(enveloped, enveloped_length, decrypt_envelope, decrypt_userdata, sk); } } PKCS7_free(p7); } else { /* Not PKCS#7? Try to parse as a plain certificate. */ p = buffer; x = d2i_X509(NULL, &p, length); if ((x != NULL) && (p == buffer + length)) { if (sk_X509_find(sk, x) < 0) { sk_X509_push(sk, X509_dup(x)); } X509_free(x); } else { /* Not PKCS#7 binary data that we recognized, and not a * binary certificate. Maybe it's a PEM-formatted * version of one of those. Check if it's all ASCII. */ for (p = buffer; p < buffer + length; p++) { if ((*p & 0x80) != 0) { break; } } if (p == buffer + length) { s = malloc(length + 1); if (s == NULL) { return; } memcpy(s, buffer, length); s[length] = '\0'; sp = s; while ((sp = strstr(sp, "-----BEGIN")) != NULL) { sq = strstr(sp, "-----END"); if (sq != NULL) { sq += strcspn(sq, "\r\n"); sq += strspn(sq, "\r\n"); cm_pkcs7_parse_pem(sp, sq - sp, decrypt_envelope, decrypt_userdata, sk); sp = sq; } } free(s); } } } } void log_pkcs7_errors(int level, char *msg) { char buf[LINE_MAX] = ""; long error; int nss_err; cm_log(level, "%s\n", msg); while ((error = ERR_get_error()) != 0) { memset(buf, '\0', sizeof(buf)); ERR_error_string_n(error, buf, sizeof(buf)); cm_log(level, "%s\n", buf); } nss_err = PORT_GetError(); if (nss_err < 0) { cm_log(level, "%d: %s\n", nss_err, PR_ErrorToString(nss_err, 0)); } } int cm_pkcs7_parsev(unsigned int flags, void *parent, char **certleaf, char **certtop, char ***certothers, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, int n_buffers, const unsigned char **buffer, size_t *length) { X509 *x = NULL, *a, *b, **certs; STACK_OF(X509) *sk; char *cleaf = NULL, *ctop = NULL, **cothers = NULL; int leaf, top, n_certs, sorted, i, j; if (certleaf != NULL) { *certleaf = NULL; } if (certothers != NULL) { *certothers = NULL; } if (certtop != NULL) { *certtop = NULL; } sk = sk_X509_new(util_o_cert_cmp); if (sk == NULL) { return -1; } for (i = 0; i < n_buffers; i++) { cm_pkcs7_parse_buffer(buffer[i], length[i], decrypt_envelope, decrypt_userdata, sk); } /* Count the number of certificates. */ n_certs = sk_X509_num(sk); /* Find one that didn't issue any of the others. */ leaf = -1; for (i = 0; i < n_certs; i++) { /* Start with a candidate. */ a = sk_X509_value(sk, i); /* Look for any that it issued. */ for (j = 0; j < n_certs; j++) { if (j == i) { continue; } b = sk_X509_value(sk, j); if (issuerissued(a, b) == 0) { break; } } /* If it didn't issue any, then we found it. */ if (j == sk_X509_num(sk)) { if (leaf == -1) { leaf = i; } else { /* Or we may have found a better one. */ if (betterleaf(a, sk_X509_value(sk, leaf), flags) == 0) { leaf = i; } } } } /* Find one that isn't issued by any of the others. */ top = -1; for (i = 0; i < n_certs; i++) { if (i == leaf) { continue; } /* Start with a candidate. */ a = sk_X509_value(sk, i); /* Look for any that issued it. */ for (j = 0; j < n_certs; j++) { if (j == i) { continue; } b = sk_X509_value(sk, j); if (issuerissued(b, a) == 0) { break; } } /* If we found none, then it's the top. */ if (j == sk_X509_num(sk)) { if (top == -1) { top = i; } else { /* Or we may have found a better one. */ if (bettertop(a, sk_X509_value(sk, top), flags) == 0) { top = i; } } } } /* Set the output values. Leaf and top first. */ if (leaf != -1) { cleaf = pemx509(parent, sk_X509_value(sk, leaf)); n_certs--; } if ((top != -1) && (top != leaf)) { ctop = pemx509(parent, sk_X509_value(sk, top)); n_certs--; } /* Now the rest, which may be in between the top and leaf. */ if (n_certs > 0) { /* We need a plain array for sorting. */ certs = talloc_array_ptrtype(parent, certs, n_certs); for (i = 0, j = 0; i < sk_X509_num(sk); i++) { if ((i != top) && (i != leaf)) { certs[j++] = sk_X509_value(sk, i); } } sorted = 0; do { /* Find a leaf among the rest. */ leaf = -1; for (i = sorted; i < n_certs; i++) { for (j = sorted; j < n_certs; j++) {; if (j == i) { continue; } /* If it issued another, then it's not a leaf. */ if (issuerissued(certs[i], certs[j]) == 0) { break; } } /* If it didn't issue any others, then it goes first. */ if (j == n_certs) { leaf = i; break; } } if (leaf != -1) { /* Move the leaf to the front of the list. */ x = certs[leaf]; certs[leaf] = certs[sorted]; certs[sorted] = x; sorted++; } } while (leaf != -1); /* Dump them into an array of PEM data. */ cothers = talloc_array_ptrtype(parent, *certothers, n_certs + 1); if (cothers != NULL) { for (i = 0; i < n_certs; i++) { cothers[i] = pemx509(parent, certs[i]); } cothers[i] = NULL; } } /* Clean up. */ if (certleaf != NULL) { *certleaf = cleaf; } if (certothers != NULL) { *certothers = cothers; } if (certtop != NULL) { *certtop = ctop; } while ((x = sk_X509_pop(sk)) != NULL) { X509_free(x); } sk_X509_free(sk); return 0; } int cm_pkcs7_parse(unsigned int flags, void *parent, char **certleaf, char **certtop, char ***certothers, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, const unsigned char *buffer, size_t length, ...) { va_list args; const unsigned char **buffers = NULL; size_t *lengths = NULL; int n_buffers = 0, ret; if (buffer != NULL) { buffers = talloc_realloc_size(parent, buffers, sizeof(buffers[0]) * (n_buffers + 1)); lengths = talloc_realloc_size(parent, lengths, sizeof(lengths[0]) * (n_buffers + 1)); if ((buffers == NULL) || (lengths == NULL)) { return -1; } buffers[n_buffers] = buffer; lengths[n_buffers] = length; n_buffers++; } va_start(args, length); while ((buffer = va_arg(args, const unsigned char *)) != NULL) { length = va_arg(args, size_t); buffers = talloc_realloc_size(parent, buffers, sizeof(buffers[0]) * (n_buffers + 1)); lengths = talloc_realloc_size(parent, lengths, sizeof(lengths[0]) * (n_buffers + 1)); if ((buffers == NULL) || (lengths == NULL)) { va_end(args); return -1; } buffers[n_buffers] = buffer; lengths[n_buffers] = length; n_buffers++; } va_end(args); ret = cm_pkcs7_parsev(flags, parent, certleaf, certtop, certothers, decrypt_envelope, decrypt_userdata, n_buffers, buffers, lengths); talloc_free(buffers); talloc_free(lengths); return ret; } /* Envelope some data for the recipient. */ int cm_pkcs7_envelope_data(char *encryption_cert, enum cm_prefs_cipher cipher, unsigned char *data, size_t dlength, unsigned char **enveloped, size_t *length) { STACK_OF(X509) *recipients = NULL; X509 *recipient = NULL; BIO *in = NULL; PKCS7 *p7 = NULL; unsigned char *dp7 = NULL, *u = NULL; int ret = -1, len; *enveloped = NULL; *length = 0; in = BIO_new_mem_buf(encryption_cert, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } recipient = PEM_read_bio_X509(in, NULL, NULL, NULL); if (recipient == NULL) { log_pkcs7_errors(0, "Error parsing recipient certificate.\n"); goto done; } BIO_free(in); recipients = sk_X509_new(util_o_cert_cmp); if (recipients == NULL) { cm_log(0, "Out of memory.\n"); goto done; } sk_X509_push(recipients, recipient); in = BIO_new_mem_buf(data, dlength); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } p7 = PKCS7_encrypt(recipients, in, cm_prefs_ossl_cipher_by_pref(cipher), PKCS7_BINARY); BIO_free(in); if (p7 == NULL) { log_pkcs7_errors(0, "Error encrypting signing request.\n"); goto done; } len = i2d_PKCS7(p7, NULL); if (len < 0) { log_pkcs7_errors(0, "Error encoding encrypted signing request.\n"); goto done; } dp7 = malloc(len); if (dp7 == NULL) { cm_log(0, "Out of memory.\n"); goto done; } u = dp7; if (i2d_PKCS7(p7, &u) != len) { log_pkcs7_errors(0, "Error encoding encrypted signing request.\n"); goto done; } *enveloped = dp7; *length = len; ret = 0; done: if (recipients != NULL) { sk_X509_free(recipients); } if (recipient != NULL) { X509_free(recipient); } return ret; } int cm_pkcs7_envelope_csr(char *encryption_cert, enum cm_prefs_cipher cipher, char *csr, unsigned char **enveloped, size_t *length) { BIO *in; X509_REQ *req = NULL; int dlen, ret = -1; unsigned char *dreq = NULL, *u; *enveloped = NULL; *length = 0; in = BIO_new_mem_buf(csr, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); BIO_free(in); if (req == NULL) { log_pkcs7_errors(0, "Error parsing certificate signing request.\n"); goto done; } dlen = i2d_X509_REQ(req, NULL); if (dlen < 0) { log_pkcs7_errors(0, "Error encoding certificate signing request.\n"); goto done; } dreq = malloc(dlen); if (dreq == NULL) { cm_log(0, "Out of memory.\n"); goto done; } u = dreq; if (i2d_X509_REQ(req, &u) != dlen) { log_pkcs7_errors(0, "Error encoding certificate signing request.\n"); goto done; } ret = cm_pkcs7_envelope_data(encryption_cert, cipher, dreq, dlen, enveloped, length); done: if (req != NULL) { X509_REQ_free(req); } free(dreq); return ret; } struct cm_pkcs7_ias { SECItem issuer, subject; }; static const SEC_ASN1Template cm_pkcs7_ias_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(struct cm_pkcs7_ias), }, { .kind = SEC_ASN1_ANY, .offset = offsetof(struct cm_pkcs7_ias, issuer), .sub = &SEC_ASN1_GET(SEC_AnyTemplate), .size = sizeof(SECItem), }, { .kind = SEC_ASN1_ANY, .offset = offsetof(struct cm_pkcs7_ias, subject), .sub = &SEC_ASN1_GET(SEC_AnyTemplate), .size = sizeof(SECItem), }, { 0, 0, NULL, 0 }, }; int cm_pkcs7_generate_ias(char *cacert, char *minicert, unsigned char **ias, size_t *length) { BIO *in; X509 *ca = NULL, *mini = NULL; int subjectlen, issuerlen, ret = -1; unsigned char *issuer = NULL, *subject = NULL, *u; struct cm_pkcs7_ias issuerandsubject; SECItem encoded; *ias = NULL; *length = 0; memset(&encoded, 0, sizeof(encoded)); in = BIO_new_mem_buf(cacert, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } ca = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (ca == NULL) { log_pkcs7_errors(0, "Error parsing CA certificate.\n"); goto done; } in = BIO_new_mem_buf(minicert, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } mini = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (mini == NULL) { log_pkcs7_errors(0, "Error parsing client certificate.\n"); goto done; } issuerlen = i2d_X509_NAME(X509_get_issuer_name(ca), NULL); if (issuerlen < 0) { cm_log(0, "Error encoding CA certificate issuer name.\n"); goto done; } issuer = malloc(issuerlen); if (issuer == NULL) { cm_log(0, "Out of memory.\n"); goto done; } u = issuer; if (i2d_X509_NAME(X509_get_issuer_name(ca), &u) != issuerlen) { log_pkcs7_errors(0, "Error encoding CA certificate issuer name.\n"); goto done; } subjectlen = i2d_X509_NAME(X509_get_subject_name(mini), NULL); if (subjectlen < 0) { cm_log(0, "Error encoding client certificate subject name.\n"); goto done; } subject = malloc(subjectlen); if (subject == NULL) { cm_log(0, "Out of memory.\n"); goto done; } u = subject; if (i2d_X509_NAME(X509_get_subject_name(mini), &u) != subjectlen) { log_pkcs7_errors(0, "Error encoding client certificate subject name.\n"); goto done; } PORT_SetError(0); ERR_clear_error(); memset(&issuerandsubject, 0, sizeof(issuerandsubject)); issuerandsubject.issuer.data = issuer; issuerandsubject.issuer.len = issuerlen; issuerandsubject.subject.data = subject; issuerandsubject.subject.len = subjectlen; if (SEC_ASN1EncodeItem(NULL, &encoded, &issuerandsubject, cm_pkcs7_ias_template) != &encoded) { log_pkcs7_errors(0, "Error encoding issuer and subject names.\n"); goto done; } *ias = malloc(encoded.len); if (*ias != NULL) { memcpy(*ias, encoded.data, encoded.len); *length = encoded.len; ret = 0; } done: if (encoded.data != NULL) { SECITEM_FreeItem(&encoded, PR_FALSE); } if (mini != NULL) { X509_free(mini); } if (ca != NULL) { X509_free(ca); } free(issuer); free(subject); return ret; } int cm_pkcs7_envelope_ias(char *encryption_cert, enum cm_prefs_cipher cipher, char *cacert, char *minicert, unsigned char **enveloped, size_t *length) { int ret = -1; unsigned char *dias = NULL; size_t dlen; *enveloped = NULL; *length = 0; if ((cacert == NULL) || (strlen(cacert) == 0)) { cacert = encryption_cert; } ret = cm_pkcs7_generate_ias(cacert, minicert, &dias, &dlen); if (ret != 0) { goto done; } ret = cm_pkcs7_envelope_data(encryption_cert, cipher, dias, dlen, enveloped, length); done: free(dias); return ret; } static char * get_pstring_attribute(void *parent, STACK_OF(X509_ATTRIBUTE) *attrs, int nid) { X509_ATTRIBUTE *a; ASN1_TYPE *value; ASN1_PRINTABLESTRING *p; int i, len; const char *s; char *ret; if (attrs == NULL) { return NULL; } for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { a = sk_X509_ATTRIBUTE_value(attrs, i); if (a == NULL) { /* should not happen */ continue; } if (OBJ_obj2nid(util_X509_ATTRIBUTE_get0_object(a)) != nid) { continue; } if (X509_ATTRIBUTE_count(a) != 1) { continue; } value = X509_ATTRIBUTE_get0_type(a, 0); if ((value != NULL) && (value->type == V_ASN1_PRINTABLESTRING)) { p = value->value.printablestring; if (p != NULL) { len = util_ASN1_STRING_length(p); s = (const char *) util_ASN1_STRING_get0_data(p); ret = talloc_size(parent, len + 1); if (ret != NULL) { memcpy(ret, s, len); ret[len] = '\0'; return ret; } } } } return NULL; } static void get_ostring_attribute(void *parent, STACK_OF(X509_ATTRIBUTE) *attrs, int nid, unsigned char **ret, size_t *length) { X509_ATTRIBUTE *a; ASN1_TYPE *value; ASN1_OCTET_STRING *p; const unsigned char *s; int i, len; *ret = NULL; *length = 0; if (attrs == NULL) { return; } for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { a = sk_X509_ATTRIBUTE_value(attrs, i); if (a == NULL) { /* should not happen */ continue; } if (OBJ_obj2nid(util_X509_ATTRIBUTE_get0_object(a)) != nid) { continue; } if (X509_ATTRIBUTE_count(a) != 1) { continue; } value = X509_ATTRIBUTE_get0_type(a, 0); if ((value != NULL) && (value->type == V_ASN1_OCTET_STRING)) { p = value->value.octet_string; if (p != NULL) { len = util_ASN1_STRING_length(p); s = util_ASN1_STRING_get0_data(p); *ret = talloc_size(parent, len + 1); if (*ret != NULL) { memcpy(*ret, s, len); *length = len; return; } } } } return; } static int ignore_purpose_errors(int ok, X509_STORE_CTX *ctx) { switch (X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_INVALID_PURPOSE: case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: /* Ignore purpose and usage checks. */ return 1; break; default: /* Otherwise go with the library's default behavior. */ return ok; break; } } int cm_pkcs7_verify_signed(unsigned char *data, size_t length, const char **roots, const char **othercerts, int expected_content_type, void *parent, char **digest, char **tx, char **msgtype, char **pkistatus, char **failinfo, unsigned char **sender_nonce, size_t *sender_nonce_length, unsigned char **recipient_nonce, size_t *recipient_nonce_length, unsigned char **payload, size_t *payload_length) { PKCS7 *p7 = NULL, *encapsulated; X509 *x; STACK_OF(X509) *certs = NULL; STACK_OF(X509_ATTRIBUTE) *attrs; X509_STORE *store = NULL; X509_ALGOR *algor = NULL; PKCS7_SIGNED *p7s; PKCS7_SIGNER_INFO *si; BIO *in, *out = NULL; const unsigned char *u; char *s, *p, *q; int ret = -1, i; if (digest != NULL) { *digest = NULL; } if (tx != NULL) { *tx = NULL; } if (msgtype != NULL) { *msgtype = NULL; } if (pkistatus != NULL) { *pkistatus = NULL; } if (failinfo != NULL) { *failinfo = NULL; } if (sender_nonce != NULL) { *sender_nonce = NULL; } if (sender_nonce_length != NULL) { *sender_nonce_length = 0; } if (recipient_nonce != NULL) { *recipient_nonce = NULL; } if (recipient_nonce_length != NULL) { *recipient_nonce_length = 0; } if (payload != NULL) { *payload = NULL; } if (payload_length != NULL) { *payload_length = 0; } u = data; p7 = d2i_PKCS7(NULL, &u, length); if ((p7 == NULL) || (u != data + length)) { cm_log(0, "Error parsing what should be PKCS#7 signed-data.\n"); goto done; } if ((p7->type == NULL) || (OBJ_obj2nid(p7->type) != NID_pkcs7_signed)) { cm_log(0, "PKCS#7 data is not signed-data.\n"); goto done; } store = X509_STORE_new(); if (store == NULL) { cm_log(0, "Out of memory.\n"); goto done; } X509_STORE_set_verify_cb_func(store, &ignore_purpose_errors); certs = sk_X509_new(util_o_cert_cmp); if (certs == NULL) { cm_log(0, "Out of memory.\n"); goto done; } for (i = 0; (roots != NULL) && (roots[i] != NULL); i++) { s = talloc_strdup(parent, roots[i]); if (s == NULL) { cm_log(0, "Out of memory.\n"); goto done; } /* In case one of these is multiple PEM certificates * concatenated, always break them up. */ p = s; while ((p != NULL) && (*p != '\0')) { p = strstr(p, "-----BEGIN"); if (p == NULL) { break; } q = strstr(p, "-----END"); if (q == NULL) { break; } q += strcspn(q, "\n"); if (*q == '\n') { q++; } in = BIO_new_mem_buf(p, q - p); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } x = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (x == NULL) { cm_log(0, "Error parsing chain certificate.\n"); goto done; } X509_STORE_add_cert(store, x); X509_free(x); p = q; } talloc_free(s); } for (i = 0; (othercerts != NULL) && (othercerts[i] != NULL); i++) { s = talloc_strdup(parent, othercerts[i]); if (s == NULL) { cm_log(0, "Out of memory.\n"); goto done; } /* In case one of these is multiple PEM certificates * concatenated, always break them up. */ p = s; while ((p != NULL) && (*p != '\0')) { if (strncmp(p, "-----BEGIN", 10) != 0) { break; } q = strstr(p, "----END"); if (q == NULL) { break; } q += strcspn(q, "\n"); if (*q == '\n') { q++; } in = BIO_new_mem_buf(p, q - p); if (in == NULL) { cm_log(0, "Out of memory.\n"); goto done; } x = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (x == NULL) { cm_log(0, "Error parsing chain certificate.\n"); goto done; } sk_X509_push(certs, x); p = q; } talloc_free(s); } out = BIO_new(BIO_s_mem()); if (out == NULL) { cm_log(0, "Out of memory.\n"); goto done; } if (roots != NULL) { /* When PKCS7_verify() goes to verify the signer certificate, * it uses the trust store we pass in, but it only searches the * list of certificates in the signed-data for intermediates, * ignoring the list of non-trusted certificates we passed in. * Merge our list into the one in the signed-data, to ensure * that they can be found. */ for (i = 0; i < sk_X509_num(certs); i++) { x = X509_dup(sk_X509_value(certs, i)); if (x == NULL) { cm_log(0, "Out of memory.\n"); goto done; } PKCS7_add_certificate(p7, x); } if (PKCS7_verify(p7, certs, store, NULL, out, 0) != 1) { cm_log(0, "Message failed verification.\n"); goto done; } } p7s = p7->d.sign; if (sk_PKCS7_SIGNER_INFO_num(p7s->signer_info) != 1) { cm_log(0, "Number of PKCS#7 signed-data signers != 1.\n"); goto done; } si = sk_PKCS7_SIGNER_INFO_value(p7s->signer_info, 0); attrs = si->auth_attr; encapsulated = p7s->contents; if (expected_content_type != NID_undef) { if (encapsulated == NULL) { cm_log(0, "Error parsing PKCS#7 encapsulated content.\n"); goto done; } if ((encapsulated->type == NULL) || (OBJ_obj2nid(encapsulated->type) != expected_content_type)) { cm_log(0, "PKCS#7 encapsulated data is not %s (%s).\n", OBJ_nid2ln(expected_content_type), encapsulated->type ? OBJ_nid2ln(OBJ_obj2nid(encapsulated->type)) : "type not set"); goto done; } } if (attrs == NULL) { cm_log(0, "PKCS#7 signed-data contains no signed attributes.\n"); goto done; } ret = 0; if (digest != NULL) { algor = si->digest_alg; switch (OBJ_obj2nid(algor->algorithm)) { case NID_md5: *digest = talloc_strdup(parent, "md5"); break; case NID_sha512: *digest = talloc_strdup(parent, "sha512"); break; case NID_sha384: *digest = talloc_strdup(parent, "sha384"); break; case NID_sha256: *digest = talloc_strdup(parent, "sha256"); break; case NID_sha1: *digest = talloc_strdup(parent, "sha1"); break; } } if (tx != NULL) { *tx = get_pstring_attribute(parent, attrs, cm_scep_o_get_tx_nid()); } if (msgtype != NULL) { *msgtype = get_pstring_attribute(parent, attrs, cm_scep_o_get_msgtype_nid()); } if (pkistatus != NULL) { *pkistatus = get_pstring_attribute(parent, attrs, cm_scep_o_get_pkistatus_nid()); } if (failinfo != NULL) { *failinfo = get_pstring_attribute(parent, attrs, cm_scep_o_get_failinfo_nid()); } if ((sender_nonce != NULL) && (sender_nonce_length != NULL)) { get_ostring_attribute(parent, attrs, cm_scep_o_get_sender_nonce_nid(), sender_nonce, sender_nonce_length); } if ((recipient_nonce != NULL) && (recipient_nonce_length != NULL)) { get_ostring_attribute(parent, attrs, cm_scep_o_get_recipient_nonce_nid(), recipient_nonce, recipient_nonce_length); } if ((payload != NULL) && (payload_length != NULL)) { *payload_length = BIO_get_mem_data(out, &s); if (*payload_length > 0) { *payload = talloc_size(parent, *payload_length + 1); if (*payload == NULL) { cm_log(0, "Out of memory.\n"); goto done; } memcpy(*payload, s, *payload_length); (*payload)[*payload_length] = '\0'; } } done: if (p7 != NULL) { PKCS7_free(p7); } if (certs != NULL) { sk_X509_pop_free(certs, X509_free); } if (store != NULL) { X509_STORE_free(store); } if (out != NULL) { BIO_free(out); } return ret; } /* Return 0 if we think "issuer" could have issued "issued", which includes * self-signing. */ int cm_selfsigned(char *cert) { BIO *in; X509 *c; in = BIO_new_mem_buf(cert, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); return 1; } c = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); return(issuerissued(c, c)); } certmonger-0.79.19/src/pkcs7.h0000644000175000017500000000522114511314133015421 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmpkcs7_h #define cmpkcs7_h #include "prefs.h" #define CM_PKCS7_LEAF_PREFER_ENCRYPT (1 << 0) int cm_pkcs7_parsev(unsigned int flags, void *parent, char **certleaf, char **certtop, char ***certothers, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, int n_buffers, const unsigned char **buffers, size_t *lengths); int cm_pkcs7_parse(unsigned int flags, void *parent, char **certleaf, char **certtop, char ***certothers, void (*decrypt_envelope)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length), void *decrypt_userdata, const unsigned char *buffer, size_t length, ...); int cm_pkcs7_envelope_data(char *encryption_cert, enum cm_prefs_cipher cipher, unsigned char *data, size_t dlength, unsigned char **enveloped, size_t *length); int cm_pkcs7_envelope_csr(char *encryption_cert, enum cm_prefs_cipher cipher, char *csr, unsigned char **enveloped, size_t *length); int cm_pkcs7_generate_ias(char *cacert, char *minicert, unsigned char **ias, size_t *length); int cm_pkcs7_envelope_ias(char *encryption_cert, enum cm_prefs_cipher cipher, char *cacert, char *minicert, unsigned char **enveloped, size_t *length); int cm_pkcs7_verify_signed(unsigned char *data, size_t length, const char **roots, const char **othercerts, int expected_content_type, void *parent, char **digest, char **tx, char **msgtype, char **pkistatus, char **failinfo, unsigned char **sender_nonce, size_t *sender_nonce_length, unsigned char **recipient_nonce, size_t *recipient_nonce_length, unsigned char **payload, size_t *payload_length); int cm_selfsigned(char *cert); void log_pkcs7_errors(int level, char *msg); #endif certmonger-0.79.19/src/prefs-n.c0000644000175000017500000000737214511314133015750 0ustar gitgit00000000000000/* * Copyright (C) 2010,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include "prefs.h" #include "prefs-n.h" unsigned int cm_prefs_nss_sig_alg(SECKEYPrivateKey *pkey) { switch (pkey->keyType) { case nullKey: switch (cm_prefs_preferred_digest()) { case cm_prefs_md5: return SEC_OID_MD5; break; case cm_prefs_sha1: return SEC_OID_SHA1; break; case cm_prefs_sha256: case cm_prefs_nodigest: return SEC_OID_SHA256; break; case cm_prefs_sha384: return SEC_OID_SHA384; break; case cm_prefs_sha512: return SEC_OID_SHA512; break; default: return SEC_OID_SHA256; break; } case rsaKey: switch (cm_prefs_preferred_digest()) { case cm_prefs_md5: return SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break; case cm_prefs_sha1: return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break; case cm_prefs_sha256: case cm_prefs_nodigest: return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; case cm_prefs_sha384: return SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; break; case cm_prefs_sha512: return SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; break; default: return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; } case rsaPssKey: return SEC_OID_PKCS1_RSA_PSS_SIGNATURE; break; case dsaKey: switch (cm_prefs_preferred_digest()) { case cm_prefs_md5: case cm_prefs_sha1: return SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break; case cm_prefs_sha256: return SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; case cm_prefs_sha384: case cm_prefs_sha512: case cm_prefs_nodigest: return SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; default: return SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; } case ecKey: switch (cm_prefs_preferred_digest()) { case cm_prefs_md5: case cm_prefs_sha1: return SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break; case cm_prefs_sha256: case cm_prefs_nodigest: return SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break; case cm_prefs_sha384: return SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; break; case cm_prefs_sha512: return SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; break; default: return SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break; } default: return SEC_OID_UNKNOWN; break; } } unsigned int cm_prefs_nss_dig_alg(void) { switch (cm_prefs_preferred_digest()) { case cm_prefs_md5: return SEC_OID_MD5; break; case cm_prefs_sha1: return SEC_OID_SHA1; break; case cm_prefs_sha256: case cm_prefs_nodigest: return SEC_OID_SHA256; break; case cm_prefs_sha384: return SEC_OID_SHA384; break; case cm_prefs_sha512: return SEC_OID_SHA512; break; default: return SEC_OID_SHA256; break; } } unsigned int cm_prefs_nss_dig_alg_len(void) { switch (cm_prefs_nss_dig_alg()) { case SEC_OID_MD5: return 128 / 8; break; case SEC_OID_SHA1: return 160 / 8; break; case SEC_OID_SHA256: return 256 / 8; break; case SEC_OID_SHA384: return 384 / 8; break; case SEC_OID_SHA512: return 512 / 8; break; default: return 0; break; } } certmonger-0.79.19/src/prefs-n.h0000644000175000017500000000160014511314133015741 0ustar gitgit00000000000000/* * Copyright (C) 2010,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmprefsn_h #define cmprefsn_h unsigned int cm_prefs_nss_sig_alg(SECKEYPrivateKey *pkey); unsigned int cm_prefs_nss_dig_alg(void); unsigned int cm_prefs_nss_dig_alg_len(void); #endif certmonger-0.79.19/src/prefs-o.c0000644000175000017500000000407114511314133015742 0ustar gitgit00000000000000/* * Copyright (C) 2010,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include "prefs.h" #include "prefs.h" #include "prefs-o.h" #include "util-o.h" const EVP_MD * cm_prefs_ossl_hash_by_pref(enum cm_prefs_digest digest) { switch (digest) { case cm_prefs_md5: return EVP_md5(); break; case cm_prefs_sha1: return EVP_sha1(); break; case cm_prefs_sha256: case cm_prefs_nodigest: return EVP_sha256(); break; case cm_prefs_sha384: return EVP_sha384(); break; case cm_prefs_sha512: return EVP_sha512(); break; default: return EVP_sha256(); break; } } const EVP_MD * cm_prefs_ossl_hash(void) { return cm_prefs_ossl_hash_by_pref(cm_prefs_preferred_digest()); } const EVP_CIPHER * cm_prefs_ossl_cipher_by_pref(enum cm_prefs_cipher cipher) { switch (cipher) { case cm_prefs_des: return EVP_des_cbc(); break; case cm_prefs_des3: return EVP_des_ede3_cbc(); break; case cm_prefs_aes128: case cm_prefs_nodigest: return EVP_aes_128_cbc(); break; case cm_prefs_aes192: return EVP_aes_192_cbc(); break; case cm_prefs_aes256: return EVP_aes_256_cbc(); break; default: return EVP_aes_128_cbc(); break; } } const EVP_CIPHER * cm_prefs_ossl_cipher(void) { return cm_prefs_ossl_cipher_by_pref(cm_prefs_preferred_cipher()); } certmonger-0.79.19/src/prefs-o.h0000644000175000017500000000171714511314133015753 0ustar gitgit00000000000000/* * Copyright (C) 2010 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmprefso_h #define cmprefso_h const EVP_CIPHER *cm_prefs_ossl_cipher(void); const EVP_CIPHER *cm_prefs_ossl_cipher_by_pref(enum cm_prefs_cipher cipher); const EVP_MD *cm_prefs_ossl_hash(void); const EVP_MD *cm_prefs_ossl_hash_by_pref(enum cm_prefs_digest digest); #endif certmonger-0.79.19/src/prefs.c0000644000175000017500000002761114511314133015513 0ustar gitgit00000000000000/* * Copyright (C) 2010,2011,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include "env.h" #include "prefs.h" #include "store-int.h" #include "submit.h" #include "submit-u.h" #include "util.h" #include "tm.h" static char * cm_prefs_read(void) { const char *dir, *base = "/" PACKAGE_NAME ".conf"; char *path, *ret; ret = NULL; dir = cm_env_config_dir(); if (dir != NULL) { path = malloc(strlen(dir) + strlen(base) + 1); if (path != NULL) { snprintf(path, strlen(dir) + strlen(base) + 1, "%s%s", dir, base); ret = read_config_file(path); free(path); } } return ret; } static void cm_prefs_free(void); static char * cm_prefs_config(const char *section, const char *key) { static char *cm_configuration = NULL; if (key == NULL) { return cm_configuration; } if (cm_configuration == NULL) { cm_configuration = cm_prefs_read(); if (cm_configuration != NULL) { atexit(cm_prefs_free); } } if (cm_configuration != NULL) { return get_config_entry(cm_configuration, section ? section : "defaults", key); } return NULL; } static void cm_prefs_free(void) { char *prefs; prefs = cm_prefs_config(NULL, NULL); if (prefs != NULL) { free(prefs); } } enum cm_prefs_cipher cm_prefs_preferred_cipher(void) { char *cipher; cipher = cm_prefs_config(NULL, "symmetric_cipher"); if (cipher != NULL) { if (strcasecmp(cipher, "aes") == 0) { free(cipher); return cm_prefs_aes128; } if ((strcasecmp(cipher, "aes128") == 0) || (strcasecmp(cipher, "aes-128") == 0)) { free(cipher); return cm_prefs_aes128; } if ((strcasecmp(cipher, "aes256") == 0) || (strcasecmp(cipher, "aes-256") == 0)) { free(cipher); return cm_prefs_aes256; } if (strcasecmp(cipher, "des") == 0) { free(cipher); return cm_prefs_des; } if (strcasecmp(cipher, "des3") == 0) { free(cipher); return cm_prefs_des3; } free(cipher); } return cm_prefs_aes128; } enum cm_prefs_digest cm_prefs_preferred_digest(void) { char *digest; digest = cm_prefs_config(NULL, "digest"); if (digest != NULL) { if ((strcasecmp(digest, "md5") == 0) || (strcasecmp(digest, "md-5") == 0)) { free(digest); return cm_prefs_md5; } if ((strcasecmp(digest, "sha1") == 0) || (strcasecmp(digest, "sha-1") == 0)) { free(digest); return cm_prefs_sha1; } if ((strcasecmp(digest, "sha256") == 0) || (strcasecmp(digest, "sha-256") == 0)) { free(digest); return cm_prefs_sha256; } if ((strcasecmp(digest, "sha384") == 0) || (strcasecmp(digest, "sha-384") == 0)) { free(digest); return cm_prefs_sha384; } if ((strcasecmp(digest, "sha512") == 0) || (strcasecmp(digest, "sha-512") == 0)) { free(digest); return cm_prefs_sha512; } free(digest); } return cm_prefs_sha256; } static int cm_prefs_compare_ttl_values(const void *a, const void *b) { return *(time_t *)a - *(time_t *) b; } static int cm_prefs_ttls(time_t **config, const time_t **ttls, unsigned int *n_ttls, const char *preferred, const char *fallback) { static time_t default_ttls[] = {CM_DEFAULT_TTL_LIST}; static unsigned int n_config = 0; char *confttls, *p, *q, c; int i; if (*config == NULL) { confttls = cm_prefs_config(NULL, preferred); if (confttls == NULL) { confttls = cm_prefs_config(NULL, fallback); } if (confttls == NULL) { *config = default_ttls; n_config = sizeof(default_ttls) / sizeof(default_ttls[0]); qsort(*config, n_config, sizeof((*config)[0]), &cm_prefs_compare_ttl_values); } else { *config = malloc(strlen(confttls) * sizeof((*config)[0])); if (*config != NULL) { i = 0; p = confttls; while (strcspn(p, " \t,") > 0) { q = p + strcspn(p, " \t,"); c = *q; *q = '\0'; if (cm_submit_u_delta_from_string(p, cm_time(NULL), &(*config)[i]) == 0) { i++; }; *q = c; p = q + strspn(q, " \t,"); } n_config = i; qsort(*config, n_config, sizeof((*config)[0]), &cm_prefs_compare_ttl_values); } free(confttls); } } if (*config != NULL) { *ttls = *config; *n_ttls = n_config; return 0; } return -1; } int cm_prefs_enroll_ttls(const time_t **ttls, unsigned int *n_ttls) { static time_t *config = NULL; return cm_prefs_ttls(&config, ttls, n_ttls, "enroll_ttls", "ttls"); } int cm_prefs_notify_ttls(const time_t **ttls, unsigned int *n_ttls) { static time_t *config = NULL; return cm_prefs_ttls(&config, ttls, n_ttls, "notify_ttls", "ttls"); } enum cm_notification_method cm_prefs_notification_method(void) { char *method; enum cm_notification_method ret; ret = CM_DEFAULT_NOTIFICATION_METHOD; method = cm_prefs_config(NULL, "notification_method"); if (method != NULL) { if (strcasecmp(method, "none") == 0) { ret = cm_notification_none; } if (strcasecmp(method, "syslog") == 0) { ret = cm_notification_syslog; } if ((strcasecmp(method, "email") == 0) || (strcasecmp(method, "mail") == 0) || (strcasecmp(method, "mailto") == 0)) { ret = cm_notification_email; } if (strcasecmp(method, "stdout") == 0) { ret = cm_notification_stdout; } if (strcasecmp(method, "command") == 0) { ret = cm_notification_command; } free(method); } return ret; } const char * cm_prefs_notification_destination(void) { static const char *destination; if (destination == NULL) { destination = cm_prefs_config(NULL, "notification_destination"); if (destination == NULL) { destination = CM_DEFAULT_NOTIFICATION_SYSLOG_PRIORITY; } } return destination; } const char * cm_prefs_default_ca(void) { static const char *ca; if (ca == NULL) { ca = cm_prefs_config(NULL, "default_ca"); } return ca; } const char * cm_prefs_selfsign_validity_period(void) { static const char *period; if (period == NULL) { period = cm_prefs_config("selfsign", "validity_period"); if (period == NULL) { period = CM_DEFAULT_CERT_LIFETIME; } } return period; } const char * cm_prefs_local_validity_period(void) { static const char *period; if (period == NULL) { period = cm_prefs_config("local", "validity_period"); if (period == NULL) { period = cm_prefs_config("selfsign", "validity_period"); if (period == NULL) { period = CM_DEFAULT_CERT_LIFETIME; } } } return period; } static const char * yes_words[] = {"yes", "y", "true", "t", "1"}; static const char * no_words[] = {"no", "n", "false", "f", "0"}; static int cm_prefs_yesno(const char *val) { unsigned int i; if (val != NULL) { for (i = 0; i < sizeof(yes_words) / sizeof(yes_words[0]); i++) { if (strcasecmp(yes_words[i], val) == 0) { return 1; } } for (i = 0; i < sizeof(no_words) / sizeof(no_words[0]); i++) { if (strcasecmp(no_words[i], val) == 0) { return 0; } } } return -1; } int cm_prefs_populate_unique_id(void) { static int populate = -1; if (populate == -1) { const char *val; val = cm_prefs_config("selfsign", "populate_unique_id"); if (val == NULL) { val = CM_DEFAULT_POPULATE_UNIQUE_ID; } if (val != NULL) { populate = cm_prefs_yesno(val); } } return populate != -1 ? populate : 0; } int cm_prefs_monitor(void) { /* The documented hard-coded default is to try. */ return 1; } int cm_prefs_autorenew(void) { /* The documented hard-coded default is to try. */ return 1; } const char * cm_prefs_dogtag_ee_url(void) { static const char *url; #if 0 if (url == NULL) { url = cm_prefs_config("dogtag", "ee_url"); } #endif return url; } const char * cm_prefs_dogtag_agent_url(void) { static const char *url; #if 0 if (url == NULL) { url = cm_prefs_config("dogtag", "agent_url"); } #endif return url; } const char * cm_prefs_dogtag_profile(void) { static const char *profile; #if 0 if (profile == NULL) { profile = cm_prefs_config("dogtag", "profile"); } #endif return profile; } int cm_prefs_dogtag_renew(void) { static int prefer = -1; #if 0 if (prefer == -1) { prefer = cm_prefs_yesno(cm_prefs_config("dogtag", "prefer_renewal")); } #endif return (prefer != -1) ? (prefer != 0) : TRUE; } const char * cm_prefs_dogtag_ca_info(void) { static const char *info; #if 0 if (info == NULL) { info = cm_prefs_config("dogtag", "ca_info"); } #endif return info; } const char * cm_prefs_dogtag_ca_path(void) { static const char *path; #if 0 if (path == NULL) { path = cm_prefs_config("dogtag", "ca_path"); } #endif return path; } const char * cm_prefs_dogtag_ssldir(void) { static const char *dbdir; #if 0 if (dbdir == NULL) { dbdir = cm_prefs_config("dogtag", "nss_dbdir"); } #endif return dbdir; } const char * cm_prefs_dogtag_sslcert(void) { static const char *cert; #if 0 if (cert == NULL) { cert = cm_prefs_config("dogtag", "ssl_certificate"); if (cert == NULL) { cert = cm_prefs_config("dogtag", "nss_nickname"); } } #endif return cert; } const char * cm_prefs_dogtag_sslkey(void) { static const char *key; #if 0 if (key == NULL) { key = cm_prefs_config("dogtag", "ssl_key"); } #endif return key; } const char * cm_prefs_dogtag_sslpinfile(void) { static const char *pinfile; #if 0 if (pinfile == NULL) { pinfile = cm_prefs_config("dogtag", "ssl_pinfile"); } #endif return pinfile; } enum cm_key_algorithm cm_prefs_preferred_key_algorithm(void) { char *keytype; keytype = cm_prefs_config(NULL, "key_type"); if (keytype != NULL) { if (strcasecmp(keytype, "RSA") == 0) { free(keytype); return cm_key_rsa; } #ifdef CM_ENABLE_DSA else if (strcasecmp(keytype, "DSA") == 0) { free(keytype); return cm_key_dsa; } #endif #ifdef CM_ENABLE_EC else if ((strcasecmp(keytype, "ECDSA") == 0) || (strcasecmp(keytype, "EC") == 0)) { free(keytype); return cm_key_rsa; } #endif } return CM_DEFAULT_PUBKEY_TYPE; } int cm_prefs_preferred_rsa_key_size(void) { char *keysize; keysize = cm_prefs_config(NULL, "rsa_key_size"); int size = CM_DEFAULT_PUBKEY_SIZE; if (keysize != NULL) { size = atoi(keysize); if ((size == 0) || (size < CM_MINIMUM_RSA_KEY_SIZE)) { size = CM_DEFAULT_PUBKEY_SIZE; } free(keysize); } return size; } const char * cm_prefs_nss_ca_trust(void) { static const char *trust; if (trust == NULL) { trust = cm_prefs_config(NULL, "nss_ca_trust"); } return trust; } const char * cm_prefs_nss_other_trust(void) { static const char *trust; if (trust == NULL) { trust = cm_prefs_config(NULL, "nss_other_trust"); } return trust; } long long prefs_key_end_of_life(time_t ref) { const char *cfg; time_t tmp; tmp = -1; cfg = cm_prefs_config(NULL, "max_key_lifetime"); if (cfg != NULL) { if (cm_submit_u_delta_from_string(cfg, ref, &tmp) == 0) { return tmp; } } return -1; } long prefs_max_key_use_count(void) { static long count = -2; long tmp; const char *cfg; char *p; if (count == -2) { count = -1; cfg = cm_prefs_config(NULL, "max_key_use_count"); if (cfg != NULL) { tmp = strtol(cfg, &p, 10); if ((p != NULL) && (*p == '\0')) { count = tmp; } } } return count; } int cm_prefs_scep_password_otp(void) { static int populate = -1; if (populate == -1) { const char *val; val = cm_prefs_config("scep", "challenge_password_otp"); if (val == NULL) { val = "no"; } populate = cm_prefs_yesno(val); } return populate != -1 ? populate : 0; } certmonger-0.79.19/src/prefs.h0000644000175000017500000000474614511314133015524 0ustar gitgit00000000000000/* * Copyright (C) 2010,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmprefs_h #define cmprefs_h #include enum cm_prefs_cipher { cm_prefs_aes128, cm_prefs_aes192, cm_prefs_aes256, cm_prefs_des3, cm_prefs_des, /* This is for the selection logic */ cm_prefs_nocipher, }; enum cm_prefs_digest { cm_prefs_sha256, cm_prefs_sha384, cm_prefs_sha512, cm_prefs_sha1, cm_prefs_md5, /* This is for the selection logic */ cm_prefs_nodigest, }; enum cm_notification_method; enum cm_key_storage_type; enum cm_cert_storage_type; enum cm_key_algorithm cm_prefs_preferred_key_algorithm(void); int cm_prefs_preferred_rsa_key_size(void); enum cm_prefs_cipher cm_prefs_preferred_cipher(void); enum cm_prefs_digest cm_prefs_preferred_digest(void); int cm_prefs_notify_ttls(const time_t **ttls, unsigned int *n_ttls); int cm_prefs_enroll_ttls(const time_t **ttls, unsigned int *n_ttls); enum cm_notification_method cm_prefs_notification_method(void); const char *cm_prefs_notification_destination(void); const char *cm_prefs_default_ca(void); const char *cm_prefs_selfsign_validity_period(void); const char *cm_prefs_local_validity_period(void); int cm_prefs_monitor(void); int cm_prefs_autorenew(void); int cm_prefs_populate_unique_id(void); const char *cm_prefs_nss_ca_trust(void); const char *cm_prefs_nss_other_trust(void); const char *cm_prefs_dogtag_ee_url(void); const char *cm_prefs_dogtag_agent_url(void); const char *cm_prefs_dogtag_profile(void); int cm_prefs_dogtag_renew(void); const char *cm_prefs_dogtag_ca_info(void); const char *cm_prefs_dogtag_ca_path(void); const char *cm_prefs_dogtag_ssldir(void); const char *cm_prefs_dogtag_sslcert(void); const char *cm_prefs_dogtag_sslkey(void); const char *cm_prefs_dogtag_sslpinfile(void); long long prefs_key_end_of_life(time_t ref); long prefs_max_key_use_count(void); int cm_prefs_scep_password_otp(void); #endif certmonger-0.79.19/src/scep-o.c0000644000175000017500000000353614511314133015562 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include "scep-o.h" int cm_scep_o_get_msgtype_nid(void) { static int nid = -1; if (nid == -1) { nid = OBJ_create("2.16.840.1.113733.1.9.2", "scep-messageType", "id-scep-messageType"); } return nid; } int cm_scep_o_get_pkistatus_nid(void) { static int nid = -1; if (nid == -1) { nid = OBJ_create("2.16.840.1.113733.1.9.3", "scep-pkiStatus", "id-scep-pkiStatus"); } return nid; } int cm_scep_o_get_failinfo_nid(void) { static int nid = -1; if (nid == -1) { nid = OBJ_create("2.16.840.1.113733.1.9.4", "scep-failInfo", "id-scep-failInfo"); } return nid; } int cm_scep_o_get_sender_nonce_nid(void) { static int nid = -1; if (nid == -1) { nid = OBJ_create("2.16.840.1.113733.1.9.5", "scep-senderNonce", "id-scep-senderNonce"); } return nid; } int cm_scep_o_get_recipient_nonce_nid(void) { static int nid = -1; if (nid == -1) { nid = OBJ_create("2.16.840.1.113733.1.9.6", "scep-recipientNonce", "id-scep-recipientNonce"); } return nid; } int cm_scep_o_get_tx_nid(void) { static int nid = -1; if (nid == -1) { nid = OBJ_create("2.16.840.1.113733.1.9.7", "scep-transId", "id-scep-transId"); } return nid; } certmonger-0.79.19/src/scep-o.h0000644000175000017500000000171414511314133015563 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmscepo_h #define cmscepo_h int cm_scep_o_get_msgtype_nid(void); int cm_scep_o_get_pkistatus_nid(void); int cm_scep_o_get_failinfo_nid(void); int cm_scep_o_get_sender_nonce_nid(void); int cm_scep_o_get_recipient_nonce_nid(void); int cm_scep_o_get_tx_nid(void); #endif certmonger-0.79.19/src/scep.c0000644000175000017500000010770014511314133015324 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2016 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "pkcs7.h" #include "prefs.h" #include "scep.h" #include "store.h" #include "submit-e.h" #include "submit-h.h" #include "submit-u.h" #include "util.h" #include "util-m.h" #include "util-o.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif #define OP_GET_CA_CAPS "GetCACaps" #define OP_GET_CA_CERT "GetCACert" #define OP_GET_INITIAL_CERT "PKIOperation" #define OP_PKCSREQ "PKIOperation" enum known_ops { op_unset, op_get_ca_caps, op_get_ca_certs, op_get_cert_initial, op_pkcsreq, }; static int cert_cmp(X509 *x, char *candidate) { X509 *c; BIO *in; int ret = 1; in = BIO_new_mem_buf(candidate, -1); if (in != NULL) { c = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (c != NULL) { ret = X509_cmp(x, c); X509_free(c); } } return ret; } static int cert_among(char *needle, char *candidate1, char *candidate2, char **haystack) { X509 *n; BIO *in; int ret = 1, i; in = BIO_new_mem_buf(needle, -1); if (in != NULL) { n = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (candidate1 != NULL) { ret = cert_cmp(n, candidate1); if (ret == 0) { X509_free(n); return ret; } } if (candidate2 != NULL) { ret = cert_cmp(n, candidate2); if (ret == 0) { X509_free(n); return ret; } } for (i = 0; (haystack != NULL) && (haystack[i] != NULL); i++) { ret = cert_cmp(n, haystack[i]); if (ret == 0) { X509_free(n); return ret; } } if (n != NULL) { X509_free(n); } } return ret; } static int check_capability(const char *list, size_t list_length, const char *capability) { const char *p, *q, *r, *n; char *tmp; p = list; cm_log(1, "Checking server capabilities list for \"%s\"", capability); while (p < list + list_length) { /* Skip any blank lines. */ while ((p < list + list_length) && (strchr("\r\n", *p) != NULL)) { p++; } /* Find either the end of this line, or the buffer. */ n = memchr(p, '\n', (list + list_length) - p); r = memchr(p, '\r', (list + list_length) - p); if (n == NULL) { q = r; } else if (r == NULL) { q = n; } else { if (r < n) { q = r; } else { q = n; } } if (q == NULL) { q = list + list_length; } if (q < p) { /* should never happen */ break; } /* If the length is right, check for a match. */ if (((size_t)(q - p)) == strlen(capability)) { tmp = malloc(q - p + 1); if (tmp != NULL) { memcpy(tmp, capability, q - p); tmp[q - p] = '\0'; if (strcasecmp(tmp, capability) == 0) { free(tmp); cm_log(1, " found it.\n"); return 1; } free(tmp); } } /* Prepare to move to the next line. */ p = q; } /* Out of data, and no match. */ cm_log(1, " not found.\n"); return 0; } int main(int argc, const char **argv) { const char *url = NULL, *results = NULL, *results2 = NULL; struct cm_submit_h_context *hctx = NULL; int c, verbose = 0, results_length = 0, results_length2 = 0, i; int prefer_non_renewal = 0, can_renewal = 0; int response_code = 0, response_code2 = 0; enum known_ops op = op_unset; char *id = NULL; const char *cainfo = NULL; char *message = NULL, *rekey_message = NULL; const char *mode = NULL, *content_type = NULL, *content_type2 = NULL; void *ctx; char *params = "", *params2 = NULL, *racert = NULL, *cacert = NULL; char **certothers = NULL, *certleaf = NULL, *certtop = NULL, *certs = NULL; char **racertp, **cacertp, *dracert = NULL, *dcacert = NULL; char buf[LINE_MAX] = ""; const unsigned char **buffers = NULL; size_t n_buffers = 0, *lengths = NULL, j; const char *root[3], **othercerts; dbus_bool_t missing_args = FALSE; char *sent_tx, *tx, *msgtype, *pkistatus, *failinfo, *s, *tmp1, *tmp2; unsigned char *sent_nonce, *sender_nonce, *recipient_nonce, *payload; const unsigned char *u; size_t sent_nonce_length, sender_nonce_length, recipient_nonce_length; size_t payload_length; long error; PKCS7 *p7; int rval = CM_SUBMIT_STATUS_UNCONFIGURED; poptContext pctx = NULL; struct poptOption popts[] = { {"url", 'u', POPT_ARG_STRING, &url, 0, "service location", "URL"}, {"ca-identifier", 'i', POPT_ARG_STRING, &id, 0, "name to use when querying for capabilities", "IDENTIFIER"}, {"retrieve-ca-capabilities", 'c', POPT_ARG_NONE, NULL, 'c', "make a GetCACaps request", NULL}, {"retrieve-ca-certificates", 'C', POPT_ARG_NONE, NULL, 'C', "make GetCACert request", NULL}, {"get-initial-cert", 'g', POPT_ARG_NONE, NULL, 'g', "send a PKIOperation pkiMessage", NULL}, {"pki-message", 'p', POPT_ARG_NONE, NULL, 'p', "send a PKIOperation pkiMessage", NULL}, {"racert", 'r', POPT_ARG_STRING, NULL, 'r', "the RA certificate, used for encrypting requests", "FILENAME"}, {"cacert", 'R', POPT_ARG_STRING, NULL, 'R', "the CA certificate, used for verifying TLS connections", "FILENAME"}, {"other-certs", 'I', POPT_ARG_STRING, NULL, 'I', "additional certificates", "FILENAME"}, {"signingca", 'N', POPT_ARG_STRING, NULL, 'N', "the CA certificate which signed the RA certificate", "FILENAME"}, {"non-renewal", 'n', POPT_ARG_NONE, &prefer_non_renewal, 0, "prefer to not use the SCEP Renewal feature", NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; util_o_init(); ERR_load_crypto_strings(); id = getenv(CM_SUBMIT_SCEP_CA_IDENTIFIER_ENV); if (id == NULL) { id = "0"; } racert = getenv(CM_SUBMIT_SCEP_RA_CERTIFICATE_ENV); cacert = getenv(CM_SUBMIT_SCEP_CA_CERTIFICATE_ENV); certs = getenv(CM_SUBMIT_SCEP_CERTIFICATES_ENV); mode = getenv(CM_SUBMIT_OPERATION_ENV); if (mode != NULL) { if (strcasecmp(mode, CM_OP_SUBMIT) == 0) { op = op_pkcsreq; message = getenv(CM_SUBMIT_SCEP_PKCSREQ_REKEY_ENV); if (message == NULL) { message = getenv(CM_SUBMIT_SCEP_PKCSREQ_ENV); } else { rekey_message = getenv(CM_SUBMIT_SCEP_PKCSREQ_ENV); } } else if (strcasecmp(mode, CM_OP_POLL) == 0) { op = op_get_cert_initial; message = getenv(CM_SUBMIT_SCEP_PKCSREQ_REKEY_ENV); if (message == NULL) { message = getenv(CM_SUBMIT_SCEP_PKCSREQ_ENV); } else { rekey_message = getenv(CM_SUBMIT_SCEP_PKCSREQ_ENV); } } else if (strcasecmp(mode, CM_OP_FETCH_SCEP_CA_CERTS) == 0) { op = op_get_ca_certs; } else if (strcasecmp(mode, CM_OP_FETCH_SCEP_CA_CAPS) == 0) { op = op_get_ca_caps; } else if ((strcasecmp(mode, CM_OP_FETCH_ENROLL_REQUIREMENTS) == 0) || (strcasecmp(mode, CM_OP_FETCH_RENEWAL_REQUIREMENTS) == 0)) { printf("%s\n", CM_SUBMIT_SCEP_RA_CERTIFICATE_ENV); printf("%s\n", CM_SUBMIT_SCEP_CA_CERTIFICATE_ENV); printf("%s\n", CM_SUBMIT_SCEP_PKCSREQ_ENV); printf("%s\n", CM_SUBMIT_SCEP_PKCSREQ_REKEY_ENV); printf("%s\n", CM_SUBMIT_SCEP_GETCERTINITIAL_ENV); printf("%s\n", CM_SUBMIT_SCEP_GETCERTINITIAL_REKEY_ENV); return CM_SUBMIT_STATUS_ISSUED; } else if (strcasecmp(mode, CM_OP_IDENTIFY) == 0) { printf("SCEP (%s %s)\n", PACKAGE_NAME, PACKAGE_VERSION); return CM_SUBMIT_STATUS_ISSUED; } else { /* unsupported request */ return CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } } #ifdef ENABLE_NLS bindtextdomain(PACKAGE, MYLOCALEDIR); #endif pctx = poptGetContext(argv[0], argc, argv, popts, 0); if (pctx == NULL) { return CM_SUBMIT_STATUS_UNCONFIGURED; } poptSetOtherOptionHelp(pctx, "[options] [pkiMessage file]"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'v': verbose++; break; case 'c': op = op_get_ca_caps; break; case 'C': op = op_get_ca_certs; break; case 'g': op = op_get_cert_initial; break; case 'p': op = op_pkcsreq; break; case 'r': racert = cm_submit_u_from_file(poptGetOptArg(pctx)); break; case 'R': cainfo = poptGetOptArg(pctx); break; case 'N': cacert = cm_submit_u_from_file(poptGetOptArg(pctx)); break; case 'I': certs = cm_submit_u_from_file(poptGetOptArg(pctx)); break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } umask(S_IRWXG | S_IRWXO); if (isatty(STDERR_FILENO)) cm_log_set_method(cm_log_stderr); else cm_log_set_method(cm_log_syslog); cm_log_set_level(verbose); ctx = talloc_new(NULL); if (url == NULL) { printf(_("No SCEP URL (-u) given, and no default known.\n")); missing_args = TRUE; } if (op == op_unset) { printf(_("No SCEP operation (-c/-C/-g/-p) given, and no default known.\n")); missing_args = TRUE; } id = cm_submit_u_url_encode(id); /* Format the first (or only) HTTP request's parameters. */ switch (op) { case op_unset: missing_args = TRUE; break; case op_get_ca_caps: /* Only step: read capabilities for the daemon. */ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); break; case op_get_ca_certs: /* First step: get the root certificate. */ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id); break; case op_get_cert_initial: if ((racert == NULL) || (strlen(racert) == 0)) { printf(_("No RA certificate (-r) given, and no default known.\n")); missing_args = TRUE; } else { /* Check that we at least have a message to send. */ if ((message == NULL) || (strlen(message) == 0)) { if (poptPeekArg(pctx) != NULL) { message = cm_submit_u_from_file(poptGetArg(pctx)); if ((message == NULL) || (strlen(message) == 0)) { printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n")); rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; goto done; } } else { rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; goto done; } } /* First step: read capabilities for our use. */ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); } break; case op_pkcsreq: if ((racert == NULL) || (strlen(racert) == 0)) { printf(_("No RA certificate (-r) given, and no default known.\n")); missing_args = TRUE; } else { /* Check that we at least have a message to send. */ if ((message == NULL) || (strlen(message) == 0)) { if (poptPeekArg(pctx) != NULL) { message = cm_submit_u_from_file(poptGetArg(pctx)); if ((message == NULL) || (strlen(message) == 0)) { printf(_("Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n")); rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; goto done; } } else { rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; goto done; } } /* First step: read capabilities for our use. */ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); } break; } /* Supply help output, if it's needed. */ if (missing_args) { poptPrintUsage(pctx, stdout, 0); rval = CM_SUBMIT_STATUS_UNCONFIGURED; goto done; } /* Check the rekey PKCSReq message, if we have one. */ if ((rekey_message != NULL) && (strlen(rekey_message) != 0)) { tmp1 = cm_submit_u_base64_from_text(rekey_message); tmp2 = cm_store_base64_as_bin(ctx, tmp1, -1, &c); i = cm_pkcs7_verify_signed((unsigned char *) tmp2, c, NULL, NULL, NID_pkcs7_data, ctx, NULL, NULL, &msgtype, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (i != 0) { log_pkcs7_errors(0, "Error: failed to verify signature on " "rekey PKCSReq.\n"); } if ((msgtype == NULL) || ((strcmp(msgtype, SCEP_MSGTYPE_PKCSREQ) != 0) && (strcmp(msgtype, SCEP_MSGTYPE_GETCERTINITIAL) != 0))) { if (msgtype == NULL) { fprintf(stderr, _("Warning: request is neither " "a PKCSReq nor a " "GetInitialCert request.\n")); } else { fprintf(stderr, _("Warning: request type \"%s\"" "is neither a PKCSReq nor a " "GetInitialCert request.\n"), msgtype); } } } /* Now, check the regular single-key message, and pick up the * transaction ID and nonce from it. */ if ((message != NULL) && (strlen(message) != 0)) { tmp1 = cm_submit_u_base64_from_text(message); tmp2 = cm_store_base64_as_bin(ctx, tmp1, -1, &c); i = cm_pkcs7_verify_signed((unsigned char *) tmp2, c, NULL, NULL, NID_pkcs7_data, ctx, NULL, &sent_tx, &msgtype, NULL, NULL, &sent_nonce, &sent_nonce_length, NULL, NULL, NULL, NULL); if (i != 0) { log_pkcs7_errors(0, "Error: failed to verify signature on " "message.\n"); } if ((msgtype == NULL) || ((strcmp(msgtype, SCEP_MSGTYPE_PKCSREQ) != 0) && (strcmp(msgtype, SCEP_MSGTYPE_GETCERTINITIAL) != 0))) { if (msgtype == NULL) { fprintf(stderr, _("Warning: request is neither " "a PKCSReq nor a " "GetInitialCert request.\n")); } else { fprintf(stderr, _("Warning: request type \"%s\"" "is neither a PKCSReq nor a " "GetInitialCert request.\n"), msgtype); } } if (sent_tx == NULL) { fprintf(stderr, _("Warning: request is missing " "transactionId.\n")); } if (sent_nonce == NULL) { fprintf(stderr, _("Warning: request is missing " "senderNonce.\n")); } } else { sent_tx = NULL; sent_nonce = NULL; sent_nonce_length = 0; } /* Submit the first request. */ hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL, NULL, cainfo, NULL, NULL, NULL, NULL, cm_submit_h_negotiate_off, cm_submit_h_delegate_off, cm_submit_h_clientauth_off, cm_submit_h_env_modify_off, verbose > 1 ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); cm_submit_h_run(hctx); content_type = cm_submit_h_result_type(hctx); if (content_type == NULL) { content_type = ""; } response_code = cm_submit_h_response_code(hctx); if (verbose > 0) { fprintf(stderr, "%s \"%s?%s\"\n", "GET", url, params); fprintf(stderr, "response_code = %d\n", response_code); fprintf(stderr, "content-type = \"%s\"\n", content_type); fprintf(stderr, "code = %d\n", cm_submit_h_result_code(hctx)); fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx)); syslog(LOG_DEBUG, "%s %s?%s\n", "GET", url, params); } results = cm_submit_h_results(hctx, &results_length); if (verbose > 0) { fprintf(stderr, "results = \"%s\"\n", cm_store_base64_from_bin(ctx, (const unsigned char *) results, results_length)); syslog(LOG_DEBUG, "%s", cm_store_base64_from_bin(ctx, (const unsigned char *) results, results_length)); } /* Format a possible second HTTP request's parameters. */ switch (op) { case op_unset: abort(); /* never reached */ break; case op_get_ca_caps: case op_get_ca_certs: /* nothing to do here */ params2 = NULL; break; case op_get_cert_initial: /* Step two: actually poll. If we have multiple messages which * we can use, decide which one to use. */ can_renewal = check_capability(results, results_length, "Renewal"); if (can_renewal && !prefer_non_renewal && (rekey_message != NULL)) { tmp2 = rekey_message; } else { tmp2 = message; } if ((tmp2 == NULL) || (strlen(tmp2) == 0)) { printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n")); rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; goto done; } else if (verbose > 0) { if (tmp2 == rekey_message) { fprintf(stderr, "Using rekeying message.\n"); } else { fprintf(stderr, "Using non-rekeying message.\n"); } } tmp1 = cm_submit_u_base64_from_text(tmp2); tmp2 = cm_submit_u_url_encode(tmp1); params2 = talloc_asprintf(ctx, "operation=" OP_GET_INITIAL_CERT "&message=%s", tmp2); break; case op_pkcsreq: /* Step two: actually request a certificate. If we have * multiple messages which we can use, decide which one to use * to make the request. */ can_renewal = check_capability(results, results_length, "Renewal"); if (can_renewal && !prefer_non_renewal && (rekey_message != NULL)) { tmp2 = rekey_message; } else { tmp2 = message; } if ((tmp2 == NULL) || (strlen(tmp2) == 0)) { printf(_("Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n")); rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; goto done; } else if (verbose > 0) { if (tmp2 == rekey_message) { fprintf(stderr, "Using rekeying message.\n"); } else { fprintf(stderr, "Using non-rekeying message.\n"); } } tmp1 = cm_submit_u_base64_from_text(tmp2); tmp2 = cm_submit_u_url_encode(tmp1); params2 = talloc_asprintf(ctx, "operation=" OP_PKCSREQ "&message=%s", tmp2); break; } /* Submit a second HTTP request if we have one to make. */ if (params2 != NULL) { hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, cm_submit_h_negotiate_off, cm_submit_h_delegate_off, cm_submit_h_clientauth_off, cm_submit_h_env_modify_off, verbose > 1 ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); cm_submit_h_run(hctx); content_type2 = cm_submit_h_result_type(hctx); if (content_type2 == NULL) { content_type2 = ""; } response_code2 = cm_submit_h_response_code(hctx); if (verbose > 0) { fprintf(stderr, "%s \"%s?%s\"\n", "GET", url, params2); fprintf(stderr, "response_code = %d\n", response_code2); fprintf(stderr, "content-type = \"%s\"\n", content_type2); fprintf(stderr, "code = %d\n", cm_submit_h_result_code(hctx)); fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx)); syslog(LOG_DEBUG, "%s %s?%s\n", "GET", url, params2); } results2 = cm_submit_h_results(hctx, &results_length2); if (verbose > 0) { fprintf(stderr, "results = \"%s\"\n", cm_store_base64_from_bin(ctx, (const unsigned char *) results2, results_length2)); syslog(LOG_DEBUG, "%s", cm_store_base64_from_bin(ctx, (const unsigned char *) results2, results_length2)); } } /* Figure out what to output. */ if (cm_submit_h_result_code(hctx) != 0) { if (cm_submit_h_result_code_text(hctx) != NULL) { printf(_("Error %d connecting to %s: %s.\n"), cm_submit_h_result_code(hctx), url, cm_submit_h_result_code_text(hctx)); } else { printf(_("Error %d connecting to %s.\n"), cm_submit_h_result_code(hctx), url); } rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } switch (op) { case op_unset: abort(); break; case op_get_ca_caps: case op_get_ca_certs: if (response_code != 200) { printf(_("Got response code %d from %s, not 200.\n"), response_code, url); if (response_code == 500) { /* The server might recover, right? */ rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } else { /* Maybe not? */ rval = CM_SUBMIT_STATUS_REJECTED; goto done; } } if (results == NULL) { printf(_("Internal error: no response to \"%s?%s\".\n"), url, params); rval = CM_SUBMIT_STATUS_REJECTED; goto done; } break; case op_get_cert_initial: case op_pkcsreq: /* ignore an error status */ break; } switch (op) { case op_unset: abort(); /* never reached */ break; case op_get_ca_caps: if (results_length > 1024) { /* This is a guess at a reasonable maximum size for a * result that isn't just some random page being served * up at the location we queried. The spec says we * can't make any assumptions about the content-type, * so this is the best we can do to avoid trying to * parse a pile of HTML as a capabilities list. */ if (verbose > 0) { fprintf(stderr, "Result is surprisingly large, " "suppressing it.\n"); } rval = CM_SUBMIT_STATUS_REJECTED; goto done; } printf("%s\n", results); rval = CM_SUBMIT_STATUS_ISSUED; goto done; break; case op_get_ca_certs: if ((strcasecmp(content_type, "application/x-x509-ca-cert") != 0) && (strcasecmp(content_type, "application/x-x509-ca-ra-cert") != 0)) { printf(_("Server reply was of unexpected MIME type " "\"%s\".\n"), content_type); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (racert == NULL) { racertp = &racert; } else { racertp = &dracert; buffers = talloc_realloc(ctx, buffers, const unsigned char *, n_buffers + 1); lengths = talloc_realloc(ctx, lengths, size_t, n_buffers + 1); if ((buffers == NULL) || (lengths == NULL)) { fprintf(stderr, "Out of memory.\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } buffers[n_buffers] = (unsigned char *) racert; lengths[n_buffers] = strlen(racert); n_buffers++; } if (cacert == NULL) { cacertp = &cacert; } else { cacertp = &dcacert; buffers = talloc_realloc(ctx, buffers, const unsigned char *, n_buffers + 1); lengths = talloc_realloc(ctx, lengths, size_t, n_buffers + 1); if ((buffers == NULL) || (lengths == NULL)) { fprintf(stderr, "Out of memory.\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } buffers[n_buffers] = (unsigned char *) cacert; lengths[n_buffers] = strlen(cacert); n_buffers++; } if (results != NULL) { buffers = talloc_realloc(ctx, buffers, const unsigned char *, n_buffers + 1); lengths = talloc_realloc(ctx, lengths, size_t, n_buffers + 1); if ((buffers == NULL) || (lengths == NULL)) { fprintf(stderr, "Out of memory.\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } buffers[n_buffers] = (unsigned char *) results; lengths[n_buffers] = results_length; n_buffers++; } if (results2 != NULL) { buffers = talloc_realloc(ctx, buffers, const unsigned char *, n_buffers + 1); lengths = talloc_realloc(ctx, lengths, size_t, n_buffers + 1); if ((buffers == NULL) || (lengths == NULL)) { fprintf(stderr, "Out of memory.\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } buffers[n_buffers] = (unsigned char *) results2; lengths[n_buffers] = results_length2; n_buffers++; } i = 1; /* If the server handed us one certificate back, then maybe * it's Dogtag, which expects us to walk the list. */ while ((strcmp(id, "0") == 0) && (strcasecmp(content_type, "application/x-x509-ca-cert") == 0)) { if (i > 32) { if (verbose > 0) { fprintf(stderr, "Improbably long " "chain, or bug.\n"); } break; } if (verbose > 0) { fprintf(stderr, "Asking for cert for ID " "\"%d\".\n", i); } params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%d", i++); hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, cm_submit_h_negotiate_off, cm_submit_h_delegate_off, cm_submit_h_clientauth_off, cm_submit_h_env_modify_off, verbose > 1 ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); cm_submit_h_run(hctx); content_type2 = cm_submit_h_result_type(hctx); response_code2 = cm_submit_h_response_code(hctx); if (verbose > 0) { fprintf(stderr, "%s \"%s?%s\"\n", "GET", url, params2); fprintf(stderr, "response_code = %d\n", response_code2); fprintf(stderr, "content-type = \"%s\"\n", content_type2); fprintf(stderr, "code = %d\n", cm_submit_h_result_code(hctx)); fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx)); syslog(LOG_DEBUG, "%s %s?%s\n", "GET", url, params2); } if ((content_type2 != NULL) && (strcasecmp(content_type2, "application/x-x509-ca-cert") != 0)) { if (verbose > 0) { fprintf(stderr, "Content is not " "\"application/x-x509-ca-cert\"" ", done.\n"); } break; } if (response_code2 != 200) { if (verbose > 0) { fprintf(stderr, "Response code " "is not 200, done.\n"); } break; } results2 = cm_submit_h_results(hctx, &results_length2); if (verbose > 0) { fprintf(stderr, "results = \"%s\"\n", results2); syslog(LOG_DEBUG, "%s", results2); } if (results_length2 <= 0) { if (verbose > 0) { fprintf(stderr, "Content is empty, " "done.\n"); } break; } for (j = 0; j < n_buffers; j++) { if ((results_length2 == (int) lengths[j]) && (memcmp(results2, buffers[j], lengths[j]) == 0)) { if (verbose > 0) { fprintf(stderr, "Content is " "a duplicate, done.\n"); } break; } } if (j < n_buffers) { break; } buffers = talloc_realloc(ctx, buffers, const unsigned char *, n_buffers + 1); lengths = talloc_realloc(ctx, lengths, size_t, n_buffers + 1); if ((buffers == NULL) || (lengths == NULL)) { fprintf(stderr, "Out of memory.\n"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } buffers[n_buffers] = (unsigned char *) results2; lengths[n_buffers] = results_length2; n_buffers++; } if (cm_pkcs7_parsev(CM_PKCS7_LEAF_PREFER_ENCRYPT, ctx, racertp, cacertp, &certothers, NULL, NULL, n_buffers, buffers, lengths) == 0) { if (racert != NULL) { printf("%s", racert); if (cacert != NULL) { printf("%s", cacert); if (certothers != NULL) { for (c = 0; certothers[c] != NULL; c++) { printf("%s", certothers[c]); } } if ((dracert != NULL) && (cert_among(dracert, racert, cacert, certothers) != 0)) { printf("%s", dracert); } if ((dcacert != NULL) && (cert_among(dcacert, racert, cacert, certothers) != 0)) { printf("%s", dcacert); } } } rval = CM_SUBMIT_STATUS_ISSUED; goto done; } else { rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } break; case op_get_cert_initial: case op_pkcsreq: if ((content_type2 != NULL) && (strcasecmp(content_type2, "application/x-pki-message") == 0)) { /* * At this point, we have: * - zero or more ra certs; and * - zero or more ca certificates; and * - zero or more other certificates; that * need to be reordered so that the leaf * certificates go first, the ca certificates * are separated into a seperate certificate * store, and the other certificates go after * the leaf certificates. * * To do this we put cacert into the ca store, * the racert at the top of the othercerts list. * Then we parse certs, placing all ca certs * we find into the ca store, and all other * certs we find after the racert. * * As a limitation of cm_pkcs7_parse(), we * can only isolate one ca certificate in the * list of other certificates. */ /* handle the other certs */ if ((certs != NULL) && (cm_pkcs7_parse(0, ctx, &certleaf, &certtop, &certothers, NULL, NULL, (const unsigned char *) certs, strlen(certs), NULL) == 0)) { /* Special case for IPA which uses dogtag which signs SCEP * certs using the CA cert and the typical way to get * verification to work is to use -I /etc/ipa/ca.crt. * Because cm_pkcs7_parse explicitly doesn't allow * certleaf to equal certtop we end up with no CAs so verification * fails. * * So if cacert and certleaf are both NULL and certtop is * self-signed then assume the IPA case and set certtop equal * to certleaf. */ if ((cacert == NULL) && (certtop == NULL) && (certleaf != NULL)) { if (cm_selfsigned(certleaf) == 0) { certtop = certleaf; } } memset(&root, 0, sizeof(root)); root[0] = cacert ? cacert : certtop ? certtop : NULL; root[1] = cacert ? certtop : NULL; root[2] = NULL; for (c = 0; (certothers != NULL) && (certothers[c] != NULL); c++) { continue; } othercerts = talloc_array_ptrtype(ctx, othercerts, c + 3); c = 0; if (racert != NULL) { othercerts[c++] = racert; } if (certleaf != NULL) { othercerts[c++] = certleaf; } while (certothers != NULL && *certothers != NULL) { othercerts[c++] = *certothers++; } othercerts[c++] = NULL; } else { root[0] = cacert; root[1] = NULL; othercerts = talloc_array_ptrtype(ctx, othercerts, 2); othercerts[0] = racert ? racert : NULL; othercerts[1] = NULL; } ERR_clear_error(); i = cm_pkcs7_verify_signed((unsigned char *) results2, results_length2, root, othercerts, NID_pkcs7_data, ctx, NULL, &tx, &msgtype, &pkistatus, &failinfo, &sender_nonce, &sender_nonce_length, &recipient_nonce, &recipient_nonce_length, &payload, &payload_length); if (i != 0) { printf(_("Error: failed to verify signature on " "server response. ")); error = ERR_peek_last_error(); if (error != 0) { memset(buf, '\0', sizeof(buf)); ERR_error_string_n(error, buf, sizeof(buf)); printf("%s", buf); } printf("\n"); log_pkcs7_errors(0, "Error: failed to verify signature on " "server response.\n"); s = cm_store_base64_from_bin(ctx, (unsigned char *) results2, results_length2); s = cm_submit_u_pem_from_base64("PKCS7", 0, s); fprintf(stderr, "%s", s); cm_log(1, "%s", s); free(s); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if ((msgtype == NULL) || (strcmp(msgtype, SCEP_MSGTYPE_CERTREP) != 0)) { printf(_("Error: reply was not a CertRep (%s).\n"), msgtype ? msgtype : "none"); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (tx == NULL) { printf(_("Error: reply is missing transactionId.\n")); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (sent_tx != NULL) { if (strcmp(sent_tx, tx) != 0) { printf(_("Error: reply contains a " "different transactionId.\n")); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } } if (pkistatus == NULL) { printf(_("Error: reply is missing pkiStatus.\n")); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (recipient_nonce == NULL) { printf(_("Error: reply is missing recipientNonce.\n")); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (sent_nonce && ((recipient_nonce_length != sent_nonce_length) || (memcmp(recipient_nonce, sent_nonce, sent_nonce_length) != 0))) { printf(_("Error: reply nonce doesn't match request.\n")); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (sender_nonce == NULL) { printf(_("Error: reply is missing senderNonce.\n")); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (strcmp(pkistatus, SCEP_PKISTATUS_PENDING) == 0) { if (verbose > 0) { fprintf(stderr, "SCEP status is \"pending\".\n"); fprintf(stderr, "SCEP doesn't use cookie values, outputting server nonce.\n"); } s = cm_store_base64_from_bin(ctx, sender_nonce, sender_nonce_length); printf("%s\n", s); rval = CM_SUBMIT_STATUS_WAIT; goto done; } else if (strcmp(pkistatus, SCEP_PKISTATUS_FAILURE) == 0) { if (verbose > 0) { fprintf(stderr, "SCEP status is \"failure\".\n"); } if (failinfo == NULL) { printf(_("Unspecified failure at server.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_BAD_ALG) == 0) { printf(_("Unrecognized or unsupported algorithm identifier in client request.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_BAD_MESSAGE_CHECK) == 0) { printf(_("Integrity check of client request failed at server.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_BAD_REQUEST) == 0) { printf(_("Transaction either is not permitted or is not supported by server.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_BAD_TIME) == 0) { printf(_("Clock skew too great.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_UNSUPPORTED_EXT) == 0) { printf(_("Unsupported extension.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_MUST_ARCHIVE_KEYS) == 0) { printf(_("Must archive keys.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_BAD_IDENTITY) == 0) { printf(_("Bad identity.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_POP_REQUIRED) == 0) { printf(_("Proof of possession required.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_POP_FAILED) == 0) { printf(_("Proof of possession failed.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_NO_KEY_REUSE) == 0) { printf(_("No key reuse.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_INTERNAL_CA_ERROR) == 0) { printf(_("Internal CA error.\n")); } else if (strcmp(failinfo, SCEP_FAILINFO_TRY_LATER) == 0) { printf(_("Try later.\n")); } else { printf(_("Server returned failure code \"%s\".\n"), failinfo); } rval = CM_SUBMIT_STATUS_REJECTED; goto done; } else if (strcmp(pkistatus, SCEP_PKISTATUS_SUCCESS) == 0) { if (verbose > 0) { fprintf(stderr, "SCEP status is \"success\".\n"); } u = payload; p7 = d2i_PKCS7(NULL, &u, payload_length); if (p7 == NULL) { printf(_("Error: couldn't parse signed-data.\n")); log_pkcs7_errors(0, "Error: couldn't parse signed-data.\n"); s = cm_store_base64_from_bin(ctx, (unsigned char *) results2, results_length2); s = cm_submit_u_pem_from_base64("PKCS7", 0, s); fprintf(stderr, "Full reply:\n%s", s); free(s); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if (!PKCS7_type_is_enveloped(p7)) { printf(_("Error: signed-data payload is not enveloped-data.\n")); log_pkcs7_errors(0, "Error: signed-data payload is not " "enveloped-data.\n"); s = cm_store_base64_from_bin(ctx, (unsigned char *) results2, results_length2); s = cm_submit_u_pem_from_base64("PKCS7", 0, s); fprintf(stderr, "Full reply:\n%s", s); free(s); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } if ((p7->d.enveloped == NULL) || (p7->d.enveloped->enc_data == NULL) || (p7->d.enveloped->enc_data->content_type == NULL) || (OBJ_obj2nid(p7->d.enveloped->enc_data->content_type) != NID_pkcs7_data)) { printf(_("Error: enveloped-data payload is not data.\n")); log_pkcs7_errors(0, "Error: enveloped-data payload is " "not data.\n"); s = cm_store_base64_from_bin(ctx, (unsigned char *) results2, results_length2); s = cm_submit_u_pem_from_base64("PKCS7", 0, s); fprintf(stderr, "Full reply:\n%s", s); free(s); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } s = cm_store_base64_from_bin(ctx, payload, payload_length); s = cm_submit_u_pem_from_base64("PKCS7", 0, s); printf("%s", s); free(s); rval = CM_SUBMIT_STATUS_ISSUED; goto done; } else { if (verbose > 0) { fprintf(stderr, "SCEP status is \"%s\".\n", pkistatus); } printf(_("Error: pkiStatus \"%s\" not recognized.\n"), pkistatus); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } } else { printf(_("Server reply was of unexpected MIME type " "\"%s\".\n"), content_type); printf("Full reply:\n%.*s", results_length2, results2); rval = CM_SUBMIT_STATUS_UNREACHABLE; goto done; } break; } done: if (pctx) { poptFreeContext(pctx); } free(id); cm_submit_h_cleanup(hctx); talloc_free(ctx); return rval; } certmonger-0.79.19/src/scep.h0000644000175000017500000000311614511314133015325 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmscep_h #define cmscep_h #define SCEP_MSGTYPE_PKCSREQ "19" #define SCEP_MSGTYPE_CERTREP "3" #define SCEP_MSGTYPE_GETCERTINITIAL "20" #define SCEP_MSGTYPE_GETCERT "21" #define SCEP_MSGTYPE_GETCRL "22" #define SCEP_PKISTATUS_SUCCESS "0" #define SCEP_PKISTATUS_FAILURE "2" #define SCEP_PKISTATUS_PENDING "3" #define SCEP_FAILINFO_BAD_ALG "0" #define SCEP_FAILINFO_BAD_MESSAGE_CHECK "1" #define SCEP_FAILINFO_BAD_REQUEST "2" #define SCEP_FAILINFO_BAD_TIME "3" #define SCEP_FAILINFO_BAD_CERT_ID "4" /* These aren't in the drafts that I can find, but Dogtag uses them. */ #define SCEP_FAILINFO_UNSUPPORTED_EXT "5" #define SCEP_FAILINFO_MUST_ARCHIVE_KEYS "6" #define SCEP_FAILINFO_BAD_IDENTITY "7" #define SCEP_FAILINFO_POP_REQUIRED "8" #define SCEP_FAILINFO_POP_FAILED "9" #define SCEP_FAILINFO_NO_KEY_REUSE "10" #define SCEP_FAILINFO_INTERNAL_CA_ERROR "11" #define SCEP_FAILINFO_TRY_LATER "12" #endif certmonger-0.79.19/src/scepgen-int.h0000644000175000017500000000406614511314133016614 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmscepgenint_h #define cmscepgenint_h struct cm_scepgen_state_pvt { /* Check if the SCEP request data is ready. */ int (*ready)(struct cm_scepgen_state *state); /* Get a selectable-for-read descriptor which will either have data or * be closed when status changes. */ int (*get_fd)(struct cm_scepgen_state *state); /* Save the SCEP data to the entry. */ int (*save_scep)(struct cm_scepgen_state *state); /* Check if we need a PIN (or a new PIN) to get at the key material. */ int (*need_pin)(struct cm_scepgen_state *state); /* Check if we need the token to be inserted to get at the key * material. */ int (*need_token)(struct cm_scepgen_state *state); /* Check if we need the server's encryption certs in order to be able * to generate request data. */ int (*need_encryption_certs)(struct cm_scepgen_state *state); /* Check if we need a different key type, because SCEP only works with * RSA keys. */ int (*need_different_key_type)(struct cm_scepgen_state *state); /* Clean up after SCEP request generation. */ void (*done)(struct cm_scepgen_state *state); }; void cm_scepgen_o_cooked(struct cm_store_ca *ca, struct cm_store_entry *entry, unsigned char *nonce, size_t nonce_length, EVP_PKEY *old_pkey, EVP_PKEY *new_pkey, PKCS7 **csr_new, PKCS7 **csr_old, PKCS7 **ias_new, PKCS7 **ias_old); char *cm_scepgen_o_b64_from_p7(void *parent, PKCS7 *p7); #endif certmonger-0.79.19/src/scepgen-n.c0000644000175000017500000003164314511314133016253 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certext.h" #include "keygen.h" #include "keyiread-n.h" #include "log.h" #include "pin.h" #include "pkcs7.h" #include "prefs-n.h" #include "scepgen.h" #include "scepgen-int.h" #include "store.h" #include "store-int.h" #include "submit-o.h" #include "submit-u.h" #include "subproc.h" #include "util-n.h" #include "util-o.h" struct cm_scepgen_state { struct cm_scepgen_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; static void cm_scepgen_n_resign(PKCS7 *p7, SECKEYPrivateKey *privkey) { unsigned char *sabuf = NULL, *u; int salen, l; SECItem signature; SECOidTag digalg, sigalg; PKCS7_SIGNER_INFO *sinfo; STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; if (p7 == NULL) { cm_log(1, "Nothing to resign.\n"); return; } sinfos = PKCS7_get_signer_info(p7); if (sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { cm_log(0, "More than one signer, not sure what to do.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } sinfo = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); salen = ASN1_item_i2d((ASN1_VALUE *)sinfo->auth_attr, NULL, ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); u = sabuf = malloc(salen); if (sabuf == NULL) { cm_log(0, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } /* ASN1_item_i2d doesn't actually modify the passed-in pointer, which * allows it to allocate the memory on its own, but we want to handle * that ourselves. */ l = ASN1_item_i2d((ASN1_VALUE *)sinfo->auth_attr, &u, ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if (l != salen) { cm_log(0, "Error encoding attributes.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } memset(&signature, 0, sizeof(signature)); digalg = cm_submit_n_tag_from_nid(OBJ_obj2nid(sinfo->digest_alg->algorithm)); sigalg = SEC_GetSignatureAlgorithmOidTag(privkey->keyType, digalg); if (sigalg == SEC_OID_UNKNOWN) { cm_log(0, "Unable to match digest algorithm and key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (SEC_SignData(&signature, sabuf, salen, privkey, sigalg) != SECSuccess) { cm_log(0, "Error re-signing: %s.\n", PR_ErrorToName(PORT_GetError())); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } util_ASN1_OCTET_STRING_set(sinfo->enc_digest, signature.data, signature.len); } static int cm_scepgen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { FILE *status; NSSInitContext *ctx; unsigned char nonce[16]; struct cm_keyiread_n_ctx_and_keys *keys; const char *p, *es, *reason; int ec; PKCS7 *csr_new, *csr_old, *ias_new, *ias_old; EVP_PKEY *key; RSA *rsa; BIGNUM *exponent; status = fdopen(fd, "w"); if (status == NULL) { _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (ca->cm_ca_encryption_cert == NULL) { cm_log(0, "Can't generate new SCEP request data without " "the RA/CA encryption certificate.\n"); _exit(CM_SUB_STATUS_NEED_SCEP_DATA); } /* Start up NSS and open the database. */ errno = 0; ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); ec = PORT_GetError(); if (ctx == NULL) { if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { fprintf(status, "Error opening database " "'%s': %s.\n", entry->cm_key_storage_location, es); cm_log(0, "Error opening database '%s': %s.\n", entry->cm_key_storage_location, es); } else { fprintf(status, "Error opening database '%s'.\n", entry->cm_key_storage_location); cm_log(0, "Error opening database '%s'.\n", entry->cm_key_storage_location); } switch (ec) { case PR_NO_ACCESS_RIGHTS_ERROR: /* EACCES or EPERM */ _exit(CM_SUB_STATUS_ERROR_PERMS); break; default: _exit(CM_SUB_STATUS_ERROR_INITIALIZING); break; } } if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(0, "Error shutting down NSS.\n"); _exit(1); } ctx = NSS_InitContext(entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT); if (ctx == NULL) { cm_log(0, "Unable to initialize NSS %s.\n", entry->cm_key_storage_location); _exit(1); } reason = util_n_fips_hook(); if (reason != NULL) { cm_log(0, "Error putting NSS into FIPS mode: %s\n", reason); _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } /* Use a dummy key to sign using OpenSSL. */ cm_log(1, "Generating dummy key.\n"); key = EVP_PKEY_new(); if (key == NULL) { cm_log(0, "Error allocating new key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } exponent = BN_new(); if (exponent == NULL) { cm_log(0, "Error setting up exponent.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } BN_set_word(exponent, CM_DEFAULT_RSA_EXPONENT); rsa = RSA_new(); if (rsa == NULL) { cm_log(0, "Error allocating new RSA key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } retry_gen: if (RSA_generate_key_ex(rsa, CM_DEFAULT_PUBKEY_SIZE, exponent, NULL) != 1) { cm_log(0, "Error generating key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (RSA_check_key(rsa) != 1) { /* should be unnecessary */ cm_log(1, "Key fails checks. Retrying.\n"); goto retry_gen; } BN_free(exponent); /* Read the proper keys. */ keys = cm_keyiread_n_get_keys(entry, 0); if ((keys->privkey->keyType != rsaKey) || ((keys->privkey_next != NULL) && (keys->privkey_next->keyType != rsaKey))) { cm_log(0, "Keys aren't RSA. They won't work with SCEP.\n"); _exit(CM_SUB_STATUS_ERROR_KEY_TYPE); } /* Sign using a dummy key. */ EVP_PKEY_set1_RSA(key, rsa); csr_new = NULL; csr_old = NULL; ias_new = NULL; ias_old = NULL; cm_scepgen_o_cooked(ca, entry, nonce, sizeof(nonce), key, (keys->privkey_next != NULL) ? key : NULL, &csr_new, &csr_old, &ias_new, &ias_old); EVP_PKEY_free(key); /* Re-sign using the proper keys. */ if (csr_old != NULL) { cm_log(1, "Re-signing PKCSREQ message with old key.\n"); cm_scepgen_n_resign(csr_old, keys->privkey); } if (ias_old != NULL) { cm_log(1, "Re-signing GetCertInitial message with old key.\n"); cm_scepgen_n_resign(ias_old, keys->privkey); } if (keys->privkey_next != NULL) { if (csr_new != NULL) { cm_log(1, "Re-signing PKCSREQ rekeying message with " "new key.\n"); cm_scepgen_n_resign(csr_new, keys->privkey_next); } if (ias_new != NULL) { cm_log(1, "Re-signing GetCertInitial rekeying message " "with new key.\n"); cm_scepgen_n_resign(ias_new, keys->privkey_next); } } p = cm_store_base64_from_bin(NULL, nonce, sizeof(nonce)); fprintf(status, "%s:", p ? p : ""); p = csr_old ? cm_scepgen_o_b64_from_p7(NULL, csr_old) : NULL; fprintf(status, "%s:", p ? p : ""); p = ias_old ? cm_scepgen_o_b64_from_p7(NULL, ias_old) : NULL; fprintf(status, "%s:", p ? p : ""); p = csr_new ? cm_scepgen_o_b64_from_p7(NULL, csr_new) : NULL; fprintf(status, "%s:", p ? p : ""); p = ias_new ? cm_scepgen_o_b64_from_p7(NULL, ias_new) : NULL; fprintf(status, "%s:\n", p ? p : ""); fclose(status); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } SECKEY_DestroyPrivateKey(keys->privkey); if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } _exit(0); } /* Check if a SCEP is ready. */ static int cm_scepgen_n_ready(struct cm_scepgen_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_scepgen_n_get_fd(struct cm_scepgen_state *state) { return cm_subproc_get_fd(state->subproc); } static char * make_pem(void *parent, const char *p, size_t len) { char *s, *t; s = talloc_strndup(parent, p, len); if (s != NULL) { t = cm_submit_u_pem_from_base64("PKCS7", 0, s); if (t != NULL) { talloc_free(s); s = talloc_strdup(parent, t); free(t); } } return s; } /* Save the SCEP data to the entry. */ static int cm_scepgen_n_save_scep(struct cm_scepgen_state *state) { int status; const char *p, *q; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { return -1; } talloc_free(state->entry->cm_scep_nonce); talloc_free(state->entry->cm_scep_req); talloc_free(state->entry->cm_scep_gic); talloc_free(state->entry->cm_scep_req_next); talloc_free(state->entry->cm_scep_gic_next); p = cm_subproc_get_msg(state->subproc, NULL); q = p + strcspn(p, ":"); state->entry->cm_scep_nonce = talloc_strndup(state->entry, p, q - p); state->entry->cm_scep_req = NULL; state->entry->cm_scep_gic = NULL; state->entry->cm_scep_req_next = NULL; state->entry->cm_scep_gic_next = NULL; if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_req = make_pem(state->entry, p, q - p); } } if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_gic = make_pem(state->entry, p, q - p); } } if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_req_next = make_pem(state->entry, p, q - p); } } if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_gic_next = make_pem(state->entry, p, q - p); } } return 0; } /* Check if we need a PIN (or a new PIN) to access the key information. */ static int cm_scepgen_n_need_pin(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to access the key information. */ static int cm_scepgen_n_need_token(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Check if we need information about the CA in order to generate data. */ static int cm_scepgen_n_need_encryption_certs(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_NEED_SCEP_DATA)) { return 0; } return -1; } /* Check if we need a different key type (which is probably RSA). */ static int cm_scepgen_n_need_different_key_type(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_KEY_TYPE)) { return 0; } return -1; } /* Clean up after SCEP generation. */ static void cm_scepgen_n_done(struct cm_scepgen_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start SCEP request data generation using template information in the entry. * */ struct cm_scepgen_state * cm_scepgen_n_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { struct cm_scepgen_state *state; state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = &cm_scepgen_n_ready; state->pvt.get_fd = &cm_scepgen_n_get_fd; state->pvt.save_scep = &cm_scepgen_n_save_scep; state->pvt.need_pin = &cm_scepgen_n_need_pin; state->pvt.need_token = &cm_scepgen_n_need_token; state->pvt.need_encryption_certs = &cm_scepgen_n_need_encryption_certs; state->pvt.need_different_key_type = &cm_scepgen_n_need_different_key_type; state->pvt.done = &cm_scepgen_n_done; state->entry = entry; state->subproc = cm_subproc_start(cm_scepgen_n_main, state, ca, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/scepgen-o.c0000644000175000017500000006562314511314133016261 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certext.h" #include "keygen.h" #include "log.h" #include "pin.h" #include "pkcs7.h" #include "prefs-o.h" #include "scep.h" #include "scep-o.h" #include "scepgen.h" #include "scepgen-int.h" #include "store.h" #include "store-int.h" #include "submit-u.h" #include "subproc.h" #include "util-o.h" struct cm_scepgen_state { struct cm_scepgen_state_pvt pvt; struct cm_store_entry *entry; struct cm_subproc_state *subproc; }; static EVP_PKEY * key_from_file(const char *filename, struct cm_store_entry *entry) { char buf[LINE_MAX]; struct cm_pin_cb_data cb_data; EVP_PKEY *pkey; FILE *keyfp; char *pin; long error; keyfp = fopen(filename, "r"); if (keyfp == NULL) { if (errno != ENOENT) { cm_log(0, "Error opening key file \"%s\" " "for reading: %s.\n", filename, strerror(errno)); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (cm_pin_read_for_key(entry, &pin) != 0) { cm_log(0, "Internal error reading key encryption PIN.\n"); _exit(CM_SUB_STATUS_ERROR_AUTH); } memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = entry; cb_data.n_attempts = 0; pkey = PEM_read_PrivateKey(keyfp, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); if (pkey == NULL) { error = errno; cm_log(0, "Error reading private key '%s': %s.\n", filename, strerror(error)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(0, "%s\n", buf); } _exit(CM_SUB_STATUS_ERROR_AUTH); /* XXX */ } else { if ((pin != NULL) && (strlen(pin) > 0) && (cb_data.n_attempts == 0)) { cm_log(0, "PIN was not needed to read private " "key '%s', though one was provided. " "Treating this as an error.\n", filename); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(0, "%s\n", buf); } _exit(CM_SUB_STATUS_ERROR_AUTH); /* XXX */ } } return pkey; } static X509 * cert_from_pem(char *pem, struct cm_store_entry *entry) { BIO *in; X509 *cert = NULL; if ((pem != NULL) && (strlen(pem) > 0)) { in = BIO_new_mem_buf(pem, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } cert = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (cert == NULL) { cm_log(0, "Error parsing certificate \"%s\".\n", pem); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } return cert; } return NULL; } static STACK_OF(X509) * certs_from_nickcerts(struct cm_nickcert **list) { BIO *in; X509 *cert = NULL; STACK_OF(X509) *sk = NULL; struct cm_nickcert *this; int i; for (i = 0; (list != NULL) && (list[i] != NULL); i++) { this = list[i]; if ((this->cm_cert != NULL) && (strlen(this->cm_cert) > 0)) { in = BIO_new_mem_buf(this->cm_cert, -1); if (in == NULL) { cm_log(0, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } cert = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); if (cert == NULL) { cm_log(0, "Error parsing certificate.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (sk == NULL) { sk = sk_X509_new(util_o_cert_cmp); if (sk == NULL) { cm_log(0, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } } sk_X509_push(sk, cert); } } return sk; } char * cm_scepgen_o_b64_from_p7(void *parent, PKCS7 *p7) { unsigned char *u, *p; char *ret; int len; len = i2d_PKCS7(p7, NULL); p = malloc(len); if (p == NULL) { return NULL; } u = p; if (i2d_PKCS7(p7, &u) != len) { free(p); return NULL; } ret = cm_store_base64_from_bin(parent, p, len); free(p); return ret; } static void set_pkimessage_attrs(PKCS7 *p7, const char *tx, const char *msgtype, const char *pkistatus, const char *failinfo, const unsigned char *sender_nonce, size_t sender_nonce_length, const unsigned char *recipient_nonce, size_t recipient_nonce_length) { PKCS7_SIGNER_INFO *sinfo; ASN1_OCTET_STRING *s, *r; ASN1_PRINTABLESTRING *t, *m, *p, *f; sinfo = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); if (tx != NULL) { cm_log(1, "Setting transaction ID \"%s\".\n", tx); t = util_ASN1_PRINTABLESTRING_new(); if (t == NULL) { return; } ASN1_STRING_set(t, tx, strlen(tx)); PKCS7_add_signed_attribute(sinfo, cm_scep_o_get_tx_nid(), V_ASN1_PRINTABLESTRING, t); } if (msgtype != NULL) { cm_log(1, "Setting message type \"%s\".\n", msgtype); m = util_ASN1_PRINTABLESTRING_new(); if (m == NULL) { return; } ASN1_STRING_set(m, msgtype, strlen(msgtype)); PKCS7_add_signed_attribute(sinfo, cm_scep_o_get_msgtype_nid(), V_ASN1_PRINTABLESTRING, m); } if (pkistatus != NULL) { cm_log(1, "Setting pkiStatus \"%s\".\n", pkistatus); p = util_ASN1_PRINTABLESTRING_new(); if (p == NULL) { return; } ASN1_STRING_set(p, pkistatus, strlen(pkistatus)); PKCS7_add_signed_attribute(sinfo, cm_scep_o_get_pkistatus_nid(), V_ASN1_PRINTABLESTRING, p); } if (failinfo != NULL) { cm_log(1, "Setting failInfo \"%s\".\n", failinfo); f = util_ASN1_PRINTABLESTRING_new(); if (f == NULL) { return; } ASN1_STRING_set(f, failinfo, strlen(failinfo)); PKCS7_add_signed_attribute(sinfo, cm_scep_o_get_failinfo_nid(), V_ASN1_PRINTABLESTRING, f); } if (sender_nonce != NULL) { cm_log(1, "Setting sender nonce.\n"); s = util_ASN1_OCTET_STRING_new(); if (s == NULL) { return; } util_ASN1_OCTET_STRING_set(s, sender_nonce, sender_nonce_length); PKCS7_add_signed_attribute(sinfo, cm_scep_o_get_sender_nonce_nid(), V_ASN1_OCTET_STRING, s); } if (recipient_nonce != NULL) { cm_log(1, "Setting recipient nonce.\n"); r = util_ASN1_OCTET_STRING_new(); if (r == NULL) { return; } util_ASN1_OCTET_STRING_set(r, recipient_nonce, recipient_nonce_length); PKCS7_add_signed_attribute(sinfo, cm_scep_o_get_recipient_nonce_nid(), V_ASN1_OCTET_STRING, r); } PKCS7_add_signed_attribute(sinfo, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); } static PKCS7 * build_pkimessage(EVP_PKEY *key, X509 *signer, STACK_OF(X509) *certs, enum cm_prefs_digest pref_digest, unsigned char *data, size_t data_length, const char *tx, const char *msgtype, const char *pkistatus, const char *failinfo, const unsigned char *sender_nonce, size_t sender_nonce_length, const unsigned char *recipient_nonce, size_t recipient_nonce_length) { BIO *in, *out; PKCS7 *ret; PKCS7_SIGNER_INFO *p7i; X509_ALGOR *digests; ASN1_OBJECT *digest; long error; char buf[LINE_MAX]; int flags = PKCS7_BINARY | PKCS7_NOSMIMECAP | PKCS7_NOVERIFY; in = BIO_new_mem_buf(data, data_length); if (in == NULL) { cm_log(0, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } ret = PKCS7_sign(signer, key, certs, in, flags); if (ret == NULL) { cm_log(0, "Error signing data.\n"); goto errors; } BIO_free(in); /* Set the digest to use for signing. */ if (sk_PKCS7_SIGNER_INFO_num(ret->d.sign->signer_info) != 1) { cm_log(0, "Error signing data: %d signers.\n", sk_PKCS7_SIGNER_INFO_num(ret->d.sign->signer_info)); goto errors; } p7i = sk_PKCS7_SIGNER_INFO_value(ret->d.sign->signer_info, 0); digest = NULL; switch (pref_digest) { case cm_prefs_sha256: case cm_prefs_nodigest: digest = OBJ_nid2obj(NID_sha256); break; case cm_prefs_sha384: digest = OBJ_nid2obj(NID_sha384); break; case cm_prefs_sha512: digest = OBJ_nid2obj(NID_sha512); break; case cm_prefs_sha1: digest = OBJ_nid2obj(NID_sha1); break; case cm_prefs_md5: digest = OBJ_nid2obj(NID_md5); break; } if ((digest != NULL) && (p7i->digest_alg != NULL)) { ASN1_OBJECT_free(p7i->digest_alg->algorithm); p7i->digest_alg->algorithm = OBJ_dup(digest); digests = sk_X509_ALGOR_pop(ret->d.sign->md_algs); if (digests != NULL) { X509_ALGOR_free(digests); } sk_X509_ALGOR_push(ret->d.sign->md_algs, X509_ALGOR_dup(p7i->digest_alg)); } /* Set the SCEP parameters. */ set_pkimessage_attrs(ret, tx, msgtype, pkistatus, failinfo, sender_nonce, sender_nonce_length, recipient_nonce, recipient_nonce_length); /* We'd use PKCS7_SIGNER_INFO_sign() here, but it's relatively new, and * we want to build on versions of OpenSSL that didn't have it. */ PKCS7_content_new(ret, NID_pkcs7_data); out = PKCS7_dataInit(ret, NULL); if (out == NULL) { cm_log(0, "Error signing data.\n"); goto errors; } BIO_write(out, data, data_length); PKCS7_dataFinal(ret, out); cm_log(1, "Signed data.\n"); return ret; errors: while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(0, "%s\n", buf); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } void cm_scepgen_o_cooked(struct cm_store_ca *ca, struct cm_store_entry *entry, unsigned char *nonce, size_t nonce_length, EVP_PKEY *old_pkey, EVP_PKEY *new_pkey, PKCS7 **csr_new, PKCS7 **csr_old, PKCS7 **ias_new, PKCS7 **ias_old) { char buf[LINE_MAX]; unsigned char *new_ias, *old_ias, *csr; size_t new_ias_length, old_ias_length, csr_length; X509 *old_cert, *new_cert = NULL; STACK_OF(X509) *chain = NULL; EVP_PKEY *pubkey; char *pem; const char *capability; int i; long error; enum cm_prefs_cipher cipher; enum cm_prefs_digest digest, pref_digest; util_o_init(); ERR_load_crypto_strings(); if (RAND_status() != 1) { cm_log(0, "PRNG not seeded for generating key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (RAND_bytes(nonce, nonce_length) == -1) { cm_log(0, "PRNG unable to generate nonce.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (entry->cm_cert != NULL) { old_cert = cert_from_pem(entry->cm_cert, entry); } else { old_cert = NULL; } pem = cm_submit_u_pem_from_base64("CERTIFICATE", 0, entry->cm_minicert); if (pem == NULL) { cm_log(0, "Out of memory.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } new_cert = cert_from_pem(pem, entry); if (new_cert == NULL) { while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(0, "%s\n", buf); } free(pem); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } char* scep_cipher = ca->cm_ca_scep_cipher; if (scep_cipher != NULL) { /* Force the cipher to whatever is in the configuration */ if (strcmp(scep_cipher, "AES256") == 0) { cipher = cm_prefs_aes256; } else if (strcmp(scep_cipher, "AES192") == 0) { cipher = cm_prefs_aes192; } else if (strcmp(scep_cipher, "AES128") == 0) { cipher = cm_prefs_aes128; } else if (strcmp(scep_cipher, "DES3") == 0) { cipher = cm_prefs_des3; } else if (strcmp(scep_cipher, "DES") == 0) { cipher = cm_prefs_des; } else { cm_log(0, "Option 'scep_cipher' must be one of AES256, AES192, AES128, DES3, or DES. Got '%s'\n", scep_cipher); _exit(1); } cm_log(1, "SCEP cipher set from configuration to: '%s'\n", scep_cipher); } else { cipher = cm_prefs_nocipher; for (i = 0; (ca->cm_ca_capabilities != NULL) && (ca->cm_ca_capabilities[i] != NULL); i++) { capability = ca->cm_ca_capabilities[i]; if ((strcmp(capability, "AES-256") == 0) || (strcmp(capability, "AES256") == 0)) { cm_log(1, "Server supports AES256, using that.\n"); cipher = cm_prefs_aes256; break; } if ((strcmp(capability, "AES-192") == 0) || (strcmp(capability, "AES192") == 0)) { cm_log(1, "Server supports AES192, using that.\n"); cipher = cm_prefs_aes192; break; } if ((strcmp(capability, "AES-128") == 0) || (strcmp(capability, "AES128") == 0)) { cm_log(1, "Server supports AES128, using that.\n"); cipher = cm_prefs_aes128; break; } if (strcmp(capability, "AES") == 0) { cm_log(1, "Server supports AES, using AES256.\n"); cipher = cm_prefs_aes256; break; } if (strcmp(capability, "DES3") == 0) { cm_log(1, "Server supports DES3, using that.\n"); cipher = cm_prefs_des3; break; } /* This remains for backward compatibility */ if (strcmp(capability, "DES") == 0) { cm_log(1, "Server supports DES, using that.\n"); cipher = cm_prefs_des; break; } } if (cipher == cm_prefs_nocipher) { /* Per the latest Draft RFC */ cm_log(1, "Could not determine supported CA capabilities, using cipher AES256.\n"); cipher = cm_prefs_aes256; } } char* scep_digest = ca->cm_ca_scep_digest; if (scep_digest != NULL) { /* Force the digest to whatever is in the configuration */ if (strcmp(scep_digest, "SHA512") == 0) { digest = cm_prefs_sha512; } else if (strcmp(scep_digest, "SHA384") == 0) { digest = cm_prefs_sha384; } else if (strcmp(scep_digest, "SHA256") == 0) { digest = cm_prefs_sha256; } else if (strcmp(scep_digest, "SHA1") == 0) { digest = cm_prefs_sha1; } else if (strcmp(scep_digest, "MD5") == 0) { digest = cm_prefs_md5; } else { cm_log(0, "Option 'scep_digest' must be one of SHA512, SHA384, SHA256, SHA1, or MD5. Got '%s'\n", scep_digest); _exit(1); } cm_log(1, "SCEP digest set from configuration to: '%s'\n", scep_digest); } else { pref_digest = cm_prefs_preferred_digest(); digest = cm_prefs_nodigest; for (i = 0; (ca->cm_ca_capabilities != NULL) && (ca->cm_ca_capabilities[i] != NULL); i++) { capability = ca->cm_ca_capabilities[i]; if ((pref_digest == cm_prefs_sha512) && ((strcmp(capability, "SHA-512") == 0) || (strcmp(capability, "SHA512") == 0))) { cm_log(1, "Server supports SHA-512, using that.\n"); digest = cm_prefs_sha512; break; } if ((pref_digest == cm_prefs_sha384) && ((strcmp(capability, "SHA-384") == 0) || (strcmp(capability, "SHA384") == 0))) { cm_log(1, "Server supports SHA-384, using that.\n"); digest = cm_prefs_sha384; break; } if ((pref_digest == cm_prefs_sha256) && ((strcmp(capability, "SHA-256") == 0) || (strcmp(capability, "SHA256") == 0))) { cm_log(1, "Server supports SHA-256, using that.\n"); digest = cm_prefs_sha256; break; } if ((pref_digest == cm_prefs_sha1) && ((strcmp(capability, "SHA-1") == 0) || (strcmp(capability, "SHA1") == 0))) { cm_log(1, "Server supports SHA-1, using that.\n"); digest = cm_prefs_sha1; break; } /* This remains for backward compatibility */ if ((pref_digest == cm_prefs_sha1) && (strcmp(capability, "MD5") == 0)) { cm_log(1, "Server supports MD5, using that.\n"); digest = cm_prefs_md5; break; } } if (digest == cm_prefs_nodigest) { /* Per SCEP RFC draft-gutmann-scep-10 - March 1, 2018 */ /* https://www.ietf.org/id/draft-gutmann-scep-10.txt */ cm_log(1, "Could not determine supported CA capabilities, using digest SHA256.\n"); digest = cm_prefs_sha256; } } if (old_cert != NULL) { if (cm_pkcs7_envelope_ias(ca->cm_ca_encryption_cert, cipher, ca->cm_ca_encryption_issuer_cert, entry->cm_cert, &old_ias, &old_ias_length) != 0) { cm_log(0, "Error generating enveloped issuer-and-subject.\n"); free(pem); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } } else { old_ias = NULL; old_ias_length = 0; } if (cm_pkcs7_envelope_ias(ca->cm_ca_encryption_cert, cipher, ca->cm_ca_encryption_issuer_cert, pem, &new_ias, &new_ias_length) != 0) { cm_log(0, "Error generating enveloped issuer-and-subject.\n"); free(pem); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } free(pem); if (cm_pkcs7_envelope_csr(ca->cm_ca_encryption_cert, cipher, entry->cm_csr, &csr, &csr_length) != 0) { cm_log(0, "Error generating enveloped CSR.\n"); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(0, "%s\n", buf); } _exit(CM_SUB_STATUS_INTERNAL_ERROR); } chain = certs_from_nickcerts(entry->cm_cert_chain); if (old_cert != NULL) { /* Sign the data using the previously-issued certificate and * the matching key. */ pubkey = util_public_EVP_PKEY_dup(util_X509_get0_pubkey(old_cert)); if (pubkey == NULL) { cm_log(0, "Error generating PKCSREQ pkiMessage: error copying key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } util_X509_set_pubkey(old_cert, old_pkey); cm_log(1, "Generating PKCSREQ pkiMessage.\n"); *csr_old = build_pkimessage(old_pkey, old_cert, chain, digest, csr, csr_length, entry->cm_scep_tx, SCEP_MSGTYPE_PKCSREQ, NULL, NULL, nonce, nonce_length, NULL, 0); cm_log(1, "Generating GetCertInitial pkiMessage.\n"); *ias_old = build_pkimessage(old_pkey, old_cert, chain, digest, old_ias, old_ias_length, entry->cm_scep_tx, SCEP_MSGTYPE_GETCERTINITIAL, NULL, NULL, nonce, nonce_length, NULL, 0); cm_log(1, "Signing using previously-issued key and cert.\n"); util_X509_set_pubkey(old_cert, pubkey); EVP_PKEY_free(pubkey); X509_free(old_cert); } else { if (new_pkey == NULL) { /* Sign the data using the old key and the mini certificate, * since we may not have a previously-issued certificate (and * if we do, we did that in another code path. */ pubkey = util_public_EVP_PKEY_dup(util_X509_get0_pubkey(new_cert)); if (pubkey == NULL) { cm_log(0, "Error generating PKCSREQ pkiMessage: error copying key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } util_X509_set_pubkey(new_cert, old_pkey); cm_log(1, "Generating PKCSREQ pkiMessage.\n"); *csr_old = build_pkimessage(old_pkey, new_cert, chain, digest, csr, csr_length, entry->cm_scep_tx, SCEP_MSGTYPE_PKCSREQ, NULL, NULL, nonce, nonce_length, NULL, 0); cm_log(1, "Generating GetCertInitial pkiMessage.\n"); *ias_old = build_pkimessage(old_pkey, new_cert, chain, digest, new_ias, new_ias_length, entry->cm_scep_tx, SCEP_MSGTYPE_GETCERTINITIAL, NULL, NULL, nonce, nonce_length, NULL, 0); cm_log(1, "Signing using old key.\n"); util_X509_set_pubkey(new_cert, pubkey); EVP_PKEY_free(pubkey); } else { /* No cert, and the minicert matches the new key. */ *csr_old = NULL; *ias_old = NULL; } } if (new_pkey != NULL) { /* Sign the data using the new key and mini certificate, since * any previously-issued certificate won't match. */ pubkey = util_public_EVP_PKEY_dup(util_X509_get0_pubkey(new_cert)); if (pubkey == NULL) { cm_log(0, "Error generating rekeying PKCSREQ pkiMessage: error copying key.\n"); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } util_X509_set_pubkey(new_cert, new_pkey); cm_log(1, "Generating rekeying PKCSREQ pkiMessage.\n"); *csr_new = build_pkimessage(new_pkey, new_cert, chain, digest, csr, csr_length, entry->cm_scep_tx, SCEP_MSGTYPE_PKCSREQ, NULL, NULL, nonce, nonce_length, NULL, 0); cm_log(1, "Generating rekeying GetCertInitial pkiMessage.\n"); *ias_new = build_pkimessage(new_pkey, new_cert, chain, digest, new_ias, new_ias_length, entry->cm_scep_tx, SCEP_MSGTYPE_GETCERTINITIAL, NULL, NULL, nonce, nonce_length, NULL, 0); cm_log(1, "Signing using new key.\n"); util_X509_set_pubkey(new_cert, pubkey); EVP_PKEY_free(pubkey); } else { *csr_new = NULL; *ias_new = NULL; } X509_free(new_cert); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(0, "%s\n", buf); } } static int cm_scepgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { unsigned char nonce[16]; PKCS7 *csr_new, *csr_old, *ias_new, *ias_old; FILE *status; EVP_PKEY *old_pkey, *new_pkey = NULL; char *filename, *p; status = fdopen(fd, "w"); if (status == NULL) { _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if (ca->cm_ca_encryption_cert == NULL) { cm_log(0, "Can't generate new SCEP request data without " "the RA/CA encryption certificate.\n"); _exit(CM_SUB_STATUS_NEED_SCEP_DATA); } old_pkey = key_from_file(entry->cm_key_storage_location, entry); if (old_pkey == NULL) { cm_log(0, "Error reading key from file \"%s\".\n", entry->cm_key_storage_location); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { filename = util_build_next_filename(entry->cm_key_storage_location, entry->cm_key_next_marker); if (filename == NULL) { cm_log(0, "Error opening key file for reading: %s.\n", strerror(errno)); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } new_pkey = key_from_file(filename, entry); if (new_pkey == NULL) { cm_log(0, "Error reading key from file \"%s\".\n", filename); free(filename); _exit(CM_SUB_STATUS_INTERNAL_ERROR); } free(filename); } else { new_pkey = NULL; } if ((util_EVP_PKEY_base_id(old_pkey) != EVP_PKEY_RSA) || ((new_pkey != NULL) && (util_EVP_PKEY_base_id(new_pkey) != EVP_PKEY_RSA))) { cm_log(0, "Keys aren't RSA. They won't work with SCEP.\n"); _exit(CM_SUB_STATUS_ERROR_KEY_TYPE); } cm_scepgen_o_cooked(ca, entry, nonce, sizeof(nonce), old_pkey, new_pkey, &csr_new, &csr_old, &ias_new, &ias_old); p = cm_store_base64_from_bin(NULL, nonce, sizeof(nonce)); fprintf(status, "%s:", p ? p : ""); p = csr_old ? cm_scepgen_o_b64_from_p7(NULL, csr_old) : NULL; fprintf(status, "%s:", p ? p : ""); p = ias_old ? cm_scepgen_o_b64_from_p7(NULL, ias_old) : NULL; fprintf(status, "%s:", p ? p : ""); p = csr_new ? cm_scepgen_o_b64_from_p7(NULL, csr_new) : NULL; fprintf(status, "%s:", p ? p : ""); p = ias_new ? cm_scepgen_o_b64_from_p7(NULL, ias_new) : NULL; fprintf(status, "%s:\n", p ? p : ""); fclose(status); if (new_pkey != NULL) { EVP_PKEY_free(new_pkey); } EVP_PKEY_free(old_pkey); _exit(0); } /* Check if a SCEP is ready. */ static int cm_scepgen_o_ready(struct cm_scepgen_state *state) { return cm_subproc_ready(state->subproc); } /* Get a selectable-for-read descriptor we can poll for status changes. */ static int cm_scepgen_o_get_fd(struct cm_scepgen_state *state) { return cm_subproc_get_fd(state->subproc); } static char * make_pem(void *parent, const char *p, size_t len) { char *s, *t; s = talloc_strndup(parent, p, len); if (s != NULL) { t = cm_submit_u_pem_from_base64("PKCS7", 0, s); if (t != NULL) { talloc_free(s); s = talloc_strdup(parent, t); free(t); } } return s; } /* Save the SCEP data to the entry. */ static int cm_scepgen_o_save_scep(struct cm_scepgen_state *state) { int status; const char *p, *q; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { return -1; } talloc_free(state->entry->cm_scep_nonce); talloc_free(state->entry->cm_scep_req); talloc_free(state->entry->cm_scep_gic); talloc_free(state->entry->cm_scep_req_next); talloc_free(state->entry->cm_scep_gic_next); p = cm_subproc_get_msg(state->subproc, NULL); q = p + strcspn(p, ":"); state->entry->cm_scep_nonce = talloc_strndup(state->entry, p, q - p); state->entry->cm_scep_req = NULL; state->entry->cm_scep_gic = NULL; state->entry->cm_scep_req_next = NULL; state->entry->cm_scep_gic_next = NULL; if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_req = make_pem(state->entry, p, q - p); } } if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_gic = make_pem(state->entry, p, q - p); } } if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_req_next = make_pem(state->entry, p, q - p); } } if (*q != '\0') { p = ++q; q = p + strcspn(p, ":"); if (q > p) { state->entry->cm_scep_gic_next = make_pem(state->entry, p, q - p); } } return 0; } /* Check if we need a PIN (or a new PIN) to access the key information. */ static int cm_scepgen_o_need_pin(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_AUTH)) { return 0; } return -1; } /* Check if we need a token to be inserted to access the key information. */ static int cm_scepgen_o_need_token(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_NO_TOKEN)) { return 0; } return -1; } /* Check if we need information about the CA in order to generate data. */ static int cm_scepgen_o_need_encryption_certs(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_NEED_SCEP_DATA)) { return 0; } return -1; } /* Check if we need a different key type (which is probably RSA). */ static int cm_scepgen_o_need_different_key_type(struct cm_scepgen_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUB_STATUS_ERROR_KEY_TYPE)) { return 0; } return -1; } /* Clean up after SCEP generation. */ static void cm_scepgen_o_done(struct cm_scepgen_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start SCEP request data generation using template information in the entry. * */ struct cm_scepgen_state * cm_scepgen_o_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { struct cm_scepgen_state *state; state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->pvt.ready = &cm_scepgen_o_ready; state->pvt.get_fd = &cm_scepgen_o_get_fd; state->pvt.save_scep = &cm_scepgen_o_save_scep; state->pvt.need_pin = &cm_scepgen_o_need_pin; state->pvt.need_token = &cm_scepgen_o_need_token; state->pvt.need_encryption_certs = &cm_scepgen_o_need_encryption_certs; state->pvt.need_different_key_type = &cm_scepgen_o_need_different_key_type; state->pvt.done = &cm_scepgen_o_done; state->entry = entry; state->subproc = cm_subproc_start(cm_scepgen_o_main, state, ca, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } } return state; } certmonger-0.79.19/src/scepgen.c0000644000175000017500000000542314511314133016015 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include "scepgen.h" #include "scepgen-int.h" #include "log.h" #include "store-int.h" struct cm_scepgen_state * cm_scepgen_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { switch (entry->cm_key_storage_type) { case cm_key_storage_none: cm_log(0, "Can't generate new SCEP data for %s('%s') without " "the key, and we don't know where that is or should " "be.\n", entry->cm_busname, entry->cm_nickname); break; #ifdef HAVE_OPENSSL case cm_key_storage_file: return cm_scepgen_o_start(ca, entry); break; #endif #ifdef HAVE_NSS case cm_key_storage_nssdb: return cm_scepgen_n_start(ca, entry); break; #endif } return NULL; } int cm_scepgen_ready(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->ready(state); } int cm_scepgen_get_fd(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->get_fd(state); } int cm_scepgen_save_scep(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->save_scep(state); } int cm_scepgen_need_pin(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->need_pin(state); } int cm_scepgen_need_token(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->need_token(state); } int cm_scepgen_need_encryption_certs(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->need_encryption_certs(state); } int cm_scepgen_need_different_key_type(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; return pvt->need_different_key_type(state); } void cm_scepgen_done(struct cm_scepgen_state *state) { struct cm_scepgen_state_pvt *pvt = (struct cm_scepgen_state_pvt *) state; pvt->done(state); } certmonger-0.79.19/src/scepgen.h0000644000175000017500000000417214511314133016022 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmscepgen_h #define cmscepgen_h struct cm_scepgen_state; struct cm_store_ca; struct cm_store_entry; /* Start SCEP request generation using template information in the entry. */ struct cm_scepgen_state *cm_scepgen_start(struct cm_store_ca *ca, struct cm_store_entry *entry); struct cm_scepgen_state *cm_scepgen_n_start(struct cm_store_ca *ca, struct cm_store_entry *entry); struct cm_scepgen_state *cm_scepgen_o_start(struct cm_store_ca *ca, struct cm_store_entry *entry); /* Check if SCEP request data is ready. */ int cm_scepgen_ready(struct cm_scepgen_state *state); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_scepgen_get_fd(struct cm_scepgen_state *state); /* Check if we need a PIN (or a new PIN) to sign SCEP requests. */ int cm_scepgen_need_pin(struct cm_scepgen_state *state); /* Check if we need the right token to be present to sign SCEP requests. */ int cm_scepgen_need_token(struct cm_scepgen_state *state); /* Check if we need the server's certificates to encrypt SCEP requests. */ int cm_scepgen_need_encryption_certs(struct cm_scepgen_state *state); /* Check if we need a different key type. */ int cm_scepgen_need_different_key_type(struct cm_scepgen_state *state); /* Save the SCEP request data to the entry. */ int cm_scepgen_save_scep(struct cm_scepgen_state *state); /* Clean up after SCEP request generation. */ void cm_scepgen_done(struct cm_scepgen_state *state); #endif certmonger-0.79.19/src/selfsign-getcert.1.in0000644000175000017500000000421114511314133020153 0ustar gitgit00000000000000.TH CERTMONGER 1 "November 3, 2009" "certmonger Manual" .SH NAME selfsign\-getcert .SH SYNOPSIS selfsign\-getcert request [options] selfsign\-getcert resubmit [options] selfsign\-getcert start\-tracking [options] selfsign\-getcert status [options] selfsign\-getcert stop\-tracking [options] selfsign\-getcert list [options] selfsign\-getcert list\-cas [options] selfsign\-getcert refresh\-cas [options] .SH DESCRIPTION The \fIselfsign\-getcert\fR tool issues requests to a @CM_DBUS_NAME@ service on behalf of the invoking user. It can ask the service to begin enrollment, optionally generating a key pair to use, it can ask the service to begin monitoring a certificate in a specified location for expiration, and optionally to refresh it when expiration nears, it can list the set of certificates that the service is already monitoring, or it can list the set of CAs that the service is capable of using. If no command is given as the first command\-line argument, \fIselfsign\-getcert\fR will print short usage information for each of its functions. The \fIselfsign\-getcert\fR tool behaves identically to the generic \fIgetcert\fR tool when it is used with the \fB\-c \fI@CM_SELF_SIGN_CA_NAME@\fR option. \fBcertmonger\fR's self\-signer doesn't use root certificates. While the \fB\-F\fR and \fB\-a\fR options will still be recognized, they will effectively be ignored. .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ .SH SEE ALSO \fBcertmonger\fR(8) \fBgetcert\fR(1) \fBgetcert\-add\-ca\fR(1) \fBgetcert\-add\-scep\-ca\fR(1) \fBgetcert\-list\-cas\fR(1) \fBgetcert\-list\fR(1) \fBgetcert\-modify\-ca\fR(1) \fBgetcert\-refresh\-ca\fR(1) \fBgetcert\-refresh\fR(1) \fBgetcert\-rekey\fR(1) \fBgetcert\-remove\-ca\fR(1) \fBgetcert\-request\fR(1) \fBgetcert\-resubmit\fR(1) \fBgetcert\-start\-tracking\fR(1) \fBgetcert\-status\fR(1) \fBgetcert\-stop\-tracking\fR(1) \fBcertmonger\-certmaster\-submit\fR(8) \fBcertmonger\-dogtag\-ipa\-renew\-agent\-submit\fR(8) \fBcertmonger\-dogtag\-submit\fR(8) \fBcertmonger\-ipa\-submit\fR(8) \fBcertmonger\-local\-submit\fR(8) \fBcertmonger\-scep\-submit\fR(8) \fBcertmonger_selinux\fR(8) certmonger-0.79.19/src/selfsign-getcert.c0000644000175000017500000000011714511314133017631 0ustar gitgit00000000000000#include "config.h" #define FORCE_CA CM_SELF_SIGN_CA_NAME #include "getcert.c" certmonger-0.79.19/src/serial-check.c0000644000175000017500000000212714511314133016721 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include "store.h" int main(int argc, char **argv) { int i; void *parent; char *serial; parent = talloc_new(NULL); serial = cm_store_increment_serial(parent, NULL); printf("Starting value = %s\n", serial); for (i = 0; i < 1024; i++) { serial = cm_store_increment_serial(parent, serial); printf("%s\n", serial); } return 0; } certmonger-0.79.19/src/srvloc.c0000644000175000017500000001216514511314133015702 0ustar gitgit00000000000000/* * Copyright (C) 2014,2016,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #ifdef CM_USE_IDN #include #endif #ifdef HAVE_OPENSSL #include #endif #ifdef HAVE_GMP #include #endif #include #include "srvloc.h" #ifdef NS_MAXMSG #define CM_MAXMSG NS_MAXMSG #else #define CM_MAXMSG 65535 #endif #ifndef HAVE_NS_INITPARSE int cm_srvloc_resolve(void *parent, const char *name, const char *domain, struct cm_srvloc **results) { return -1; } #else static int cm_srvloc_priority_sort(const void *a, const void *b) { const struct cm_srvloc *sa, *sb; sa = a; sb = b; return sa->priority - sb->priority; } static int cm_srvloc_weight_sort(const void *a, const void *b) { const struct cm_srvloc *sa, *sb; sa = a; sb = b; return sa->weight - sb->weight; } #ifdef HAVE_OPENSSL static unsigned int cm_srvloc_rand(unsigned int range) { long long r; if (RAND_status() != 1) { return 0; } if (RAND_bytes((unsigned char *) &r, sizeof(r)) == -1) { return 0; } if (r < 0) { r = -r; } if (range == 0) { return 0; } return r % range; } #else #ifdef HAVE_GMP static unsigned int cm_srvloc_rand(unsigned int range) { static gmp_randstate_t state; static int initialized = 0; if (initialized == 0) { gmp_randinit_default(state); initialized++; } return gmp_urandomm_ui(state, range); } #else static unsigned int cm_srvloc_rand(unsigned int range) { return 0; } #endif #endif static void cm_srvloc_weigh(struct cm_srvloc *res, int n) { int i, j, k, tweight; struct cm_srvloc tmp; long long r; qsort(res, n, sizeof(res[0]), cm_srvloc_weight_sort); for (i = 0; res[i].weight == 0; i++) { continue; } if (i == n) { return; } for (j = i; j < n - 1; j++) { tweight = 0; for (k = j; k < n; k++) { tweight += res[k].weight; } r = cm_srvloc_rand(tweight); tweight = 0; for (k = j; k < n; k++) { tweight += res[k].weight; if (tweight > r) { break; } } if (k >= n) { continue; } memcpy(&tmp, &res[j], sizeof(tmp)); memcpy(&res[j], &res[k], sizeof(tmp)); memcpy(&res[k], &tmp, sizeof(tmp)); } } int cm_srvloc_resolve(void *parent, const char *name, const char *udomain, struct cm_srvloc **results) { int i, j, n, hi, weights; unsigned char *answer; char *domain; size_t answer_len = CM_MAXMSG; struct cm_srvloc *res = NULL; ns_msg msg; ns_rr rr; *results = NULL; if ((name == NULL) || (strlen(name) == 0) || (udomain == NULL) || (strlen(udomain) == 0)) { return -1; } res_init(); answer = talloc_zero_size(parent, answer_len + 1); if (answer == NULL) { return -1; } #ifdef CM_USE_IDN if (idna_to_ascii_lz(udomain, &domain, 0) != IDNA_SUCCESS) { domain = strdup(udomain); } #else domain = strdup(udomain); #endif i = res_querydomain(name, domain, C_IN, T_SRV, answer, answer_len); free(domain); if (i == -1) { return -1; } answer_len = i; memset(&msg, 0, sizeof(msg)); if (ns_initparse(answer, answer_len, &msg) != 0) { return -1; } memset(&rr, 0, sizeof(rr)); for (i = 0; ns_parserr(&msg, ns_s_an, i, &rr) == 0; i++) { continue; } if (i == 0) { return -1; } n = i; res = talloc_array_ptrtype(parent, res, i); if (res == NULL) { return -1; } memset(res, 0, sizeof(*res) * i); for (i = 0, j = 0; i < n; i++) { if (ns_parserr(&msg, ns_s_an, i, &rr) != 0) { continue; } if (rr.rdlength < 6) { continue; } res[j].host = talloc_size(res, answer_len + 1); if (res[j].host == NULL) { return -1; } res[j].priority = ntohs(*(uint16_t *)rr.rdata); res[j].weight = ntohs(*(uint16_t *)(rr.rdata + 2)); res[j].port = ntohs(*(uint16_t *)(rr.rdata + 4)); memcpy(res[j].host, rr.rdata + 6, rr.rdlength - 6); if (ns_name_ntop(rr.rdata + 6, res[j].host, answer_len) == -1) { continue; } res[j].host[answer_len] = '\0'; j++; } n = j; qsort(res, n, sizeof(res[0]), cm_srvloc_priority_sort); i = 0; while (i < n) { weights = res[i].weight; for (hi = i + 1; (hi < n) && (res[hi].priority == res[i].priority); hi++) { weights += res[hi].weight; } cm_srvloc_weigh(res + i, hi - i); i = hi; if (weights == 0) { continue; } } talloc_free(answer); for (i = 0; i < n - 1; i++) { res[i].next = &res[i + 1]; } *results = res; return 0; } #endif certmonger-0.79.19/src/srvloc.h0000644000175000017500000000172014511314133015702 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsrvloc_h #define cmsrvloc_h #include struct cm_srvloc { char *host; uint16_t port; int priority, weight; struct cm_srvloc *next; }; int cm_srvloc_resolve(void *parent, const char *service, const char *domain, struct cm_srvloc **results); #endif certmonger-0.79.19/src/store-files.c0000644000175000017500000027262714511314133016641 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_UUID #if defined(HAVE_UUID_H) #include #elif defined(HAVE_UUID_UUID_H) #include #endif #endif #ifdef HAVE_GMP #include #endif #include "env.h" #include "store.h" #include "store-int.h" #include "submit-e.h" #include "submit-u.h" #include "log.h" #include "tm.h" static unsigned long long cm_entry_name_last, cm_ca_name_last; enum cm_store_file_field { cm_store_file_field_invalid = 0, cm_store_file_field_id, cm_store_entry_field_key_type, cm_store_entry_field_key_gen_type, cm_store_entry_field_key_size, cm_store_entry_field_key_gen_size, cm_store_entry_field_key_next_type, cm_store_entry_field_key_next_gen_type, cm_store_entry_field_key_next_size, cm_store_entry_field_key_next_gen_size, cm_store_entry_field_key_preserve, cm_store_entry_field_key_next_marker, cm_store_entry_field_key_storage_type, cm_store_entry_field_key_storage_location, cm_store_entry_field_key_token, cm_store_entry_field_key_nickname, cm_store_entry_field_key_pin, cm_store_entry_field_key_pin_file, cm_store_entry_field_key_owner, cm_store_entry_field_key_perms, cm_store_entry_field_key_pubkey, cm_store_entry_field_key_pubkey_info, cm_store_entry_field_key_next_pubkey, cm_store_entry_field_key_next_pubkey_info, cm_store_entry_field_key_generated_date, cm_store_entry_field_key_next_generated_date, cm_store_entry_field_key_requested_count, cm_store_entry_field_key_next_requested_count, cm_store_entry_field_key_issued_count, cm_store_entry_field_cert_storage_type, cm_store_entry_field_cert_storage_location, cm_store_entry_field_cert_token, cm_store_entry_field_cert_nickname, cm_store_entry_field_cert_owner, cm_store_entry_field_cert_perms, cm_store_entry_field_nss_user, cm_store_entry_field_cert_issuer_der, cm_store_entry_field_cert_issuer, cm_store_entry_field_cert_serial, cm_store_entry_field_cert_subject_der, cm_store_entry_field_cert_subject, cm_store_entry_field_cert_spki, cm_store_entry_field_cert_not_before, cm_store_entry_field_cert_not_after, cm_store_entry_field_cert_hostname, cm_store_entry_field_cert_email, cm_store_entry_field_cert_principal, cm_store_entry_field_cert_ipaddress, cm_store_entry_field_cert_ku, cm_store_entry_field_cert_eku, cm_store_entry_field_cert_is_ca, cm_store_entry_field_cert_ca_path_length, cm_store_entry_field_cert_crl_distribution_point, cm_store_entry_field_cert_freshest_crl, cm_store_entry_field_cert_ocsp_location, cm_store_entry_field_cert_ns_comment, cm_store_entry_field_cert_profile, cm_store_entry_field_cert_no_ocsp_check, cm_store_entry_field_cert_ns_certtype, cm_store_entry_field_last_expiration_check, cm_store_entry_field_last_need_notify_check, cm_store_entry_field_last_need_enroll_check, cm_store_entry_field_template_subject_der, cm_store_entry_field_template_subject, cm_store_entry_field_template_hostname, cm_store_entry_field_template_email, cm_store_entry_field_template_principal, cm_store_entry_field_template_ipaddress, cm_store_entry_field_template_ku, cm_store_entry_field_template_eku, cm_store_entry_field_template_is_ca, cm_store_entry_field_template_ca_path_length, cm_store_entry_field_template_crl_distribution_point, cm_store_entry_field_template_freshest_crl, cm_store_entry_field_template_ocsp_location, cm_store_entry_field_template_ns_comment, cm_store_entry_field_template_profile, cm_store_entry_field_template_issuer, cm_store_entry_field_template_certificate_template, cm_store_entry_field_template_no_ocsp_check, cm_store_entry_field_template_ns_certtype, cm_store_entry_field_challenge_password, cm_store_entry_field_challenge_password_file, cm_store_entry_field_csr, cm_store_entry_field_spkac, cm_store_entry_field_scep_tx, cm_store_entry_field_scep_nonce, cm_store_entry_field_scep_last_nonce, cm_store_entry_field_scep_gic, cm_store_entry_field_scep_gic_next, cm_store_entry_field_scep_req, cm_store_entry_field_scep_req_next, cm_store_entry_field_minicert, cm_store_entry_field_state, cm_store_entry_field_autorenew, cm_store_entry_field_monitor, cm_store_entry_field_ca_nickname, cm_store_entry_field_submitted, cm_store_entry_field_ca_cookie, cm_store_entry_field_ca_error, cm_store_entry_field_cert, cm_store_entry_field_cert_chain, cm_store_entry_field_cert_roots, cm_store_entry_field_pre_certsave_command, cm_store_entry_field_pre_certsave_uid, cm_store_entry_field_post_certsave_command, cm_store_entry_field_post_certsave_uid, cm_store_entry_field_root_cert_files, cm_store_entry_field_other_root_cert_files, cm_store_entry_field_other_cert_files, cm_store_entry_field_root_cert_nssdbs, cm_store_entry_field_other_root_cert_nssdbs, cm_store_entry_field_other_cert_nssdbs, cm_store_ca_field_aka, cm_store_ca_field_known_issuer_names, cm_store_ca_field_is_default, cm_store_ca_field_type, cm_store_ca_field_internal_serial, cm_store_ca_field_internal_issue_time, cm_store_ca_field_external_helper, cm_store_ca_field_root_certs, cm_store_ca_field_other_root_certs, cm_store_ca_field_other_certs, cm_store_ca_field_required_enroll_attributes, cm_store_ca_field_required_renewal_attributes, cm_store_ca_field_profiles, cm_store_ca_field_default_profile, cm_store_ca_field_pre_save_command, cm_store_ca_field_pre_save_uid, cm_store_ca_field_post_save_command, cm_store_ca_field_post_save_uid, cm_store_ca_field_root_cert_files, cm_store_ca_field_other_root_cert_files, cm_store_ca_field_other_cert_files, cm_store_ca_field_root_cert_nssdbs, cm_store_ca_field_other_root_cert_nssdbs, cm_store_ca_field_other_cert_nssdbs, cm_store_ca_field_capabilities, cm_store_ca_field_scep_cipher, cm_store_ca_field_scep_digest, cm_store_ca_field_scep_ca_identifier, cm_store_ca_field_encryption_cert, cm_store_ca_field_encryption_issuer_cert, cm_store_ca_field_encryption_cert_pool, cm_store_file_field_invalid_high, }; static struct cm_store_file_field_list { enum cm_store_file_field field; const char *name; } cm_store_file_field_list[] = { {cm_store_file_field_id, "id"}, /* ipa-client-install assumes that we'll * never rename this, so now we can't */ {cm_store_entry_field_key_type, "key_type"}, {cm_store_entry_field_key_gen_type, "key_gen_type"}, {cm_store_entry_field_key_size, "key_size"}, {cm_store_entry_field_key_gen_size, "key_gen_size"}, {cm_store_entry_field_key_next_type, "key_next_type"}, {cm_store_entry_field_key_next_gen_type, "key_next_gen_type"}, {cm_store_entry_field_key_next_size, "key_next_size"}, {cm_store_entry_field_key_next_gen_size, "key_next_gen_size"}, {cm_store_entry_field_key_preserve, "key_preserve"}, {cm_store_entry_field_key_next_marker, "key_next_marker"}, {cm_store_entry_field_key_generated_date, "key_generated_date"}, {cm_store_entry_field_key_next_generated_date, "key_next_generated_date"}, {cm_store_entry_field_key_requested_count, "key_requested_count"}, {cm_store_entry_field_key_next_requested_count, "key_next_requested_count"}, {cm_store_entry_field_key_issued_count, "key_issued_count"}, {cm_store_entry_field_key_storage_type, "key_storage_type"}, {cm_store_entry_field_key_storage_location, "key_storage_location"}, {cm_store_entry_field_key_token, "key_token"}, {cm_store_entry_field_key_nickname, "key_nickname"}, {cm_store_entry_field_key_pin, "key_pin"}, {cm_store_entry_field_key_pin_file, "key_pin_file"}, {cm_store_entry_field_key_owner, "key_owner"}, {cm_store_entry_field_key_perms, "key_perms"}, {cm_store_entry_field_key_pubkey, "key_pubkey"}, {cm_store_entry_field_key_pubkey_info, "key_pubkey_info"}, {cm_store_entry_field_key_next_pubkey, "key_next_pubkey"}, {cm_store_entry_field_key_next_pubkey_info, "key_next_pubkey_info"}, {cm_store_entry_field_cert_storage_type, "cert_storage_type"}, {cm_store_entry_field_cert_storage_location, "cert_storage_location"}, {cm_store_entry_field_cert_token, "cert_token"}, {cm_store_entry_field_cert_nickname, "cert_nickname"}, {cm_store_entry_field_cert_owner, "cert_owner"}, {cm_store_entry_field_cert_perms, "cert_perms"}, {cm_store_entry_field_nss_user, "nss_user"}, {cm_store_entry_field_cert_issuer_der, "cert_issuer_der"}, {cm_store_entry_field_cert_issuer, "cert_issuer"}, {cm_store_entry_field_cert_serial, "cert_serial"}, {cm_store_entry_field_cert_subject_der, "cert_subject_der"}, {cm_store_entry_field_cert_subject, "cert_subject"}, {cm_store_entry_field_cert_spki, "cert_spki"}, {cm_store_entry_field_cert_not_before, "cert_not_before"}, /* right */ {cm_store_entry_field_cert_not_before, "cert_issued"}, /* so wrong */ {cm_store_entry_field_cert_not_after, "cert_not_after"}, /* right */ {cm_store_entry_field_cert_not_after, "cert_expiration"}, /* wrong */ {cm_store_entry_field_cert_hostname, "cert_hostname"}, {cm_store_entry_field_cert_email, "cert_email"}, {cm_store_entry_field_cert_principal, "cert_principal"}, {cm_store_entry_field_cert_ipaddress, "cert_ipaddress"}, {cm_store_entry_field_cert_ku, "cert_ku"}, {cm_store_entry_field_cert_eku, "cert_eku"}, {cm_store_entry_field_cert_is_ca, "cert_is_ca"}, {cm_store_entry_field_cert_ca_path_length, "cert_ca_path_length"}, {cm_store_entry_field_cert_crl_distribution_point, "cert_crldp"}, {cm_store_entry_field_cert_freshest_crl, "cert_freshest_crl"}, {cm_store_entry_field_cert_ocsp_location, "cert_ocsp"}, {cm_store_entry_field_cert_ns_comment, "cert_ns_comment"}, {cm_store_entry_field_cert_profile, "cert_profile"}, {cm_store_entry_field_cert_no_ocsp_check, "cert_no_ocsp_check"}, {cm_store_entry_field_cert_ns_certtype, "cert_ns_certtype"}, {cm_store_entry_field_last_expiration_check, "last_expiration_check"}, {cm_store_entry_field_last_need_notify_check, "last_need_notify_check"}, {cm_store_entry_field_last_need_enroll_check, "last_need_enroll_check"}, {cm_store_entry_field_template_subject_der, "template_subject_der"}, {cm_store_entry_field_template_subject, "template_subject"}, {cm_store_entry_field_template_hostname, "template_hostname"}, {cm_store_entry_field_template_email, "template_email"}, {cm_store_entry_field_template_principal, "template_principal"}, {cm_store_entry_field_template_ipaddress, "template_ipaddress"}, {cm_store_entry_field_template_ku, "template_ku"}, {cm_store_entry_field_template_eku, "template_eku"}, {cm_store_entry_field_template_is_ca, "template_is_ca"}, {cm_store_entry_field_template_ca_path_length, "template_ca_path_length"}, {cm_store_entry_field_template_crl_distribution_point, "template_crldp"}, {cm_store_entry_field_template_freshest_crl, "template_freshest_crl"}, {cm_store_entry_field_template_ocsp_location, "template_ocsp"}, {cm_store_entry_field_template_ns_comment, "template_ns_comment"}, {cm_store_entry_field_template_profile, "template_profile"}, /* right */ {cm_store_entry_field_template_profile, "ca_profile"}, /* wrong */ {cm_store_entry_field_template_issuer, "template_issuer"}, {cm_store_entry_field_template_certificate_template, "template_certificate_template"}, {cm_store_entry_field_template_no_ocsp_check, "template_no_ocsp_check"}, {cm_store_entry_field_template_ns_certtype, "template_ns_certtype"}, {cm_store_entry_field_challenge_password, "template_challenge_password"}, /* right */ {cm_store_entry_field_challenge_password, "challenge_password"}, /* wrong */ {cm_store_entry_field_challenge_password_file, "template_challenge_password_file"}, {cm_store_entry_field_csr, "csr"}, {cm_store_entry_field_spkac, "spkac"}, {cm_store_entry_field_scep_tx, "scep_tx"}, {cm_store_entry_field_scep_nonce, "scep_nonce"}, {cm_store_entry_field_scep_last_nonce, "scep_last_nonce"}, {cm_store_entry_field_scep_gic, "scep_gic"}, {cm_store_entry_field_scep_gic_next, "scep_gic_next"}, {cm_store_entry_field_scep_req, "scep_req"}, {cm_store_entry_field_scep_req_next, "scep_req_next"}, {cm_store_entry_field_minicert, "minicert"}, {cm_store_entry_field_state, "state"}, {cm_store_entry_field_autorenew, "autorenew"}, {cm_store_entry_field_monitor, "monitor"}, {cm_store_entry_field_ca_nickname, "ca_name"}, {cm_store_entry_field_submitted, "submitted"}, {cm_store_entry_field_ca_cookie, "ca_cookie"}, {cm_store_entry_field_ca_error, "ca_error"}, {cm_store_entry_field_cert, "cert"}, {cm_store_entry_field_cert_chain, "cert_chain"}, {cm_store_entry_field_cert_roots, "cert_roots"}, {cm_store_entry_field_pre_certsave_command, "pre_certsave_command"}, {cm_store_entry_field_pre_certsave_uid, "pre_certsave_uid"}, {cm_store_entry_field_post_certsave_command, "post_certsave_command"}, {cm_store_entry_field_post_certsave_uid, "post_certsave_uid"}, {cm_store_entry_field_root_cert_files, "root_cert_files"}, {cm_store_entry_field_other_root_cert_files, "other_root_cert_files"}, {cm_store_entry_field_other_cert_files, "other_cert_files"}, {cm_store_entry_field_root_cert_nssdbs, "root_cert_dbs"}, {cm_store_entry_field_other_root_cert_nssdbs, "other_root_cert_dbs"}, {cm_store_entry_field_other_cert_nssdbs, "other_cert_dbs"}, {cm_store_ca_field_aka, "ca_aka"}, {cm_store_ca_field_known_issuer_names, "ca_issuer_names"}, {cm_store_ca_field_is_default, "ca_is_default"}, {cm_store_ca_field_type, "ca_type"}, {cm_store_ca_field_internal_serial, "ca_internal_serial"}, {cm_store_ca_field_internal_issue_time, "ca_internal_issue_time"}, {cm_store_ca_field_external_helper, "ca_external_helper"}, {cm_store_ca_field_root_certs, "ca_root_certs"}, {cm_store_ca_field_other_root_certs, "ca_other_root_certs"}, {cm_store_ca_field_other_certs, "ca_other_certs"}, {cm_store_ca_field_required_enroll_attributes, "ca_required_enroll_attributes"}, {cm_store_ca_field_required_renewal_attributes, "ca_required_renewal_attributes"}, {cm_store_ca_field_profiles, "ca_profiles"}, {cm_store_ca_field_default_profile, "ca_default_profile"}, {cm_store_ca_field_pre_save_command, "ca_pre_save_command"}, {cm_store_ca_field_pre_save_uid, "ca_pre_save_uid"}, {cm_store_ca_field_post_save_command, "ca_post_save_command"}, {cm_store_ca_field_post_save_uid, "ca_post_save_uid"}, {cm_store_ca_field_root_cert_files, "ca_root_cert_files"}, {cm_store_ca_field_other_root_cert_files, "ca_other_root_cert_files"}, {cm_store_ca_field_other_cert_files, "ca_other_cert_files"}, {cm_store_ca_field_root_cert_nssdbs, "ca_root_cert_dbs"}, {cm_store_ca_field_other_root_cert_nssdbs, "ca_other_root_cert_dbs"}, {cm_store_ca_field_other_cert_nssdbs, "ca_other_cert_dbs"}, {cm_store_ca_field_capabilities, "ca_capabilities"}, {cm_store_ca_field_scep_cipher, "scep_cipher"}, {cm_store_ca_field_scep_digest, "scep_digest"}, {cm_store_ca_field_scep_ca_identifier, "scep_ca_identifier"}, {cm_store_ca_field_encryption_cert, "ca_encryption_cert"}, {cm_store_ca_field_encryption_issuer_cert, "ca_encryption_issuer_cert"}, {cm_store_ca_field_encryption_cert_pool, "ca_encryption_cert_pool"}, }; static enum cm_store_file_field cm_store_file_field_of_line(char *p) { unsigned int i, len; struct cm_store_file_field_list *entry; for (i = 0; i < sizeof(cm_store_file_field_list) / sizeof(cm_store_file_field_list[0]); i++) { entry = &cm_store_file_field_list[i]; len = strlen(entry->name); if (strcspn(p, "\r\n") < len) { continue; } if ((strncasecmp(p, entry->name, len) == 0) && (p[len] == '=')) { memmove(p, p + len + 1, strlen(p + len)); return entry->field; } } return cm_store_file_field_invalid_high; } static const char * cm_store_file_line_of_field(enum cm_store_file_field field) { unsigned int i; struct cm_store_file_field_list *entry; for (i = 0; i < sizeof(cm_store_file_field_list) / sizeof(cm_store_file_field_list[0]); i++) { entry = &cm_store_file_field_list[i]; if (entry->field == field) { return entry->name; } } return NULL; } static dbus_bool_t cm_store_should_ignore_file(const char *filename) { const char *ignore[] = {".tmp", ".rpmsave", ".rpmorig", ".rpmnew", "~", "#"}; unsigned int i, len, ilen; len = strlen(filename); for (i = 0; i < sizeof(ignore) / sizeof(ignore[0]); i++) { ilen = strlen(ignore[i]); if ((len > ilen) && (strcmp(filename + len - ilen, ignore[i]) == 0)) { return TRUE; } } return FALSE; } static ssize_t my_getline(char **buf, size_t *n, FILE *stream) { size_t used = 0, max = 128; char *ret, *tmp; *buf = NULL; *n = 0; ret = malloc(max); if (ret == NULL) { return -1; } while (fgets(ret + used, max - used, stream) != NULL) { used += strlen(ret + used); if ((used > 0) && (ret[used - 1] == '\n')) { break; } if (used >= max - 1) { max *= 2; if (max > 1024 * 1024) { free(ret); return -1; } tmp = realloc(ret, max); if (tmp == NULL) { free(ret); return -1; } ret = tmp; } } *buf = ret; *n = used; return used; } static char ** cm_store_file_read_lines(void *parent, FILE *fp) { char *buf, *s, *t, **lines, **tlines; int n_lines, trim, offset; size_t buflen; s = NULL; lines = NULL; n_lines = 0; trim = 1; buf = NULL; buflen = 0; while (my_getline(&buf, &buflen, fp) > 0) { offset = 0; switch (buf[0]) { case '=': offset = 1; /* fall through */ default: /* If we've already been reading a line, append it to * the list. */ if (s != NULL) { tlines = talloc_realloc(parent, lines, char *, n_lines + 2); if (tlines != NULL) { if (trim) { s[strcspn(s, "\r\n")] = '\0'; } talloc_steal(tlines, s); tlines[n_lines++] = s; tlines[n_lines] = NULL; lines = tlines; } } /* Store this line's data, and default to trimming off * end-of-line markers. */ trim = 1; s = talloc_strdup(parent, buf + offset); break; case ' ': /* Since this is a multi-line item, refrain from * trimming off any end-of-line characters, and just * append it to the list of things we've read. */ trim = 0; t = talloc_strdup_append(s, buf + 1); if (t != NULL) { s = t; } break; case '#': case ';': break; } free(buf); buf = NULL; } /* If we were reading a line, append it to the list. */ if (s != NULL) { tlines = talloc_realloc(parent, lines, char *, n_lines + 2); if (tlines != NULL) { if (trim) { s[strcspn(s, "\r\n")] = '\0'; } talloc_steal(tlines, s); tlines[n_lines++] = s; tlines[n_lines] = NULL; lines = tlines; } } free(buf); return lines; } static char * free_if_empty(char *s) { if ((s != NULL) && (strlen(s) == 0)) { talloc_free(s); s = NULL; } return s; } static char ** free_if_empty_multi(void *parent, char *p) { char **s; int i, j, k; if ((p == NULL) || (strlen(p) == 0)) { if (p != NULL) { talloc_free(p); } return NULL; } s = talloc_zero_array(parent, char *, strlen(p) + 2); i = 0; while (*p != '\0') { s[i] = talloc_strdup(parent, p); j = 0; k = 0; while ((p[j] != ',') && (p[j] != '\0')) { switch (p[j]) { case '\\': j++; memmove(s[i] + k, p + j, strlen(p + j)); break; default: break; } j++; k++; } s[i][k] = '\0'; if (k > 0) { i++; } else { talloc_free(s[i]); s[i] = NULL; } if (p[j] == '\0') { break; } else { p += (j + 1); } } s[i] = NULL; if (i > 0) { return s; } else { talloc_free(s); return NULL; } } static struct cm_nickcert ** parse_nickcert_list(void *parent, const char *s) { struct cm_nickcert **ret = NULL, **tmp, *nc; const char *p, *q; int i = 0, j; p = s; while (*p != '\0') { nc = talloc_ptrtype(parent, nc); if (nc == NULL) { return NULL; } memset(nc, 0, sizeof(*nc)); q = p + strcspn(p, "\r\n"); nc->cm_nickname = talloc_strndup(nc, p, q - p); if (nc->cm_nickname == NULL) { talloc_free(ret); return NULL; } for (j = 0; nc->cm_nickname[j] != '\0'; j++) { if (nc->cm_nickname[j] == '\\') { memmove(nc->cm_nickname + j, nc->cm_nickname + j + 1, strlen(nc->cm_nickname + j)); } } p = q + strspn(q, "\r\n"); q = strstr(p, "-----END"); if (q == NULL) { talloc_free(ret); return NULL; } q += strcspn(q, "\r\n"); q += strspn(q, "\r\n"); nc->cm_cert = talloc_strndup(nc, p, q - p); if (nc->cm_cert == NULL) { talloc_free(ret); return NULL; } tmp = talloc_realloc(parent, ret, struct cm_nickcert *, i + 2); if (tmp == NULL) { talloc_free(ret); return NULL; } ret = tmp; talloc_steal(ret, nc); ret[i++] = nc; ret[i] = NULL; p = q; } return ret; } #ifdef HAVE_GMP static void fill_uuid(unsigned char *uuid, size_t length) { gmp_randstate_t state; unsigned int i; gmp_randinit_default(state); for (i = 0; i < length; i++) { uuid[i] = gmp_urandomb_ui(state, 8); } } #endif int cm_store_make_uuid_string(char out[37]) { unsigned char uuid[16]; char *p; int i; #ifdef HAVE_UUID if (cm_submit_uuid_new(uuid) == 0) { /* we're good */ } else #endif #ifdef HAVE_GMP fill_uuid(uuid, sizeof(uuid)); #else return -1; #endif for (i = 0, p = out; i < 16; i++) { switch (i) { case 4: case 6: case 8: case 10: *p++ = '-'; break; default: break; } snprintf(p, 3, "%02x", uuid[i]); p += 2; } return p - out; } int cm_store_make_uuid_string_underscore(char out[37]) { int i, j; i = cm_store_make_uuid_string(out); if (i > 0) { for (j = 0; j < i; j++) { if (out[j] == '-') { out[j] = '_'; } } } return i; } char * cm_store_entry_next_busname(void *parent) { return talloc_asprintf(parent, "Request%llu", ++cm_entry_name_last); } static struct cm_store_entry * cm_store_entry_read(void *parent, const char *filename, FILE *fp) { struct cm_store_entry *ret; char **s, *p, *end; int i; enum cm_store_file_field field; ret = cm_store_entry_new(parent); if (ret != NULL) { s = cm_store_file_read_lines(ret, fp); ret->cm_busname = cm_store_entry_next_busname(ret); ret->cm_store_private = talloc_strdup(ret, filename); ret->cm_template_ca_path_length = -1; for (i = 0; (s != NULL) && (s[i] != NULL); i++) { p = s[i]; field = cm_store_file_field_of_line(p); switch (field) { case cm_store_file_field_invalid: case cm_store_file_field_invalid_high: break; case cm_store_ca_field_aka: case cm_store_ca_field_known_issuer_names: case cm_store_ca_field_is_default: case cm_store_ca_field_type: case cm_store_ca_field_internal_serial: case cm_store_ca_field_internal_issue_time: case cm_store_ca_field_external_helper: case cm_store_ca_field_root_certs: case cm_store_ca_field_other_root_certs: case cm_store_ca_field_other_certs: case cm_store_ca_field_required_enroll_attributes: case cm_store_ca_field_required_renewal_attributes: case cm_store_ca_field_profiles: case cm_store_ca_field_default_profile: case cm_store_ca_field_pre_save_command: case cm_store_ca_field_pre_save_uid: case cm_store_ca_field_post_save_command: case cm_store_ca_field_post_save_uid: case cm_store_ca_field_root_cert_files: case cm_store_ca_field_other_root_cert_files: case cm_store_ca_field_other_cert_files: case cm_store_ca_field_root_cert_nssdbs: case cm_store_ca_field_other_root_cert_nssdbs: case cm_store_ca_field_other_cert_nssdbs: case cm_store_ca_field_capabilities: case cm_store_ca_field_scep_cipher: case cm_store_ca_field_scep_digest: case cm_store_ca_field_scep_ca_identifier: case cm_store_ca_field_encryption_cert: case cm_store_ca_field_encryption_issuer_cert: case cm_store_ca_field_encryption_cert_pool: break; case cm_store_file_field_id: ret->cm_nickname = free_if_empty(p); break; case cm_store_entry_field_key_type: if (strcasecmp(s[i], "RSA") == 0) { ret->cm_key_type.cm_key_algorithm = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (strcasecmp(s[i], "DSA") == 0) { ret->cm_key_type.cm_key_algorithm = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if ((strcasecmp(s[i], "ECDSA") == 0) || (strcasecmp(s[i], "EC") == 0)) { ret->cm_key_type.cm_key_algorithm = cm_key_ecdsa; #endif } else { ret->cm_key_type.cm_key_algorithm = cm_key_unspecified; } talloc_free(p); break; case cm_store_entry_field_key_gen_type: if (strcasecmp(s[i], "RSA") == 0) { ret->cm_key_type.cm_key_gen_algorithm = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (strcasecmp(s[i], "DSA") == 0) { ret->cm_key_type.cm_key_gen_algorithm = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if ((strcasecmp(s[i], "ECDSA") == 0) || (strcasecmp(s[i], "EC") == 0)) { ret->cm_key_type.cm_key_gen_algorithm = cm_key_ecdsa; #endif } else { ret->cm_key_type.cm_key_gen_algorithm = cm_key_unspecified; } talloc_free(p); break; case cm_store_entry_field_key_size: ret->cm_key_type.cm_key_size = atoi(p); talloc_free(p); break; case cm_store_entry_field_key_gen_size: ret->cm_key_type.cm_key_gen_size = atoi(p); talloc_free(p); break; case cm_store_entry_field_key_next_type: if (strcasecmp(s[i], "RSA") == 0) { ret->cm_key_next_type.cm_key_algorithm = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (strcasecmp(s[i], "DSA") == 0) { ret->cm_key_next_type.cm_key_algorithm = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if ((strcasecmp(s[i], "ECDSA") == 0) || (strcasecmp(s[i], "EC") == 0)) { ret->cm_key_next_type.cm_key_algorithm = cm_key_ecdsa; #endif } else { ret->cm_key_next_type.cm_key_algorithm = cm_key_unspecified; } talloc_free(p); break; case cm_store_entry_field_key_next_gen_type: if (strcasecmp(s[i], "RSA") == 0) { ret->cm_key_next_type.cm_key_gen_algorithm = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (strcasecmp(s[i], "DSA") == 0) { ret->cm_key_next_type.cm_key_gen_algorithm = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if ((strcasecmp(s[i], "ECDSA") == 0) || (strcasecmp(s[i], "EC") == 0)) { ret->cm_key_next_type.cm_key_gen_algorithm = cm_key_ecdsa; #endif } else { ret->cm_key_next_type.cm_key_gen_algorithm = cm_key_unspecified; } talloc_free(p); break; case cm_store_entry_field_key_next_size: ret->cm_key_next_type.cm_key_size = atoi(p); talloc_free(p); break; case cm_store_entry_field_key_next_gen_size: ret->cm_key_next_type.cm_key_gen_size = atoi(p); talloc_free(p); break; case cm_store_entry_field_key_preserve: ret->cm_key_preserve = atoi(p) != 0; break; case cm_store_entry_field_key_next_marker: ret->cm_key_next_marker = free_if_empty(p); break; case cm_store_entry_field_key_storage_type: ret->cm_key_storage_type = cm_key_storage_none; if (strcasecmp(p, "FILE") == 0) { ret->cm_key_storage_type = cm_key_storage_file; } else if (strcasecmp(p, "NSSDB") == 0) { ret->cm_key_storage_type = cm_key_storage_nssdb; } else if (strcasecmp(p, "NONE") == 0) { ret->cm_key_storage_type = cm_key_storage_none; } talloc_free(p); break; case cm_store_entry_field_key_storage_location: ret->cm_key_storage_location = free_if_empty(p); if (ret->cm_key_storage_location != NULL) { p = cm_store_canonicalize_path(ret, ret->cm_key_storage_location); talloc_free(ret->cm_key_storage_location); ret->cm_key_storage_location = p; } break; case cm_store_entry_field_key_token: ret->cm_key_token = free_if_empty(p); break; case cm_store_entry_field_key_nickname: ret->cm_key_nickname = free_if_empty(p); break; case cm_store_entry_field_key_pin: ret->cm_key_pin = free_if_empty(p); if (ret->cm_key_pin_file != NULL) { ret->cm_key_pin = NULL; } break; case cm_store_entry_field_key_pin_file: ret->cm_key_pin_file = free_if_empty(p); if (ret->cm_key_pin_file != NULL) { ret->cm_key_pin = NULL; } break; case cm_store_entry_field_key_owner: ret->cm_key_owner = free_if_empty(p); break; case cm_store_entry_field_key_perms: if (strlen(p) > 0) { ret->cm_key_perms = strtoul(p, &end, 8); if ((end == NULL) || (*end != '\0')) { ret->cm_key_perms = 0; } } break; case cm_store_entry_field_key_pubkey: ret->cm_key_pubkey = free_if_empty(p); break; case cm_store_entry_field_key_pubkey_info: ret->cm_key_pubkey_info = free_if_empty(p); break; case cm_store_entry_field_key_next_pubkey: ret->cm_key_next_pubkey = free_if_empty(p); break; case cm_store_entry_field_key_next_pubkey_info: ret->cm_key_next_pubkey_info = free_if_empty(p); break; case cm_store_entry_field_key_generated_date: ret->cm_key_generated_date = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_key_next_generated_date: ret->cm_key_next_generated_date = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_key_requested_count: ret->cm_key_requested_count = atoi(p); talloc_free(p); break; case cm_store_entry_field_key_next_requested_count: ret->cm_key_next_requested_count = atoi(p); talloc_free(p); break; case cm_store_entry_field_key_issued_count: ret->cm_key_issued_count = atoi(p); talloc_free(p); break; case cm_store_entry_field_nss_user: ret->cm_nss_user = free_if_empty(p); break; case cm_store_entry_field_cert_storage_type: if (strcasecmp(p, "FILE") == 0) { ret->cm_cert_storage_type = cm_cert_storage_file; } else if (strcasecmp(p, "NSSDB") == 0) { ret->cm_cert_storage_type = cm_cert_storage_nssdb; } else { ret->cm_cert_storage_type = cm_cert_storage_file; } talloc_free(p); break; case cm_store_entry_field_cert_storage_location: ret->cm_cert_storage_location = free_if_empty(p); if (ret->cm_cert_storage_location != NULL) { p = cm_store_canonicalize_path(ret, ret->cm_cert_storage_location); talloc_free(ret->cm_cert_storage_location); ret->cm_cert_storage_location = p; } break; case cm_store_entry_field_cert_token: ret->cm_cert_token = free_if_empty(p); break; case cm_store_entry_field_cert_nickname: ret->cm_cert_nickname = free_if_empty(p); break; case cm_store_entry_field_cert_owner: ret->cm_cert_owner = free_if_empty(p); break; case cm_store_entry_field_cert_perms: if (strlen(p) > 0) { ret->cm_cert_perms = strtoul(p, &end, 8); if ((end == NULL) || (*end != '\0')) { ret->cm_cert_perms = 0; } } break; case cm_store_entry_field_cert_issuer_der: ret->cm_cert_issuer_der = free_if_empty(p); break; case cm_store_entry_field_cert_issuer: ret->cm_cert_issuer = free_if_empty(p); break; case cm_store_entry_field_cert_serial: ret->cm_cert_serial = free_if_empty(p); break; case cm_store_entry_field_cert_subject_der: ret->cm_cert_subject_der = free_if_empty(p); break; case cm_store_entry_field_cert_subject: ret->cm_cert_subject = free_if_empty(p); break; case cm_store_entry_field_cert_spki: ret->cm_cert_spki = free_if_empty(p); break; case cm_store_entry_field_cert_not_before: ret->cm_cert_not_before = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_cert_not_after: ret->cm_cert_not_after = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_cert_hostname: ret->cm_cert_hostname = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_email: ret->cm_cert_email = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_principal: ret->cm_cert_principal = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_ipaddress: ret->cm_cert_ipaddress = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_ku: ret->cm_cert_ku = free_if_empty(p); break; case cm_store_entry_field_cert_eku: ret->cm_cert_eku = free_if_empty(p); break; case cm_store_entry_field_cert_is_ca: ret->cm_cert_is_ca = atoi(p) != 0; talloc_free(p); break; case cm_store_entry_field_cert_ca_path_length: ret->cm_cert_ca_path_length = atoi(p); talloc_free(p); break; case cm_store_entry_field_cert_crl_distribution_point: ret->cm_cert_crl_distribution_point = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_freshest_crl: ret->cm_cert_freshest_crl = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_ocsp_location: ret->cm_cert_ocsp_location = free_if_empty_multi(ret, p); break; case cm_store_entry_field_cert_ns_comment: ret->cm_cert_ns_comment = free_if_empty(p); break; case cm_store_entry_field_cert_profile: ret->cm_cert_profile = free_if_empty(p); break; case cm_store_entry_field_cert_no_ocsp_check: ret->cm_cert_no_ocsp_check = atoi(p) != 0; talloc_free(p); break; case cm_store_entry_field_cert_ns_certtype: ret->cm_cert_ns_certtype = free_if_empty(p); break; case cm_store_entry_field_last_expiration_check: /* backward compatibility before we split them * into two settings */ ret->cm_last_need_notify_check = cm_store_time_from_timestamp(p); ret->cm_last_need_enroll_check = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_last_need_notify_check: ret->cm_last_need_notify_check = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_last_need_enroll_check: ret->cm_last_need_enroll_check = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_template_subject_der: ret->cm_template_subject_der = free_if_empty(p); break; case cm_store_entry_field_template_subject: ret->cm_template_subject = free_if_empty(p); break; case cm_store_entry_field_template_hostname: ret->cm_template_hostname = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_email: ret->cm_template_email = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_principal: ret->cm_template_principal = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_ipaddress: ret->cm_template_ipaddress = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_ku: ret->cm_template_ku = free_if_empty(p); break; case cm_store_entry_field_template_eku: ret->cm_template_eku = free_if_empty(p); break; case cm_store_entry_field_template_is_ca: ret->cm_template_is_ca = atoi(p) != 0; talloc_free(p); break; case cm_store_entry_field_template_ca_path_length: ret->cm_template_ca_path_length = atoi(p); talloc_free(p); break; case cm_store_entry_field_template_crl_distribution_point: ret->cm_template_crl_distribution_point = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_freshest_crl: ret->cm_template_freshest_crl = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_ocsp_location: ret->cm_template_ocsp_location = free_if_empty_multi(ret, p); break; case cm_store_entry_field_template_ns_comment: ret->cm_template_ns_comment = free_if_empty(p); break; case cm_store_entry_field_template_profile: ret->cm_template_profile = free_if_empty(p); break; case cm_store_entry_field_template_certificate_template: ret->cm_template_certificate_template = free_if_empty(p); break; case cm_store_entry_field_template_issuer: ret->cm_template_issuer = free_if_empty(p); break; case cm_store_entry_field_template_no_ocsp_check: ret->cm_template_no_ocsp_check = atoi(p) != 0; talloc_free(p); break; case cm_store_entry_field_template_ns_certtype: ret->cm_template_ns_certtype = free_if_empty(p); break; case cm_store_entry_field_challenge_password: ret->cm_template_challenge_password = free_if_empty(p); break; case cm_store_entry_field_challenge_password_file: ret->cm_template_challenge_password_file = free_if_empty(p); break; case cm_store_entry_field_csr: ret->cm_csr = free_if_empty(p); break; case cm_store_entry_field_spkac: ret->cm_spkac = free_if_empty(p); break; case cm_store_entry_field_scep_tx: ret->cm_scep_tx = free_if_empty(p); break; case cm_store_entry_field_scep_nonce: ret->cm_scep_nonce = free_if_empty(p); break; case cm_store_entry_field_scep_last_nonce: ret->cm_scep_last_nonce = free_if_empty(p); break; case cm_store_entry_field_scep_gic: ret->cm_scep_gic = free_if_empty(p); break; case cm_store_entry_field_scep_gic_next: ret->cm_scep_gic_next = free_if_empty(p); break; case cm_store_entry_field_scep_req: ret->cm_scep_req = free_if_empty(p); break; case cm_store_entry_field_scep_req_next: ret->cm_scep_req_next = free_if_empty(p); break; case cm_store_entry_field_minicert: ret->cm_minicert = free_if_empty(p); break; case cm_store_entry_field_state: ret->cm_state = cm_store_state_from_string(p); talloc_free(p); break; case cm_store_entry_field_autorenew: ret->cm_autorenew = atoi(p); talloc_free(p); break; case cm_store_entry_field_monitor: ret->cm_monitor = atoi(p); talloc_free(p); break; case cm_store_entry_field_ca_nickname: ret->cm_ca_nickname = free_if_empty(p); break; case cm_store_entry_field_submitted: ret->cm_submitted = cm_store_time_from_timestamp(p); talloc_free(p); break; case cm_store_entry_field_ca_cookie: ret->cm_ca_cookie = free_if_empty(p); break; case cm_store_entry_field_ca_error: ret->cm_ca_error = free_if_empty(p); break; case cm_store_entry_field_cert: ret->cm_cert = free_if_empty(p); break; case cm_store_entry_field_cert_chain: ret->cm_cert_chain = parse_nickcert_list(ret, p); talloc_free(p); break; case cm_store_entry_field_cert_roots: ret->cm_cert_roots = parse_nickcert_list(ret, p); talloc_free(p); break; case cm_store_entry_field_pre_certsave_command: ret->cm_pre_certsave_command = free_if_empty(p); break; case cm_store_entry_field_pre_certsave_uid: ret->cm_pre_certsave_uid = free_if_empty(p); break; case cm_store_entry_field_post_certsave_command: ret->cm_post_certsave_command = free_if_empty(p); break; case cm_store_entry_field_post_certsave_uid: ret->cm_post_certsave_uid = free_if_empty(p); break; case cm_store_entry_field_root_cert_files: ret->cm_root_cert_store_files = free_if_empty_multi(ret, p); break; case cm_store_entry_field_other_root_cert_files: ret->cm_other_root_cert_store_files = free_if_empty_multi(ret, p); break; case cm_store_entry_field_other_cert_files: ret->cm_other_cert_store_files = free_if_empty_multi(ret, p); break; case cm_store_entry_field_root_cert_nssdbs: ret->cm_root_cert_store_nssdbs = free_if_empty_multi(ret, p); break; case cm_store_entry_field_other_root_cert_nssdbs: ret->cm_other_root_cert_store_nssdbs = free_if_empty_multi(ret, p); break; case cm_store_entry_field_other_cert_nssdbs: ret->cm_other_cert_store_nssdbs = free_if_empty_multi(ret, p); break; } } } return ret; } struct cm_store_entry * cm_store_files_entry_read(void *parent, const char *filename) { FILE *fp; struct cm_store_entry *ret; if (filename != NULL) { fp = fopen(filename, "r"); if (fp != NULL) { ret = cm_store_entry_read(parent, filename, fp); fclose(fp); } else { ret = NULL; } } else { ret = NULL; } return ret; } char * cm_store_ca_next_busname(void *parent) { return talloc_asprintf(parent, "CA%llu", ++cm_ca_name_last); } static struct cm_store_ca * cm_store_ca_read(void *parent, const char *filename, FILE *fp) { struct cm_store_ca *ret; char **s, *p; int i; enum cm_store_file_field field; ret = cm_store_ca_new(parent); if (ret != NULL) { s = cm_store_file_read_lines(ret, fp); ret->cm_busname = cm_store_ca_next_busname(ret); ret->cm_store_private = talloc_strdup(ret, filename); for (i = 0; (s != NULL) && (s[i] != NULL); i++) { p = s[i]; field = cm_store_file_field_of_line(p); switch (field) { case cm_store_file_field_invalid: case cm_store_file_field_invalid_high: break; case cm_store_entry_field_key_type: case cm_store_entry_field_key_gen_type: case cm_store_entry_field_key_size: case cm_store_entry_field_key_gen_size: case cm_store_entry_field_key_next_type: case cm_store_entry_field_key_next_gen_type: case cm_store_entry_field_key_next_size: case cm_store_entry_field_key_next_gen_size: case cm_store_entry_field_key_preserve: case cm_store_entry_field_key_next_marker: case cm_store_entry_field_key_storage_type: case cm_store_entry_field_key_storage_location: case cm_store_entry_field_key_token: case cm_store_entry_field_key_nickname: case cm_store_entry_field_key_pin: case cm_store_entry_field_key_pin_file: case cm_store_entry_field_key_owner: case cm_store_entry_field_key_perms: case cm_store_entry_field_key_pubkey: case cm_store_entry_field_key_pubkey_info: case cm_store_entry_field_key_next_pubkey: case cm_store_entry_field_key_next_pubkey_info: case cm_store_entry_field_key_generated_date: case cm_store_entry_field_key_next_generated_date: case cm_store_entry_field_key_requested_count: case cm_store_entry_field_key_next_requested_count: case cm_store_entry_field_key_issued_count: case cm_store_entry_field_nss_user: case cm_store_entry_field_cert_storage_type: case cm_store_entry_field_cert_storage_location: case cm_store_entry_field_cert_token: case cm_store_entry_field_cert_nickname: case cm_store_entry_field_cert_owner: case cm_store_entry_field_cert_perms: case cm_store_entry_field_cert_issuer_der: case cm_store_entry_field_cert_issuer: case cm_store_entry_field_cert_serial: case cm_store_entry_field_cert_subject_der: case cm_store_entry_field_cert_subject: case cm_store_entry_field_cert_spki: case cm_store_entry_field_cert_not_before: case cm_store_entry_field_cert_not_after: case cm_store_entry_field_cert_hostname: case cm_store_entry_field_cert_email: case cm_store_entry_field_cert_principal: case cm_store_entry_field_cert_ipaddress: case cm_store_entry_field_cert_ku: case cm_store_entry_field_cert_eku: case cm_store_entry_field_cert_is_ca: case cm_store_entry_field_cert_ca_path_length: case cm_store_entry_field_cert_crl_distribution_point: case cm_store_entry_field_cert_freshest_crl: case cm_store_entry_field_cert_ocsp_location: case cm_store_entry_field_cert_ns_comment: case cm_store_entry_field_cert_profile: case cm_store_entry_field_cert_no_ocsp_check: case cm_store_entry_field_cert_ns_certtype: case cm_store_entry_field_last_expiration_check: case cm_store_entry_field_last_need_notify_check: case cm_store_entry_field_last_need_enroll_check: case cm_store_entry_field_template_subject_der: case cm_store_entry_field_template_subject: case cm_store_entry_field_template_hostname: case cm_store_entry_field_template_email: case cm_store_entry_field_template_principal: case cm_store_entry_field_template_ipaddress: case cm_store_entry_field_template_ku: case cm_store_entry_field_template_eku: case cm_store_entry_field_template_is_ca: case cm_store_entry_field_template_ca_path_length: case cm_store_entry_field_template_crl_distribution_point: case cm_store_entry_field_template_freshest_crl: case cm_store_entry_field_template_ocsp_location: case cm_store_entry_field_template_ns_comment: case cm_store_entry_field_template_profile: case cm_store_entry_field_template_certificate_template: case cm_store_entry_field_template_issuer: case cm_store_entry_field_template_no_ocsp_check: case cm_store_entry_field_template_ns_certtype: case cm_store_entry_field_challenge_password: case cm_store_entry_field_challenge_password_file: case cm_store_entry_field_csr: case cm_store_entry_field_spkac: case cm_store_entry_field_scep_tx: case cm_store_entry_field_scep_nonce: case cm_store_entry_field_scep_last_nonce: case cm_store_entry_field_scep_gic: case cm_store_entry_field_scep_gic_next: case cm_store_entry_field_scep_req: case cm_store_entry_field_scep_req_next: case cm_store_entry_field_minicert: case cm_store_entry_field_state: case cm_store_entry_field_autorenew: case cm_store_entry_field_monitor: case cm_store_entry_field_ca_nickname: case cm_store_entry_field_submitted: case cm_store_entry_field_ca_cookie: case cm_store_entry_field_ca_error: case cm_store_entry_field_cert: case cm_store_entry_field_cert_chain: case cm_store_entry_field_cert_roots: case cm_store_entry_field_pre_certsave_command: case cm_store_entry_field_pre_certsave_uid: case cm_store_entry_field_post_certsave_command: case cm_store_entry_field_post_certsave_uid: case cm_store_entry_field_root_cert_files: case cm_store_entry_field_other_root_cert_files: case cm_store_entry_field_other_cert_files: case cm_store_entry_field_root_cert_nssdbs: case cm_store_entry_field_other_root_cert_nssdbs: case cm_store_entry_field_other_cert_nssdbs: break; case cm_store_file_field_id: ret->cm_nickname = free_if_empty(p); break; case cm_store_ca_field_aka: ret->cm_ca_aka = free_if_empty(p); break; case cm_store_ca_field_known_issuer_names: ret->cm_ca_known_issuer_names = free_if_empty_multi(ret, p); break; case cm_store_ca_field_is_default: ret->cm_ca_is_default = atoi(p); talloc_free(p); break; case cm_store_ca_field_type: if (strcasecmp(p, "EXTERNAL") == 0) { ret->cm_ca_type = cm_ca_external; } else if (strcasecmp(p, "INTERNAL:SELF") == 0) { ret->cm_ca_type = cm_ca_internal_self; } else { ret->cm_ca_type = cm_ca_external; } talloc_free(p); break; case cm_store_ca_field_internal_serial: ret->cm_ca_internal_serial = free_if_empty(p); break; case cm_store_ca_field_internal_issue_time: ret->cm_ca_internal_force_issue_time = 1; ret->cm_ca_internal_issue_time = atol(p); talloc_free(p); break; case cm_store_ca_field_external_helper: ret->cm_ca_external_helper = free_if_empty(p); break; case cm_store_ca_field_root_certs: ret->cm_ca_root_certs = parse_nickcert_list(ret, p); talloc_free(p); break; case cm_store_ca_field_other_root_certs: ret->cm_ca_other_root_certs = parse_nickcert_list(ret, p); talloc_free(p); break; case cm_store_ca_field_other_certs: ret->cm_ca_other_certs = parse_nickcert_list(ret, p); talloc_free(p); break; case cm_store_ca_field_required_enroll_attributes: ret->cm_ca_required_enroll_attributes = free_if_empty_multi(ret, p); break; case cm_store_ca_field_required_renewal_attributes: ret->cm_ca_required_renewal_attributes = free_if_empty_multi(ret, p); break; case cm_store_ca_field_profiles: ret->cm_ca_profiles = free_if_empty_multi(ret, p); break; case cm_store_ca_field_default_profile: ret->cm_ca_default_profile = free_if_empty(p); break; case cm_store_ca_field_pre_save_command: ret->cm_ca_pre_save_command = free_if_empty(p); break; case cm_store_ca_field_pre_save_uid: ret->cm_ca_pre_save_uid = free_if_empty(p); break; case cm_store_ca_field_post_save_command: ret->cm_ca_post_save_command = free_if_empty(p); break; case cm_store_ca_field_post_save_uid: ret->cm_ca_post_save_uid = free_if_empty(p); break; case cm_store_ca_field_root_cert_files: ret->cm_ca_root_cert_store_files = free_if_empty_multi(ret, p); break; case cm_store_ca_field_other_root_cert_files: ret->cm_ca_other_root_cert_store_files = free_if_empty_multi(ret, p); break; case cm_store_ca_field_other_cert_files: ret->cm_ca_other_cert_store_files = free_if_empty_multi(ret, p); break; case cm_store_ca_field_root_cert_nssdbs: ret->cm_ca_root_cert_store_nssdbs = free_if_empty_multi(ret, p); break; case cm_store_ca_field_other_root_cert_nssdbs: ret->cm_ca_other_root_cert_store_nssdbs = free_if_empty_multi(ret, p); break; case cm_store_ca_field_other_cert_nssdbs: ret->cm_ca_other_cert_store_nssdbs = free_if_empty_multi(ret, p); break; case cm_store_ca_field_capabilities: ret->cm_ca_capabilities = free_if_empty_multi(ret, p); break; case cm_store_ca_field_scep_cipher: ret->cm_ca_scep_cipher = free_if_empty(p); break; case cm_store_ca_field_scep_digest: ret->cm_ca_scep_digest = free_if_empty(p); break; case cm_store_ca_field_scep_ca_identifier: ret->cm_ca_scep_ca_identifier = free_if_empty(p); break; case cm_store_ca_field_encryption_cert: ret->cm_ca_encryption_cert = free_if_empty(p); break; case cm_store_ca_field_encryption_issuer_cert: ret->cm_ca_encryption_issuer_cert = free_if_empty(p); break; case cm_store_ca_field_encryption_cert_pool: ret->cm_ca_encryption_cert_pool = free_if_empty(p); break; } } if (ret->cm_ca_internal_serial == NULL) { ret->cm_ca_internal_serial = talloc_strdup(ret, CM_DEFAULT_CERT_SERIAL); } } return ret; } struct cm_store_ca * cm_store_files_ca_read(void *parent, const char *filename) { FILE *fp; struct cm_store_ca *ret; if (filename != NULL) { fp = fopen(filename, "r"); if (fp != NULL) { ret = cm_store_ca_read(parent, filename, fp); fclose(fp); } else { ret = NULL; } } else { ret = NULL; } return ret; } static int cm_store_file_write_octal(FILE *fp, enum cm_store_file_field field, unsigned long value) { fprintf(fp, "%s=%lo\n", cm_store_file_line_of_field(field), value); if (ferror(fp)) { return -1; } return 0; } static int cm_store_file_write_int(FILE *fp, enum cm_store_file_field field, long value) { fprintf(fp, "%s=%ld\n", cm_store_file_line_of_field(field), value); if (ferror(fp)) { return -1; } return 0; } static int cm_store_file_write_str(FILE *fp, enum cm_store_file_field field, const char *s) { const char *p, *q; if ((s == NULL) || (s[0] == '\0')) { return 0; } p = s; q = p + strcspn(p, "\r\n"); fprintf(fp, "%s=%.*s\n", cm_store_file_line_of_field(field), (int) (q - p), p); p = q + strspn(q, "\r\n"); while (*p != '\0') { q = p + strcspn(p, "\r\n"); fprintf(fp, " %.*s\n", (int) (q - p), p); if (*q == '\r') { q++; } if (*q == '\n') { q++; } if (p == q) { break; } p = q; } if (ferror(fp)) { return -1; } return 0; } static int cm_store_file_write_strs(FILE *fp, enum cm_store_file_field field, char **s) { int i, j; if ((s == NULL) || (s[0] == NULL)) { return 0; } fprintf(fp, "%s=", cm_store_file_line_of_field(field)); for (i = 0; (s != NULL) && (s[i] != NULL); i++) { if (i > 0) { fputc(',', fp); } for (j = 0; s[i][j] != '\0'; j++) { switch (s[i][j]) { case '\\': case ',': fputc('\\', fp); /* fall through */ default: fputc(s[i][j], fp); break; } } if (ferror(fp)) { return -1; } } fprintf(fp, "\n"); return 0; } static int cm_store_file_write_nickcert_list(FILE *fp, enum cm_store_file_field field, struct cm_nickcert **nc) { const char *p, *q; int i, j; if ((nc == NULL) || (nc[0] == NULL)) { return 0; } fprintf(fp, "%s=", cm_store_file_line_of_field(field)); for (i = 0; nc[i] != NULL; i++) { if (i > 0) { fputc(' ', fp); } for (j = 0; nc[i]->cm_nickname[j] != '\0'; j++) { switch (nc[i]->cm_nickname[j]) { case '\\': case ',': fputc('\\', fp); /* fall through */ default: fputc(nc[i]->cm_nickname[j], fp); break; } } if (ferror(fp)) { return -1; } fprintf(fp, "\n"); p = nc[i]->cm_cert; while (*p != '\0') { q = p + strcspn(p, "\r\n"); fprintf(fp, " %.*s\n", (int) (q - p), p); p = q + strspn(q, "\r\n"); } if (ferror(fp)) { return -1; } } return 0; } static int cm_store_entry_write(FILE *fp, struct cm_store_entry *entry) { char timestamp[15]; const char *p; if (entry->cm_nickname == NULL) { p = cm_store_timestamp_from_time(cm_time(NULL), timestamp); } else { p = entry->cm_nickname; } cm_store_file_write_str(fp, cm_store_file_field_id, p); switch (entry->cm_key_type.cm_key_algorithm) { case cm_key_unspecified: cm_store_file_write_str(fp, cm_store_entry_field_key_type, "UNSPECIFIED"); break; case cm_key_rsa: cm_store_file_write_str(fp, cm_store_entry_field_key_type, "RSA"); break; #ifdef CM_ENABLE_DSA case cm_key_dsa: cm_store_file_write_str(fp, cm_store_entry_field_key_type, "DSA"); break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: cm_store_file_write_str(fp, cm_store_entry_field_key_type, "EC"); break; #endif } switch (entry->cm_key_type.cm_key_gen_algorithm) { case cm_key_unspecified: cm_store_file_write_str(fp, cm_store_entry_field_key_gen_type, "UNSPECIFIED"); break; case cm_key_rsa: cm_store_file_write_str(fp, cm_store_entry_field_key_gen_type, "RSA"); break; #ifdef CM_ENABLE_DSA case cm_key_dsa: cm_store_file_write_str(fp, cm_store_entry_field_key_gen_type, "DSA"); break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: cm_store_file_write_str(fp, cm_store_entry_field_key_gen_type, "EC"); break; #endif } cm_store_file_write_int(fp, cm_store_entry_field_key_size, entry->cm_key_type.cm_key_size); cm_store_file_write_int(fp, cm_store_entry_field_key_gen_size, entry->cm_key_type.cm_key_gen_size); switch (entry->cm_key_next_type.cm_key_algorithm) { case cm_key_unspecified: cm_store_file_write_str(fp, cm_store_entry_field_key_next_type, "UNSPECIFIED"); break; case cm_key_rsa: cm_store_file_write_str(fp, cm_store_entry_field_key_next_type, "RSA"); break; #ifdef CM_ENABLE_DSA case cm_key_dsa: cm_store_file_write_str(fp, cm_store_entry_field_key_next_type, "DSA"); break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: cm_store_file_write_str(fp, cm_store_entry_field_key_next_type, "EC"); break; #endif } switch (entry->cm_key_next_type.cm_key_gen_algorithm) { case cm_key_unspecified: cm_store_file_write_str(fp, cm_store_entry_field_key_next_gen_type, "UNSPECIFIED"); break; case cm_key_rsa: cm_store_file_write_str(fp, cm_store_entry_field_key_next_gen_type, "RSA"); break; #ifdef CM_ENABLE_DSA case cm_key_dsa: cm_store_file_write_str(fp, cm_store_entry_field_key_next_gen_type, "DSA"); break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: cm_store_file_write_str(fp, cm_store_entry_field_key_next_gen_type, "EC"); break; #endif } cm_store_file_write_int(fp, cm_store_entry_field_key_next_size, entry->cm_key_next_type.cm_key_size); cm_store_file_write_int(fp, cm_store_entry_field_key_next_gen_size, entry->cm_key_next_type.cm_key_gen_size); cm_store_file_write_str(fp, cm_store_entry_field_key_next_marker, entry->cm_key_next_marker); cm_store_file_write_int(fp, cm_store_entry_field_key_preserve, entry->cm_key_preserve); switch (entry->cm_key_storage_type) { case cm_key_storage_file: cm_store_file_write_str(fp, cm_store_entry_field_key_storage_type, "FILE"); break; case cm_key_storage_nssdb: cm_store_file_write_str(fp, cm_store_entry_field_key_storage_type, "NSSDB"); break; case cm_key_storage_none: cm_store_file_write_str(fp, cm_store_entry_field_key_storage_type, "NONE"); break; } cm_store_file_write_str(fp, cm_store_entry_field_key_storage_location, entry->cm_key_storage_location); cm_store_file_write_str(fp, cm_store_entry_field_key_token, entry->cm_key_token); cm_store_file_write_str(fp, cm_store_entry_field_key_nickname, entry->cm_key_nickname); if (entry->cm_key_pin_file == NULL) { cm_store_file_write_str(fp, cm_store_entry_field_key_pin, entry->cm_key_pin); } cm_store_file_write_str(fp, cm_store_entry_field_key_pin_file, entry->cm_key_pin_file); cm_store_file_write_str(fp, cm_store_entry_field_key_owner, entry->cm_key_owner); cm_store_file_write_octal(fp, cm_store_entry_field_key_perms, entry->cm_key_perms); cm_store_file_write_str(fp, cm_store_entry_field_key_pubkey, entry->cm_key_pubkey); cm_store_file_write_str(fp, cm_store_entry_field_key_pubkey_info, entry->cm_key_pubkey_info); cm_store_file_write_str(fp, cm_store_entry_field_key_next_pubkey, entry->cm_key_next_pubkey); cm_store_file_write_str(fp, cm_store_entry_field_key_next_pubkey_info, entry->cm_key_next_pubkey_info); if (entry->cm_key_generated_date != 0) { cm_store_file_write_str(fp, cm_store_entry_field_key_generated_date, cm_store_timestamp_from_time(entry->cm_key_generated_date, timestamp)); } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { cm_store_file_write_str(fp, cm_store_entry_field_key_next_generated_date, cm_store_timestamp_from_time(entry->cm_key_next_generated_date, timestamp)); } cm_store_file_write_int(fp, cm_store_entry_field_key_requested_count, entry->cm_key_requested_count); if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { cm_store_file_write_int(fp, cm_store_entry_field_key_next_requested_count, entry->cm_key_next_requested_count); } cm_store_file_write_int(fp, cm_store_entry_field_key_issued_count, entry->cm_key_issued_count); switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: cm_store_file_write_str(fp, cm_store_entry_field_cert_storage_type, "FILE"); break; case cm_cert_storage_nssdb: cm_store_file_write_str(fp, cm_store_entry_field_cert_storage_type, "NSSDB"); break; } cm_store_file_write_str(fp, cm_store_entry_field_cert_storage_location, entry->cm_cert_storage_location); cm_store_file_write_str(fp, cm_store_entry_field_cert_token, entry->cm_cert_token); cm_store_file_write_str(fp, cm_store_entry_field_cert_nickname, entry->cm_cert_nickname); cm_store_file_write_str(fp, cm_store_entry_field_cert_owner, entry->cm_cert_owner); cm_store_file_write_octal(fp, cm_store_entry_field_cert_perms, entry->cm_cert_perms); cm_store_file_write_str(fp, cm_store_entry_field_cert_issuer_der, entry->cm_cert_issuer_der); cm_store_file_write_str(fp, cm_store_entry_field_cert_issuer, entry->cm_cert_issuer); cm_store_file_write_str(fp, cm_store_entry_field_cert_serial, entry->cm_cert_serial); cm_store_file_write_str(fp, cm_store_entry_field_cert_subject_der, entry->cm_cert_subject_der); cm_store_file_write_str(fp, cm_store_entry_field_cert_subject, entry->cm_cert_subject); cm_store_file_write_str(fp, cm_store_entry_field_cert_spki, entry->cm_cert_spki); if (entry->cm_cert_not_before != 0) { cm_store_file_write_str(fp, cm_store_entry_field_cert_not_before, cm_store_timestamp_from_time(entry->cm_cert_not_before, timestamp)); } if (entry->cm_cert_not_after != 0) { cm_store_file_write_str(fp, cm_store_entry_field_cert_not_after, cm_store_timestamp_from_time(entry->cm_cert_not_after, timestamp)); } cm_store_file_write_strs(fp, cm_store_entry_field_cert_hostname, entry->cm_cert_hostname); cm_store_file_write_strs(fp, cm_store_entry_field_cert_email, entry->cm_cert_email); cm_store_file_write_strs(fp, cm_store_entry_field_cert_principal, entry->cm_cert_principal); cm_store_file_write_strs(fp, cm_store_entry_field_cert_ipaddress, entry->cm_cert_ipaddress); cm_store_file_write_str(fp, cm_store_entry_field_cert_ku, entry->cm_cert_ku); cm_store_file_write_str(fp, cm_store_entry_field_cert_eku, entry->cm_cert_eku); cm_store_file_write_int(fp, cm_store_entry_field_cert_is_ca, entry->cm_cert_is_ca ? 1 : 0); cm_store_file_write_int(fp, cm_store_entry_field_cert_ca_path_length, entry->cm_cert_ca_path_length); cm_store_file_write_strs(fp, cm_store_entry_field_cert_crl_distribution_point, entry->cm_cert_crl_distribution_point); cm_store_file_write_strs(fp, cm_store_entry_field_cert_freshest_crl, entry->cm_cert_freshest_crl); cm_store_file_write_strs(fp, cm_store_entry_field_cert_ocsp_location, entry->cm_cert_ocsp_location); cm_store_file_write_str(fp, cm_store_entry_field_cert_ns_comment, entry->cm_cert_ns_comment); cm_store_file_write_str(fp, cm_store_entry_field_cert_profile, entry->cm_cert_profile); cm_store_file_write_str(fp, cm_store_entry_field_cert_ns_certtype, entry->cm_cert_ns_certtype); cm_store_file_write_int(fp, cm_store_entry_field_cert_no_ocsp_check, entry->cm_cert_no_ocsp_check ? 1 : 0); cm_store_file_write_str(fp, cm_store_entry_field_nss_user, entry->cm_nss_user); cm_store_file_write_str(fp, cm_store_entry_field_last_need_notify_check, cm_store_timestamp_from_time(entry->cm_last_need_notify_check, timestamp)); cm_store_file_write_str(fp, cm_store_entry_field_last_need_enroll_check, cm_store_timestamp_from_time(entry->cm_last_need_enroll_check, timestamp)); cm_store_file_write_str(fp, cm_store_entry_field_template_subject_der, entry->cm_template_subject_der); cm_store_file_write_str(fp, cm_store_entry_field_template_subject, entry->cm_template_subject); cm_store_file_write_strs(fp, cm_store_entry_field_template_hostname, entry->cm_template_hostname); cm_store_file_write_strs(fp, cm_store_entry_field_template_email, entry->cm_template_email); cm_store_file_write_strs(fp, cm_store_entry_field_template_principal, entry->cm_template_principal); cm_store_file_write_strs(fp, cm_store_entry_field_template_ipaddress, entry->cm_template_ipaddress); cm_store_file_write_str(fp, cm_store_entry_field_template_ku, entry->cm_template_ku); cm_store_file_write_str(fp, cm_store_entry_field_template_eku, entry->cm_template_eku); cm_store_file_write_int(fp, cm_store_entry_field_template_is_ca, entry->cm_template_is_ca ? 1 : 0); cm_store_file_write_int(fp, cm_store_entry_field_template_ca_path_length, entry->cm_template_ca_path_length); cm_store_file_write_strs(fp, cm_store_entry_field_template_crl_distribution_point, entry->cm_template_crl_distribution_point); cm_store_file_write_strs(fp, cm_store_entry_field_template_freshest_crl, entry->cm_template_freshest_crl); cm_store_file_write_strs(fp, cm_store_entry_field_template_ocsp_location, entry->cm_template_ocsp_location); cm_store_file_write_str(fp, cm_store_entry_field_template_ns_comment, entry->cm_template_ns_comment); cm_store_file_write_str(fp, cm_store_entry_field_template_profile, entry->cm_template_profile); cm_store_file_write_str(fp, cm_store_entry_field_template_issuer, entry->cm_template_issuer); cm_store_file_write_int(fp, cm_store_entry_field_template_no_ocsp_check, entry->cm_template_no_ocsp_check ? 1 : 0); cm_store_file_write_str(fp, cm_store_entry_field_template_ns_certtype, entry->cm_template_ns_certtype); cm_store_file_write_str(fp, cm_store_entry_field_template_certificate_template, entry->cm_template_certificate_template); cm_store_file_write_str(fp, cm_store_entry_field_challenge_password, entry->cm_template_challenge_password); cm_store_file_write_str(fp, cm_store_entry_field_challenge_password_file, entry->cm_template_challenge_password_file); cm_store_file_write_str(fp, cm_store_entry_field_csr, entry->cm_csr); cm_store_file_write_str(fp, cm_store_entry_field_spkac, entry->cm_spkac); cm_store_file_write_str(fp, cm_store_entry_field_scep_tx, entry->cm_scep_tx); cm_store_file_write_str(fp, cm_store_entry_field_scep_nonce, entry->cm_scep_nonce); cm_store_file_write_str(fp, cm_store_entry_field_scep_last_nonce, entry->cm_scep_last_nonce); cm_store_file_write_str(fp, cm_store_entry_field_scep_gic, entry->cm_scep_gic); cm_store_file_write_str(fp, cm_store_entry_field_scep_gic_next, entry->cm_scep_gic_next); cm_store_file_write_str(fp, cm_store_entry_field_scep_req, entry->cm_scep_req); cm_store_file_write_str(fp, cm_store_entry_field_scep_req_next, entry->cm_scep_req_next); cm_store_file_write_str(fp, cm_store_entry_field_minicert, entry->cm_minicert); cm_store_file_write_str(fp, cm_store_entry_field_state, cm_store_state_as_string(entry->cm_state)); cm_store_file_write_int(fp, cm_store_entry_field_autorenew, entry->cm_autorenew); cm_store_file_write_int(fp, cm_store_entry_field_monitor, entry->cm_monitor); cm_store_file_write_str(fp, cm_store_entry_field_ca_nickname, entry->cm_ca_nickname); cm_store_file_write_str(fp, cm_store_entry_field_submitted, cm_store_timestamp_from_time(entry->cm_submitted, timestamp)); cm_store_file_write_str(fp, cm_store_entry_field_ca_cookie, entry->cm_ca_cookie); cm_store_file_write_str(fp, cm_store_entry_field_ca_error, entry->cm_ca_error); cm_store_file_write_str(fp, cm_store_entry_field_cert, entry->cm_cert); cm_store_file_write_nickcert_list(fp, cm_store_entry_field_cert_chain, entry->cm_cert_chain); cm_store_file_write_nickcert_list(fp, cm_store_entry_field_cert_roots, entry->cm_cert_roots); cm_store_file_write_str(fp, cm_store_entry_field_pre_certsave_command, entry->cm_pre_certsave_command); cm_store_file_write_str(fp, cm_store_entry_field_pre_certsave_uid, entry->cm_pre_certsave_uid); cm_store_file_write_str(fp, cm_store_entry_field_post_certsave_command, entry->cm_post_certsave_command); cm_store_file_write_str(fp, cm_store_entry_field_post_certsave_uid, entry->cm_post_certsave_uid); cm_store_file_write_strs(fp, cm_store_entry_field_root_cert_files, entry->cm_root_cert_store_files); cm_store_file_write_strs(fp, cm_store_entry_field_other_root_cert_files, entry->cm_other_root_cert_store_files); cm_store_file_write_strs(fp, cm_store_entry_field_other_cert_files, entry->cm_other_cert_store_files); cm_store_file_write_strs(fp, cm_store_entry_field_root_cert_nssdbs, entry->cm_root_cert_store_nssdbs); cm_store_file_write_strs(fp, cm_store_entry_field_other_root_cert_nssdbs, entry->cm_other_root_cert_store_nssdbs); cm_store_file_write_strs(fp, cm_store_entry_field_other_cert_nssdbs, entry->cm_other_cert_store_nssdbs); if (ferror(fp)) { return -1; } return 0; } int cm_store_entry_delete(struct cm_store_entry *entry) { int ret; const char *filename; if (entry->cm_store_private != NULL) { filename = (const char *) entry->cm_store_private; ret = remove(filename); if (ret == 0) { cm_log(3, "Removed file \"%s\".\n", filename); talloc_free(entry->cm_store_private); entry->cm_store_private = NULL; } else { cm_log(0, "Failed to remove file \"%s\": %s.\n", filename, strerror(errno)); } } else { cm_log(3, "No file to remove for \"%s\".\n", entry->cm_nickname); } return 0; } static void cm_store_create_containing_dir(const char *path, int mode) { char dir[PATH_MAX]; int i; if (strlen(path) >= sizeof(dir)) { return; } for (i = 0, dir[0] = '\0'; path[i] != '\0'; i++) { if ((i > 0) && (path[i] == '/')) { if (mkdir(dir, mode) == -1) { if (errno != EEXIST) { cm_log(1, "Failed to create \"%s\": " "%s.\n", dir, strerror(errno)); break; } } else { cm_log(2, "Created \"%s\".\n", dir); } } dir[i] = path[i]; dir[i + 1] = '\0'; } } int cm_store_entry_save(struct cm_store_entry *entry) { FILE *fp; char timestamp[15], path[PATH_MAX]; int i, fd = -1, give_up; const char *directory, *dest; if (entry->cm_store_private == NULL) { cm_store_timestamp_from_time(cm_time(NULL), timestamp); directory = cm_env_request_dir(); if (directory != NULL) { snprintf(path, sizeof(path), "%s/%s", directory, timestamp); fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if ((fd == -1) && (errno == ENOENT)) { cm_store_create_containing_dir(path, S_IRWXU); fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); } } if (fd == -1) { switch (errno) { case ENOENT: case EPERM: case EACCES: break; default: for (give_up = 0, i = 1; !give_up && (i < 1024); i++) { snprintf(path, sizeof(path), "%s/%s-%d", directory, timestamp, i); fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if (fd != -1) { break; } switch (errno) { case ENOENT: case EPERM: case EACCES: give_up++; break; } } break; } } if (fd == -1) { return -1; } close(fd); entry->cm_store_private = talloc_strdup(entry, path); } snprintf(path, sizeof(path), "%s.tmp", (const char *) entry->cm_store_private); fp = fopen(path, "w"); if (fp != NULL) { if (cm_store_entry_write(fp, entry) == 0) { fclose(fp); dest = (const char *) entry->cm_store_private; cm_log(0, "Wrote to %s\n", dest); if (rename(path, dest) != 0) { cm_log(0, "Error renaming \"%s\" to \"%s\": " "%s.\n", path, dest, strerror(errno)); return -1; } return 0; } else { fclose(fp); if (remove(path) != 0) { cm_log(0, "Error removing \"%s\": %s.\n", path, strerror(errno)); } return -1; } } else { cm_log(1, "Error opening \"%s\" for writing: %s.\n", path, strerror(errno)); return -1; } } struct cm_store_entry ** cm_store_get_all_entries(void *parent) { struct cm_store_entry **ret; unsigned int i; int j, k; const char *directory; char path[PATH_MAX + 1], *p; FILE *fp; glob_t globs; directory = cm_env_request_dir(); snprintf(path, sizeof(path), "%s/*", directory); memset(&globs, 0, sizeof(globs)); ret = NULL; if (glob(path, 0, NULL, &globs) == 0) { ret = talloc_array_ptrtype(parent, ret, globs.gl_pathc + 1); if (ret != NULL) { for (i = 0, j = 0; i < globs.gl_pathc; i++) { p = globs.gl_pathv[i]; if (cm_store_should_ignore_file(p)) { continue; } fp = fopen(globs.gl_pathv[i], "r"); if (fp != NULL) { ret[j] = cm_store_entry_read(ret, globs.gl_pathv[i], fp); if ((ret[j] != NULL) && (ret[j]->cm_nickname == NULL)) { talloc_free(ret[j]); ret[j] = NULL; } if (ret[j] != NULL) { /* Check for duplicate names. */ for (k = 0; k < j; k++) { if (strcmp(ret[k]->cm_nickname, ret[j]->cm_nickname) == 0) { cm_store_entry_delete(ret[j]); talloc_free(ret[j]); ret[j] = NULL; break; } } if (k == j) { j++; } } fclose(fp); } } ret[j] = NULL; } globfree(&globs); } return ret; } static int cm_store_ca_write(FILE *fp, struct cm_store_ca *ca) { const char *p; char timestamp[15]; if (ca->cm_nickname == NULL) { p = cm_store_timestamp_from_time(cm_time(NULL), timestamp); } else { p = ca->cm_nickname; } cm_store_file_write_str(fp, cm_store_file_field_id, p); cm_store_file_write_str(fp, cm_store_ca_field_aka, ca->cm_ca_aka); cm_store_file_write_strs(fp, cm_store_ca_field_known_issuer_names, ca->cm_ca_known_issuer_names); cm_store_file_write_int(fp, cm_store_ca_field_is_default, ca->cm_ca_is_default); switch (ca->cm_ca_type) { case cm_ca_internal_self: cm_store_file_write_str(fp, cm_store_ca_field_type, "INTERNAL:SELF"); cm_store_file_write_str(fp, cm_store_ca_field_internal_serial, ca->cm_ca_internal_serial); if (ca->cm_ca_internal_force_issue_time) { cm_store_file_write_int(fp, cm_store_ca_field_internal_issue_time, ca->cm_ca_internal_issue_time); } break; case cm_ca_external: cm_store_file_write_str(fp, cm_store_ca_field_type, "EXTERNAL"); cm_store_file_write_str(fp, cm_store_ca_field_external_helper, ca->cm_ca_external_helper); break; } cm_store_file_write_nickcert_list(fp, cm_store_ca_field_root_certs, ca->cm_ca_root_certs); cm_store_file_write_nickcert_list(fp, cm_store_ca_field_other_root_certs, ca->cm_ca_other_root_certs); cm_store_file_write_nickcert_list(fp, cm_store_ca_field_other_certs, ca->cm_ca_other_certs); cm_store_file_write_strs(fp, cm_store_ca_field_required_enroll_attributes, ca->cm_ca_required_enroll_attributes); cm_store_file_write_strs(fp, cm_store_ca_field_required_renewal_attributes, ca->cm_ca_required_renewal_attributes); cm_store_file_write_strs(fp, cm_store_ca_field_profiles, ca->cm_ca_profiles); cm_store_file_write_str(fp, cm_store_ca_field_default_profile, ca->cm_ca_default_profile); cm_store_file_write_str(fp, cm_store_ca_field_pre_save_command, ca->cm_ca_pre_save_command); cm_store_file_write_str(fp, cm_store_ca_field_pre_save_uid, ca->cm_ca_pre_save_uid); cm_store_file_write_str(fp, cm_store_ca_field_post_save_command, ca->cm_ca_post_save_command); cm_store_file_write_str(fp, cm_store_ca_field_post_save_uid, ca->cm_ca_post_save_uid); cm_store_file_write_strs(fp, cm_store_ca_field_root_cert_files, ca->cm_ca_root_cert_store_files); cm_store_file_write_strs(fp, cm_store_ca_field_other_root_cert_files, ca->cm_ca_other_root_cert_store_files); cm_store_file_write_strs(fp, cm_store_ca_field_other_cert_files, ca->cm_ca_other_cert_store_files); cm_store_file_write_strs(fp, cm_store_ca_field_root_cert_nssdbs, ca->cm_ca_root_cert_store_nssdbs); cm_store_file_write_strs(fp, cm_store_ca_field_other_root_cert_nssdbs, ca->cm_ca_other_root_cert_store_nssdbs); cm_store_file_write_strs(fp, cm_store_ca_field_other_cert_nssdbs, ca->cm_ca_other_cert_store_nssdbs); cm_store_file_write_strs(fp, cm_store_ca_field_capabilities, ca->cm_ca_capabilities); cm_store_file_write_str(fp, cm_store_ca_field_scep_cipher, ca->cm_ca_scep_cipher); cm_store_file_write_str(fp, cm_store_ca_field_scep_digest, ca->cm_ca_scep_digest); cm_store_file_write_str(fp, cm_store_ca_field_scep_ca_identifier, ca->cm_ca_scep_ca_identifier); cm_store_file_write_str(fp, cm_store_ca_field_encryption_cert, ca->cm_ca_encryption_cert); cm_store_file_write_str(fp, cm_store_ca_field_encryption_issuer_cert, ca->cm_ca_encryption_issuer_cert); cm_store_file_write_str(fp, cm_store_ca_field_encryption_cert_pool, ca->cm_ca_encryption_cert_pool); if (ferror(fp)) { return -1; } return 0; } int cm_store_ca_delete(struct cm_store_ca *ca) { int ret; const char *filename; if (ca->cm_store_private != NULL) { filename = (const char *) ca->cm_store_private; ret = remove(ca->cm_store_private); if (ret == 0) { cm_log(3, "Removed file \"%s\".\n", filename); talloc_free(ca->cm_store_private); ca->cm_store_private = NULL; } else { cm_log(1, "Failed to remove file \"%s\": %s.\n", filename, strerror(errno)); } } else { cm_log(3, "No file to remove for \"%s\".\n", ca->cm_nickname); } return 0; } int cm_store_ca_save(struct cm_store_ca *ca) { FILE *fp; char timestamp[15], path[PATH_MAX]; int i, fd = -1, give_up; const char *directory, *dest; if (ca->cm_store_private == NULL) { cm_store_timestamp_from_time(cm_time(NULL), timestamp); directory = cm_env_ca_dir(); if (directory != NULL) { snprintf(path, sizeof(path), "%s/%s", directory, timestamp); fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if ((fd == -1) && (errno == ENOENT)) { cm_store_create_containing_dir(path, S_IRWXU); fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); } if (fd == -1) { switch (errno) { case ENOENT: case EPERM: case EACCES: break; default: for (give_up = 0, i = 1; !give_up && (i < 1024); i++) { snprintf(path, sizeof(path), "%s/%s-%d", directory, timestamp, i); fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if (fd != -1) { break; } switch (errno) { case ENOENT: case EPERM: case EACCES: give_up++; break; } } break; } } } if (fd == -1) { return -1; } close(fd); ca->cm_store_private = talloc_strdup(ca, path); } snprintf(path, sizeof(path), "%s.tmp", (const char *) ca->cm_store_private); fp = fopen(path, "w"); if (fp != NULL) { if (cm_store_ca_write(fp, ca) == 0) { fclose(fp); dest = (const char *) ca->cm_store_private; if (rename(path, dest) != 0) { cm_log(0, "Error renaming \"%s\" to \"%s\": " "%s.\n", path, dest, strerror(errno)); return -1; } return 0; } else { fclose(fp); if (remove(path) != 0) { cm_log(0, "Error removing \"%s\": %s.\n", path, strerror(errno)); } return -1; } } else { cm_log(1, "Error opening \"%s\" for writing: %s.\n", path, strerror(errno)); return -1; } } struct cm_store_ca ** cm_store_get_all_cas(void *parent) { struct cm_store_ca **ret; unsigned int i; int j, k; const char *directory; char path[PATH_MAX + 1], *p; FILE *fp; glob_t globs; directory = cm_env_ca_dir(); snprintf(path, sizeof(path), "%s/*", directory); memset(&globs, 0, sizeof(globs)); ret = NULL; if (glob(path, 0, NULL, &globs) != 0) { globs.gl_pathc = 0; } ret = talloc_array_ptrtype(parent, ret, globs.gl_pathc + 6); if (ret != NULL) { for (i = 0, j = 0; i < globs.gl_pathc; i++) { p = globs.gl_pathv[i]; if (cm_store_should_ignore_file(p)) { continue; } fp = fopen(globs.gl_pathv[i], "r"); if (fp != NULL) { ret[j] = cm_store_ca_read(ret, globs.gl_pathv[i], fp); if ((ret[j] != NULL) && (ret[j]->cm_nickname == NULL)) { talloc_free(ret[j]); ret[j] = NULL; } if (ret[j] != NULL) { /* Check for duplicate names. */ for (k = 0; k < j; k++) { if (strcmp(ret[k]->cm_nickname, ret[j]->cm_nickname) == 0) { cm_store_ca_delete(ret[j]); talloc_free(ret[j]); ret[j] = NULL; break; } } if (k == j) { j++; } } fclose(fp); } } /* Make sure we get at least one internal/self sign entry. */ for (k = 0; k < j; k++) { if (ret[k]->cm_ca_type == cm_ca_internal_self) { break; } } if (k == j) { ret[j] = cm_store_ca_new(ret); ret[j]->cm_busname = cm_store_ca_next_busname(ret[j]); ret[j]->cm_nickname = talloc_strdup(ret[j], CM_SELF_SIGN_CA_NAME); ret[j]->cm_ca_type = cm_ca_internal_self; ret[j]->cm_ca_internal_serial = talloc_strdup(ret[j], CM_DEFAULT_CERT_SERIAL); j++; } #ifdef WITH_IPA /* Make sure we get at least one IPA entry. */ for (k = 0; k < j; k++) { if ((ret[k]->cm_ca_type == cm_ca_external) && (strcmp(ret[k]->cm_nickname, CM_IPA_CA_NAME) == 0)) { break; } } if (k == j) { ret[j] = cm_store_ca_new(ret); ret[j]->cm_busname = cm_store_ca_next_busname(ret[j]); ret[j]->cm_nickname = talloc_strdup(ret[j], CM_IPA_CA_NAME); ret[j]->cm_ca_type = cm_ca_external; ret[j]->cm_ca_external_helper = talloc_strdup(ret[j], CM_IPA_HELPER_PATH); j++; } #endif #ifdef WITH_XMLRPC #ifdef WITH_CERTMASTER /* Make sure we get at least one certmaster entry. */ for (k = 0; k < j; k++) { if ((ret[k]->cm_ca_type == cm_ca_external) && (strcmp(ret[k]->cm_nickname, CM_CERTMASTER_CA_NAME) == 0)) { break; } } if (k == j) { ret[j] = cm_store_ca_new(ret); ret[j]->cm_busname = cm_store_ca_next_busname(ret[j]); ret[j]->cm_nickname = talloc_strdup(ret[j], CM_CERTMASTER_CA_NAME); ret[j]->cm_ca_type = cm_ca_external; ret[j]->cm_ca_external_helper = talloc_strdup(ret[j], CM_CERTMASTER_HELPER_PATH); j++; } #endif #endif #ifdef WITH_IPA /* Make sure we get at least 1 dogtag-ipa-renew-agent entry. */ for (k = 0; k < j; k++) { if ((ret[k]->cm_ca_type == cm_ca_external) && (strcmp(ret[k]->cm_nickname, CM_DOGTAG_IPA_RENEW_AGENT_CA_NAME) == 0)) { break; } } if (k == j) { ret[j] = cm_store_ca_new(ret); ret[j]->cm_busname = cm_store_ca_next_busname(ret[j]); ret[j]->cm_nickname = talloc_strdup(ret[j], CM_DOGTAG_IPA_RENEW_AGENT_CA_NAME); ret[j]->cm_ca_type = cm_ca_external; ret[j]->cm_ca_external_helper = talloc_strdup(ret[j], CM_DOGTAG_IPA_RENEW_AGENT_HELPER_PATH); j++; } #endif #ifdef WITH_LOCAL /* Make sure we get at least 1 "local" entry. */ for (k = 0; k < j; k++) { if ((ret[k]->cm_ca_type == cm_ca_external) && (strcmp(ret[k]->cm_nickname, CM_LOCAL_CA_NAME) == 0)) { break; } } if (k == j) { ret[j] = cm_store_ca_new(ret); ret[j]->cm_busname = cm_store_ca_next_busname(ret[j]); ret[j]->cm_nickname = talloc_strdup(ret[j], CM_LOCAL_CA_NAME); ret[j]->cm_ca_type = cm_ca_external; ret[j]->cm_ca_external_helper = talloc_strdup(ret[j], CM_LOCAL_HELPER_PATH); j++; } #endif ret[j] = NULL; } if (globs.gl_pathc > 0) { globfree(&globs); } return ret; } static struct cm_nickcert ** cm_store_maybe_dup_nickcert_list(void *parent, struct cm_nickcert **certs) { struct cm_nickcert **ret = NULL, *nc; int i; if (certs == NULL) { return NULL; } for (i = 0; certs[i] != NULL; i++) { continue; } ret = talloc_array_ptrtype(parent, ret, i + 1); if (ret == NULL) { return NULL; } for (i = 0; certs[i] != NULL; i++) { nc = talloc_ptrtype(parent, nc); if (nc == NULL) { talloc_free(ret); return NULL; } memset(nc, 0, sizeof(*nc)); nc->cm_nickname = talloc_strdup(nc, certs[i]->cm_nickname); nc->cm_cert = talloc_strdup(nc, certs[i]->cm_cert); if ((nc->cm_nickname == NULL) || (nc->cm_cert == NULL)) { talloc_free(ret); return NULL; } ret[i] = nc; } ret[i] = NULL; return ret; } struct cm_store_entry * cm_store_entry_dup(void *parent, struct cm_store_entry *entry) { struct cm_store_entry *ret; ret = cm_store_entry_new(parent); if (ret == NULL) { return ret; } ret->cm_busname = cm_store_maybe_strdup(ret, entry->cm_busname); ret->cm_store_private = cm_store_maybe_strdup(ret, entry->cm_store_private); ret->cm_nickname = cm_store_maybe_strdup(ret, entry->cm_nickname); ret->cm_key_type = entry->cm_key_type; ret->cm_key_storage_type = entry->cm_key_storage_type; ret->cm_key_storage_location = cm_store_maybe_strdup(ret, entry->cm_key_storage_location); ret->cm_key_token = cm_store_maybe_strdup(ret, entry->cm_key_token); ret->cm_key_nickname = cm_store_maybe_strdup(ret, entry->cm_key_nickname); ret->cm_key_pin = cm_store_maybe_strdup(ret, entry->cm_key_pin); ret->cm_key_pin_file = cm_store_maybe_strdup(ret, entry->cm_key_pin_file); if (ret->cm_key_pin_file != NULL) { ret->cm_key_pin = NULL; } ret->cm_key_owner = cm_store_maybe_strdup(ret, entry->cm_key_owner); ret->cm_key_perms = entry->cm_key_perms; ret->cm_key_pubkey = cm_store_maybe_strdup(ret, entry->cm_key_pubkey); ret->cm_key_pubkey_info = cm_store_maybe_strdup(ret, entry->cm_key_pubkey_info); ret->cm_key_next_type = entry->cm_key_next_type; ret->cm_key_next_pubkey = cm_store_maybe_strdup(ret, entry->cm_key_next_pubkey); ret->cm_key_next_pubkey_info = cm_store_maybe_strdup(ret, entry->cm_key_next_pubkey_info); ret->cm_key_next_marker = cm_store_maybe_strdup(ret, entry->cm_key_next_marker); ret->cm_key_preserve = entry->cm_key_preserve; ret->cm_key_generated_date = entry->cm_key_generated_date; ret->cm_key_next_generated_date = entry->cm_key_next_generated_date; ret->cm_key_requested_count = entry->cm_key_requested_count; ret->cm_key_next_requested_count = entry->cm_key_next_requested_count; ret->cm_key_issued_count = entry->cm_key_issued_count; ret->cm_nss_user = cm_store_maybe_strdup(ret, entry->cm_nss_user); ret->cm_cert_storage_type = entry->cm_cert_storage_type; ret->cm_cert_storage_location = cm_store_maybe_strdup(ret, entry->cm_cert_storage_location); ret->cm_cert_token = cm_store_maybe_strdup(ret, entry->cm_cert_token); ret->cm_cert_nickname = cm_store_maybe_strdup(ret, entry->cm_cert_nickname); ret->cm_cert_owner = cm_store_maybe_strdup(ret, entry->cm_cert_owner); ret->cm_cert_perms = entry->cm_cert_perms; ret->cm_cert_issuer_der = cm_store_maybe_strdup(ret, entry->cm_cert_issuer_der); ret->cm_cert_issuer = cm_store_maybe_strdup(ret, entry->cm_cert_issuer); ret->cm_cert_serial = cm_store_maybe_strdup(ret, entry->cm_cert_serial); ret->cm_cert_subject_der = cm_store_maybe_strdup(ret, entry->cm_cert_subject_der); ret->cm_cert_subject = cm_store_maybe_strdup(ret, entry->cm_cert_subject); ret->cm_cert_spki = cm_store_maybe_strdup(ret, entry->cm_cert_spki); ret->cm_cert_not_before = entry->cm_cert_not_before; ret->cm_cert_not_after = entry->cm_cert_not_after; ret->cm_cert_hostname = cm_store_maybe_strdupv(ret, entry->cm_cert_hostname); ret->cm_cert_email = cm_store_maybe_strdupv(ret, entry->cm_cert_email); ret->cm_cert_principal = cm_store_maybe_strdupv(ret, entry->cm_cert_principal); ret->cm_cert_ipaddress = cm_store_maybe_strdupv(ret, entry->cm_cert_ipaddress); ret->cm_cert_ku = cm_store_maybe_strdup(ret, entry->cm_cert_ku); ret->cm_cert_eku = cm_store_maybe_strdup(ret, entry->cm_cert_eku); ret->cm_cert_is_ca = entry->cm_cert_is_ca; ret->cm_cert_ca_path_length = entry->cm_cert_ca_path_length; ret->cm_cert_crl_distribution_point = cm_store_maybe_strdupv(ret, entry->cm_cert_crl_distribution_point); ret->cm_cert_freshest_crl = cm_store_maybe_strdupv(ret, entry->cm_cert_freshest_crl); ret->cm_cert_ocsp_location = cm_store_maybe_strdupv(ret, entry->cm_cert_ocsp_location); ret->cm_cert_ns_comment = cm_store_maybe_strdup(ret, entry->cm_cert_ns_comment); ret->cm_cert_profile = cm_store_maybe_strdup(ret, entry->cm_cert_profile); ret->cm_cert_no_ocsp_check = entry->cm_cert_no_ocsp_check; ret->cm_cert_ns_certtype = cm_store_maybe_strdup(ret, entry->cm_cert_ns_certtype); ret->cm_last_need_notify_check = entry->cm_last_need_notify_check; ret->cm_last_need_enroll_check = entry->cm_last_need_enroll_check; ret->cm_notification_method = entry->cm_notification_method; ret->cm_notification_destination = cm_store_maybe_strdup(ret, entry->cm_notification_destination); ret->cm_template_subject_der = cm_store_maybe_strdup(ret, entry->cm_template_subject_der); ret->cm_template_subject = cm_store_maybe_strdup(ret, entry->cm_template_subject); ret->cm_template_hostname = cm_store_maybe_strdupv(ret, entry->cm_template_hostname); ret->cm_template_email = cm_store_maybe_strdupv(ret, entry->cm_template_email); ret->cm_template_principal = cm_store_maybe_strdupv(ret, entry->cm_template_principal); ret->cm_template_ipaddress = cm_store_maybe_strdupv(ret, entry->cm_template_ipaddress); ret->cm_template_ku = cm_store_maybe_strdup(ret, entry->cm_template_ku); ret->cm_template_eku = cm_store_maybe_strdup(ret, entry->cm_template_eku); ret->cm_template_is_ca = entry->cm_template_is_ca; ret->cm_template_ca_path_length = entry->cm_template_ca_path_length; ret->cm_template_crl_distribution_point = cm_store_maybe_strdupv(ret, entry->cm_template_crl_distribution_point); ret->cm_template_freshest_crl = cm_store_maybe_strdupv(ret, entry->cm_template_freshest_crl); ret->cm_template_ocsp_location = cm_store_maybe_strdupv(ret, entry->cm_template_ocsp_location); ret->cm_template_ns_comment = cm_store_maybe_strdup(ret, entry->cm_template_ns_comment); ret->cm_template_profile = cm_store_maybe_strdup(ret, entry->cm_template_profile); ret->cm_template_issuer = cm_store_maybe_strdup(ret, entry->cm_template_issuer); ret->cm_template_no_ocsp_check = entry->cm_template_no_ocsp_check; ret->cm_template_certificate_template = cm_store_maybe_strdup(ret, entry->cm_template_certificate_template); ret->cm_template_ns_certtype = cm_store_maybe_strdup(ret, entry->cm_template_ns_certtype); ret->cm_template_challenge_password = cm_store_maybe_strdup(ret, entry->cm_template_challenge_password); ret->cm_template_challenge_password_file = cm_store_maybe_strdup(ret, entry->cm_template_challenge_password_file); ret->cm_csr = cm_store_maybe_strdup(ret, entry->cm_csr); ret->cm_spkac = cm_store_maybe_strdup(ret, entry->cm_spkac); ret->cm_scep_tx = cm_store_maybe_strdup(ret, entry->cm_scep_tx); ret->cm_scep_nonce = cm_store_maybe_strdup(ret, entry->cm_scep_nonce); ret->cm_scep_last_nonce = cm_store_maybe_strdup(ret, entry->cm_scep_last_nonce); ret->cm_scep_gic = cm_store_maybe_strdup(ret, entry->cm_scep_gic); ret->cm_scep_gic_next = cm_store_maybe_strdup(ret, entry->cm_scep_gic_next); ret->cm_scep_req = cm_store_maybe_strdup(ret, entry->cm_scep_req); ret->cm_scep_req_next = cm_store_maybe_strdup(ret, entry->cm_scep_req_next); ret->cm_minicert = cm_store_maybe_strdup(ret, entry->cm_minicert); ret->cm_state = entry->cm_state; ret->cm_autorenew = entry->cm_autorenew; ret->cm_monitor = entry->cm_monitor; ret->cm_ca_nickname = cm_store_maybe_strdup(ret, entry->cm_ca_nickname); ret->cm_submitted = entry->cm_submitted; ret->cm_ca_cookie = cm_store_maybe_strdup(ret, entry->cm_ca_cookie); ret->cm_ca_error = cm_store_maybe_strdup(ret, entry->cm_ca_error); ret->cm_cert = cm_store_maybe_strdup(ret, entry->cm_cert); ret->cm_cert_chain = cm_store_maybe_dup_nickcert_list(ret, entry->cm_cert_chain); ret->cm_cert_roots = cm_store_maybe_dup_nickcert_list(ret, entry->cm_cert_roots); ret->cm_pre_certsave_command = cm_store_maybe_strdup(ret, entry->cm_pre_certsave_command); ret->cm_pre_certsave_uid = cm_store_maybe_strdup(ret, entry->cm_pre_certsave_uid); ret->cm_post_certsave_command = cm_store_maybe_strdup(ret, entry->cm_post_certsave_command); ret->cm_post_certsave_uid = cm_store_maybe_strdup(ret, entry->cm_post_certsave_uid); ret->cm_root_cert_store_files = cm_store_maybe_strdupv(ret, entry->cm_root_cert_store_files); ret->cm_other_root_cert_store_files = cm_store_maybe_strdupv(ret, entry->cm_other_root_cert_store_files); ret->cm_other_cert_store_files = cm_store_maybe_strdupv(ret, entry->cm_other_cert_store_files); ret->cm_root_cert_store_nssdbs = cm_store_maybe_strdupv(ret, entry->cm_other_cert_store_nssdbs); ret->cm_other_root_cert_store_nssdbs = cm_store_maybe_strdupv(ret, entry->cm_other_cert_store_nssdbs); ret->cm_other_cert_store_nssdbs = cm_store_maybe_strdupv(ret, entry->cm_other_cert_store_nssdbs); return ret; } struct cm_store_ca * cm_store_ca_dup(void *parent, struct cm_store_ca *ca) { struct cm_store_ca *ret; ret = cm_store_ca_new(parent); if (ret == NULL) { return NULL; } ret->cm_busname = cm_store_maybe_strdup(ret, ca->cm_busname); ret->cm_store_private = cm_store_maybe_strdup(ret, ca->cm_store_private); ret->cm_nickname = cm_store_maybe_strdup(ret, ca->cm_nickname); ret->cm_ca_aka = cm_store_maybe_strdup(ret, ca->cm_ca_aka); ret->cm_ca_error = cm_store_maybe_strdup(ret, ca->cm_ca_error); ret->cm_ca_known_issuer_names = cm_store_maybe_strdupv(ret, ca->cm_ca_known_issuer_names); ret->cm_ca_is_default = ca->cm_ca_is_default; ret->cm_ca_type = ca->cm_ca_type; ret->cm_ca_internal_serial = cm_store_maybe_strdup(ret, ca->cm_ca_internal_serial); ret->cm_ca_internal_force_issue_time = ca->cm_ca_internal_force_issue_time; ret->cm_ca_internal_issue_time = ca->cm_ca_internal_issue_time; ret->cm_ca_external_helper = cm_store_maybe_strdup(ret, ca->cm_ca_external_helper); ret->cm_ca_root_certs = cm_store_maybe_dup_nickcert_list(ret, ca->cm_ca_root_certs); ret->cm_ca_other_root_certs = cm_store_maybe_dup_nickcert_list(ret, ca->cm_ca_other_root_certs); ret->cm_ca_other_certs = cm_store_maybe_dup_nickcert_list(ret, ca->cm_ca_other_certs); ret->cm_ca_required_enroll_attributes = cm_store_maybe_strdupv(ret, ca->cm_ca_required_enroll_attributes); ret->cm_ca_required_renewal_attributes = cm_store_maybe_strdupv(ret, ca->cm_ca_required_renewal_attributes); ret->cm_ca_profiles = cm_store_maybe_strdupv(ret, ca->cm_ca_profiles); ret->cm_ca_default_profile = cm_store_maybe_strdup(ret, ca->cm_ca_default_profile); ret->cm_ca_pre_save_command = cm_store_maybe_strdup(ret, ca->cm_ca_pre_save_command); ret->cm_ca_pre_save_uid = cm_store_maybe_strdup(ret, ca->cm_ca_pre_save_uid); ret->cm_ca_post_save_command = cm_store_maybe_strdup(ret, ca->cm_ca_post_save_command); ret->cm_ca_post_save_uid = cm_store_maybe_strdup(ret, ca->cm_ca_post_save_uid); ret->cm_ca_root_cert_store_files = cm_store_maybe_strdupv(ret, ca->cm_ca_root_cert_store_files); ret->cm_ca_other_root_cert_store_files = cm_store_maybe_strdupv(ret, ca->cm_ca_other_root_cert_store_files); ret->cm_ca_other_cert_store_files = cm_store_maybe_strdupv(ret, ca->cm_ca_other_cert_store_files); ret->cm_ca_root_cert_store_nssdbs = cm_store_maybe_strdupv(ret, ca->cm_ca_other_cert_store_nssdbs); ret->cm_ca_other_root_cert_store_nssdbs = cm_store_maybe_strdupv(ret, ca->cm_ca_other_cert_store_nssdbs); ret->cm_ca_other_cert_store_nssdbs = cm_store_maybe_strdupv(ret, ca->cm_ca_other_cert_store_nssdbs); ret->cm_ca_capabilities = cm_store_maybe_strdupv(ret, ca->cm_ca_capabilities); ret->cm_ca_scep_cipher = cm_store_maybe_strdup(ret, ca->cm_ca_scep_cipher); ret->cm_ca_scep_digest = cm_store_maybe_strdup(ret, ca->cm_ca_scep_digest); ret->cm_ca_scep_ca_identifier = cm_store_maybe_strdup(ret, ca->cm_ca_scep_ca_identifier); ret->cm_ca_encryption_cert = cm_store_maybe_strdup(ret, ca->cm_ca_encryption_cert); ret->cm_ca_encryption_issuer_cert = cm_store_maybe_strdup(ret, ca->cm_ca_encryption_issuer_cert); ret->cm_ca_encryption_cert_pool = cm_store_maybe_strdup(ret, ca->cm_ca_encryption_cert_pool); return ret; } certmonger-0.79.19/src/store-gen.c0000644000175000017500000005225614511314133016302 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2013,2014,2015,2016 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include "store.h" #include "store-int.h" #define BASE64_ALPHABET "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ "abcdefghijklmnopqrstuvwxyz" \ "0123456789" \ "+/=" static const struct { const char *name; enum cm_state state; } cm_state_names[] = { {"NEED_KEY_PAIR", CM_NEED_KEY_PAIR}, {"GENERATING_KEY_PAIR", CM_GENERATING_KEY_PAIR}, {"NEED_KEY_GEN_PERMS", CM_NEED_KEY_GEN_PERMS}, {"NEED_KEY_GEN_PIN", CM_NEED_KEY_GEN_PIN}, {"NEED_KEY_GEN_TOKEN", CM_NEED_KEY_GEN_TOKEN}, {"HAVE_KEY_PAIR", CM_HAVE_KEY_PAIR}, {"NEED_KEYINFO", CM_NEED_KEYINFO}, {"READING_KEYINFO", CM_READING_KEYINFO}, {"NEED_KEYINFO_READ_PIN", CM_NEED_KEYINFO_READ_PIN}, {"NEED_KEYINFO_READ_TOKEN", CM_NEED_KEYINFO_READ_TOKEN}, {"HAVE_KEYINFO", CM_HAVE_KEYINFO}, {"NEED_CSR", CM_NEED_CSR}, {"GENERATING_CSR", CM_GENERATING_CSR}, {"NEED_CSR_GEN_PIN", CM_NEED_CSR_GEN_PIN}, {"NEED_CSR_GEN_TOKEN", CM_NEED_CSR_GEN_TOKEN}, {"HAVE_CSR", CM_HAVE_CSR}, {"NEED_SCEP_DATA", CM_NEED_SCEP_DATA}, {"GENERATING_SCEP_DATA", CM_GENERATING_SCEP_DATA}, {"NEED_SCEP_GEN_PIN", CM_NEED_SCEP_GEN_PIN}, {"NEED_SCEP_GEN_TOKEN", CM_NEED_SCEP_GEN_TOKEN}, {"NEED_SCEP_ENCRYPTION_CERT", CM_NEED_SCEP_ENCRYPTION_CERT}, {"NEED_SCEP_RSA_CLIENT_KEY", CM_NEED_SCEP_RSA_CLIENT_KEY}, {"HAVE_SCEP_DATA", CM_HAVE_SCEP_DATA}, {"NEED_TO_SUBMIT", CM_NEED_TO_SUBMIT}, {"SUBMITTING", CM_SUBMITTING}, {"NEED_CA", CM_NEED_CA}, {"CA_UNREACHABLE", CM_CA_UNREACHABLE}, {"CA_UNCONFIGURED", CM_CA_UNCONFIGURED}, {"CA_REJECTED", CM_CA_REJECTED}, {"CA_WORKING", CM_CA_WORKING}, {"NEED_TO_SAVE_CERT", CM_NEED_TO_SAVE_CERT}, {"PRE_SAVE_CERT", CM_PRE_SAVE_CERT}, {"START_SAVING_CERT", CM_START_SAVING_CERT}, {"SAVING_CERT", CM_SAVING_CERT}, {"NEED_CERTSAVE_PERMS", CM_NEED_CERTSAVE_PERMS}, {"NEED_CERTSAVE_TOKEN", CM_NEED_CERTSAVE_TOKEN}, {"NEED_CERTSAVE_PIN", CM_NEED_CERTSAVE_PIN}, {"NEED_TO_READ_CERT", CM_NEED_TO_READ_CERT}, {"READING_CERT", CM_READING_CERT}, {"SAVED_CERT", CM_SAVED_CERT}, {"POST_SAVED_CERT", CM_POST_SAVED_CERT}, {"MONITORING", CM_MONITORING}, {"NEED_TO_NOTIFY_VALIDITY", CM_NEED_TO_NOTIFY_VALIDITY}, {"NOTIFYING_VALIDITY", CM_NOTIFYING_VALIDITY}, {"NEED_TO_NOTIFY_REJECTION", CM_NEED_TO_NOTIFY_REJECTION}, {"NOTIFYING_REJECTION", CM_NOTIFYING_REJECTION}, {"NEED_TO_NOTIFY_ISSUED_SAVE_FAILED", CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED}, {"NOTIFYING_ISSUED_SAVE_FAILED", CM_NOTIFYING_ISSUED_SAVE_FAILED}, {"NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED", CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED}, {"NOTIFYING_ISSUED_CA_SAVE_FAILED", CM_NOTIFYING_ISSUED_CA_SAVE_FAILED}, {"NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED", CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED}, {"NOTIFYING_ONLY_CA_SAVE_FAILED", CM_NOTIFYING_ONLY_CA_SAVE_FAILED}, {"NEED_TO_SAVE_CA_CERTS", CM_NEED_TO_SAVE_CA_CERTS}, {"NEED_TO_SAVE_ONLY_CA_CERTS", CM_NEED_TO_SAVE_ONLY_CA_CERTS}, {"NEED_TO_NOTIFY_ISSUED_SAVED", CM_NEED_TO_NOTIFY_ISSUED_SAVED}, {"NOTIFYING_ISSUED_SAVED", CM_NOTIFYING_ISSUED_SAVED}, {"NEED_GUIDANCE", CM_NEED_GUIDANCE}, {"NEWLY_ADDED", CM_NEWLY_ADDED}, {"NEWLY_ADDED_START_READING_KEYINFO", CM_NEWLY_ADDED_START_READING_KEYINFO}, {"NEWLY_ADDED_READING_KEYINFO", CM_NEWLY_ADDED_READING_KEYINFO}, {"NEWLY_ADDED_NEED_KEYINFO_READ_PIN", CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN}, {"NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN", CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN}, {"NEWLY_ADDED_START_READING_CERT", CM_NEWLY_ADDED_START_READING_CERT}, {"NEWLY_ADDED_READING_CERT", CM_NEWLY_ADDED_READING_CERT}, {"NEWLY_ADDED_DECIDING", CM_NEWLY_ADDED_DECIDING}, {"START_SAVING_CA_CERTS", CM_START_SAVING_CA_CERTS}, {"SAVING_CA_CERTS", CM_SAVING_CA_CERTS}, {"START_SAVING_ONLY_CA_CERTS", CM_START_SAVING_ONLY_CA_CERTS}, {"SAVING_ONLY_CA_CERTS", CM_SAVING_ONLY_CA_CERTS}, {"NEED_CA_CERT_SAVE_PERMS", CM_NEED_CA_CERT_SAVE_PERMS}, {"NEED_ONLY_CA_CERT_SAVE_PERMS", CM_NEED_ONLY_CA_CERT_SAVE_PERMS}, {"INVALID", CM_INVALID}, /* old names for since-renamed states */ {"NEED_TO_NOTIFY", CM_NEED_TO_NOTIFY_VALIDITY}, {"NOTIFYING", CM_NOTIFYING_VALIDITY}, {"NEWLY_ADDED_START_READING_KEYI", CM_NEWLY_ADDED_START_READING_KEYINFO}, {"NEWLY_ADDED_READING_KEYI", CM_NEWLY_ADDED_READING_KEYINFO}, {"NEWLY_ADDED_NEED_KEYI_READ_PIN", CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN}, {"NEED_TO_NOTIFY_ISSUED_FAILED", CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED}, {"NOTIFYING_ISSUED_FAILED", CM_NOTIFYING_ISSUED_SAVE_FAILED}, }; static const struct { const char *name; enum cm_ca_phase_state state; } cm_ca_state_names[] = { {"IDLE", CM_CA_IDLE}, {"NEED_TO_REFRESH", CM_CA_NEED_TO_REFRESH}, {"REFRESHING", CM_CA_REFRESHING}, {"UNREACHABLE", CM_CA_DATA_UNREACHABLE}, {"NEED_TO_SAVE_DATA", CM_CA_NEED_TO_SAVE_DATA}, {"PRE_SAVE_DATA", CM_CA_PRE_SAVE_DATA}, {"START_SAVING_DATA", CM_CA_START_SAVING_DATA}, {"SAVING_DATA", CM_CA_SAVING_DATA,}, {"NEED_POST_SAVE_DATA", CM_CA_NEED_POST_SAVE_DATA}, {"POST_SAVE_DATA", CM_CA_POST_SAVE_DATA}, {"SAVED_DATA", CM_CA_SAVED_DATA}, {"NEED_TO_ANALYZE", CM_CA_NEED_TO_ANALYZE}, {"ANALYZING", CM_CA_ANALYZING}, {"DISABLED", CM_CA_DISABLED}, }; static const struct { const char *name; enum cm_ca_phase phase; } cm_ca_phase_names[] = { {"identify", cm_ca_phase_identify}, {"certs", cm_ca_phase_certs}, {"profiles", cm_ca_phase_profiles}, {"default_profile", cm_ca_phase_default_profile}, {"enrollment_reqs", cm_ca_phase_enroll_reqs}, {"renewal_reqs", cm_ca_phase_renew_reqs}, {"capabilities", cm_ca_phase_capabilities}, {"encryption_certs", cm_ca_phase_encryption_certs}, {"invalid", cm_ca_phase_invalid}, }; const char * cm_store_ca_state_as_string(enum cm_ca_phase_state state) { unsigned int i; for (i = 0; i < sizeof(cm_ca_state_names) / sizeof(cm_ca_state_names[0]); i++) { if (cm_ca_state_names[i].state == state) { return cm_ca_state_names[i].name; } } return "UNKNOWN"; } const char * cm_store_ca_phase_as_string(enum cm_ca_phase phase) { unsigned int i; for (i = 0; i < sizeof(cm_ca_phase_names) / sizeof(cm_ca_phase_names[0]); i++) { if (cm_ca_phase_names[i].phase == phase) { return cm_ca_phase_names[i].name; } } return "invalid"; } const char * cm_store_state_as_string(enum cm_state state) { unsigned int i; for (i = 0; i < sizeof(cm_state_names) / sizeof(cm_state_names[0]); i++) { if (cm_state_names[i].state == state) { return cm_state_names[i].name; } } return "UNKNOWN"; } enum cm_ca_phase_state cm_store_ca_state_from_string(const char *name) { unsigned long l; unsigned i; char *p; for (i = 0; i < sizeof(cm_ca_state_names) / sizeof(cm_ca_state_names[0]); i++) { if (strcasecmp(cm_ca_state_names[i].name, name) == 0) { return cm_ca_state_names[i].state; } } l = strtoul(name, &p, 10); if ((*name != '\0') && (p != NULL) && (*p == '\0')) { return l; } return CM_CA_DISABLED; } enum cm_ca_phase cm_store_ca_phase_from_string(const char *name) { unsigned long l; unsigned int i; char *p; for (i = 0; i < sizeof(cm_ca_phase_names) / sizeof(cm_ca_phase_names[0]); i++) { if (strcasecmp(cm_ca_phase_names[i].name, name) == 0) { return cm_ca_phase_names[i].phase; } } l = strtoul(name, &p, 10); if ((*name != '\0') && (p != NULL) && (*p == '\0')) { return l; } return cm_ca_phase_invalid; } enum cm_state cm_store_state_from_string(const char *name) { unsigned long l; unsigned int i; char *p; for (i = 0; i < sizeof(cm_state_names) / sizeof(cm_state_names[0]); i++) { if (strcasecmp(cm_state_names[i].name, name) == 0) { return cm_state_names[i].state; } } l = strtoul(name, &p, 10); if ((*name != '\0') && (p != NULL) && (*p == '\0')) { return l; } return CM_INVALID; } char * cm_store_maybe_strdup(void *parent, const char *s) { if ((s != NULL) && (strlen(s) > 0)) { return talloc_strdup(parent, s); } return NULL; } char ** cm_store_maybe_strdupv(void *parent, char **s) { int i; char **ret = NULL; for (i = 0; (s != NULL) && (s[i] != NULL); i++) { continue; } if (i > 0) { ret = talloc_array_ptrtype(parent, ret, i + 1); if (ret != NULL) { for (i = 0; (s != NULL) && (s[i] != NULL); i++) { ret[i] = talloc_strdup(ret, s[i]); } ret[i] = NULL; } } return ret; } /* Generic routines. */ struct cm_store_entry * cm_store_entry_new(void *parent) { struct cm_store_entry *entry; entry = talloc_ptrtype(parent, entry); if (entry != NULL) { memset(entry, 0, sizeof(*entry)); } return entry; } struct cm_store_ca * cm_store_ca_new(void *parent) { struct cm_store_ca *ca; ca = talloc_ptrtype(parent, ca); if (ca != NULL) { memset(ca, 0, sizeof(*ca)); } return ca; } time_t cm_store_time_from_timestamp(const char *timestamp) { struct tm stamp; char buf[5]; time_t t; int i; if (strlen(timestamp) < 12) { return 0; } memset(&stamp, 0, sizeof(stamp)); if ((strlen(timestamp) == 14) || (strlen(timestamp) == 15)){ memcpy(buf, timestamp, 4); i = 4; buf[i] = '\0'; stamp.tm_year = atoi(buf) - 1900; } else { if ((strlen(timestamp) == 12) || (strlen(timestamp) == 13)) { memcpy(buf, timestamp, 2); i = 2; buf[i] = '\0'; stamp.tm_year = atoi(buf); if (stamp.tm_year < 50) { stamp.tm_year += 100; } } else { return 0; } } memcpy(buf, timestamp + i, 2); i += 2; buf[2] = '\0'; stamp.tm_mon = atoi(buf) - 1; memcpy(buf, timestamp + i, 2); i += 2; buf[2] = '\0'; stamp.tm_mday = atoi(buf); memcpy(buf, timestamp + i, 2); i += 2; buf[2] = '\0'; stamp.tm_hour = atoi(buf); memcpy(buf, timestamp + i, 2); i += 2; buf[2] = '\0'; stamp.tm_min = atoi(buf); memcpy(buf, timestamp + i, 2); buf[2] = '\0'; stamp.tm_sec = atoi(buf); t = timegm(&stamp); return t; } char * cm_store_timestamp_from_time(time_t when, char timestamp[15]) { struct tm tm; if ((when != 0) && (gmtime_r(&when, &tm) == &tm)) { sprintf(timestamp, "%04d%02d%02d%02d%02d%02d", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec); } else { strcpy(timestamp, "19700101000000"); } return timestamp; } char * cm_store_local_timestamp_from_time_for_display(time_t when) { char *timestamp; struct tm tm; tzset(); if ((when != 0) && (localtime_r(&when, &tm) == &tm)) { timestamp = malloc(24 + strlen(tm.tm_zone)); if (timestamp != NULL) { sprintf(timestamp, "%04d-%02d-%02d %02d:%02d:%02d %s", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, tm.tm_zone); } } else { timestamp = malloc(24); if (timestamp != NULL) { strcpy(timestamp, "1970-01-01 00:00:00 UTC"); } } return timestamp; } char * cm_store_timestamp_from_time_for_display(time_t when, char timestamp[25]) { struct tm tm; if ((when != 0) && (gmtime_r(&when, &tm) == &tm)) { sprintf(timestamp, "%04d-%02d-%02d %02d:%02d:%02d UTC", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec); } else { strcpy(timestamp, "1970-01-01 00:00:00 UTC"); } return timestamp; } char * cm_store_increment_serial(void *parent, const char *old_serial) { char *tmp, *serial; int len, i; if ((old_serial == NULL) || (strlen(old_serial) < 2)) { return talloc_strdup(parent, "01"); } tmp = talloc_strdup(parent, old_serial); len = strlen(tmp); for (i = len - 1; i >= 0; i--) { switch (tmp[i]) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case 'A': case 'B': case 'C': case 'D': case 'E': case 'a': case 'b': case 'c': case 'd': case 'e': tmp[i]++; break; case '9': tmp[i] = 'A'; break; case 'F': case 'f': tmp[i] = '0'; /* carry */ continue; break; } /* stop */ break; } if (i < 0) { /* ran out of digits, need to prepend another byte */ serial = talloc_asprintf(parent, "01%s", tmp); talloc_free(tmp); } else { if (strchr("89abcdefABCDEF", tmp[0]) != NULL) { /* prepend a zero byte to keep it unsigned */ serial = talloc_asprintf(parent, "00%s", tmp); talloc_free(tmp); } else { /* ok as is */ serial = tmp; } } return serial; } /* Produce a hex representation of the binary data. */ char * cm_store_hex_from_bin(void *parent, const unsigned char *serial, int length) { const char *hexchars = "0123456789ABCDEF"; char *ret; int i; if (length < 0) { length = strlen((const char *) serial); } ret = talloc_zero_size(parent, length * 2 + 1); for (i = 0; i < length; i++) { ret[i * 2] = hexchars[(serial[i] >> 4) & 0x0f]; ret[i * 2 + 1] = hexchars[(serial[i]) & 0x0f]; } ret[i * 2] = '\0'; return ret; } /* Produce a hex representation of the hex serial number encoded as a DER * integer. XXX has an upper limit on the length. */ char * cm_store_serial_to_der(void *parent, const char *serial) { const char *hexchars = "0123456789ABCDEF"; char *ret; int length; length = strlen(serial); ret = talloc_zero_size(parent, length + 5); ret[0] = '0'; ret[1] = '2'; ret[2] = hexchars[((length / 2) >> 4) & 0x0f]; ret[3] = hexchars[(length / 2) & 0x0f]; strcpy(ret + 4, serial); return ret; } /* Convert hex chars to fill a buffer. Input characters which don't belong are * treated as zeros. We stop when we run out of input characters or run out of * space in the output buffer. */ int cm_store_hex_to_bin(const char *serial, unsigned char *buf, int length) { const char *p, *q, *chars = "0123456789abcdef"; unsigned char *b, u; u = 0; for (p = serial, b = buf; ((*p != '\0') && ((b - buf) < length)); p++) { switch ((p - serial) % 2) { case 0: q = strchr(chars, tolower(*p)); if (q == NULL) { q = strchr(chars, toupper(*p)); } u = q ? q - chars : 0; break; case 1: q = strchr(chars, tolower(*p)); if (q == NULL) { q = strchr(chars, toupper(*p)); } u = (u << 4) | (q ? q - chars : 0); *b++ = u; break; } } return b - buf; } char * cm_store_canonicalize_path(void *parent, const char *path) { char *tmp = NULL, *p, *q, buf[PATH_MAX], *prefix; int i; if (strncmp(path, "dbm:", 4) == 0) { prefix = "dbm"; path += 4; } else if (strncmp(path, "sql:", 4) == 0) { prefix = "sql"; path += 4; } else if (strncmp(path, "rdb:", 4) == 0) { prefix = "rdb"; path += 4; } else if (strncmp(path, "extern:", 4) == 0) { prefix = "extern"; path += 7; } else { prefix = NULL; } i = strlen(path); if (i > 1) { while ((i > 1) && (path[i - 1] == '/')) { i--; } tmp = talloc_strndup(parent, path, i); } else { tmp = talloc_strdup(parent, path); } if ((tmp != NULL) && (tmp[0] != '/')) { memset(buf, '\0', sizeof(buf)); if (getcwd(buf, sizeof(buf) - 1) != NULL) { tmp = talloc_asprintf(parent, "%s//%s", buf, tmp); } } if (tmp != NULL) { for (p = tmp; *p != '\0'; p++) { if ((strncmp(p, "/", 1) == 0) && ((p[1] == '/') || (p[1] == '\0'))) { memmove(p, p + 1, strlen(p + 1) + 1); } } for (p = tmp; *p != '\0'; p++) { if ((strncmp(p, "/.", 2) == 0) && ((p[2] == '/') || (p[2] == '\0'))) { memmove(p, p + 2, strlen(p + 2) + 1); } } for (p = tmp; *p != '\0'; p++) { if ((strncmp(p, "/..", 3) == 0) && ((p[3] == '/') || (p[3] == '\0'))) { q = p - 1; while ((q >= tmp) && (*q != '/')) { q--; } if (*q == '/') { memmove(q, p + 3, strlen(p + 3) + 1); } else { break; } } } if (prefix != NULL) { tmp = talloc_asprintf(parent, "%s:%s", prefix, tmp); } } return tmp; } void cm_store_set_if_not_set_s(void *parent, char **dest, char *src) { if ((*dest == NULL) && (src != NULL) && (strlen(src) > 0)) { *dest = talloc_strdup(parent, src); } } void cm_store_set_if_not_set_as(void *parent, char ***dest, char **src) { int i, j; char **ret; if (*dest == NULL) { for (i = 0; (src != NULL) && (src[i] != NULL); i++) { continue; } if (i > 0) { ret = talloc_zero_size(parent, sizeof(char *) * (i + 1)); if (ret != NULL) { for (j = 0; j < i; j++) { ret[j] = talloc_strdup(ret, src[j]); if (ret[j] == NULL) { /* Out of space? */ break; } } ret[j] = NULL; if (i != j) { /* Out of space? */ ret = NULL; } } *dest = ret; } } } int cm_store_utf8_to_bmp_string(char *s, unsigned char **bmp, unsigned int *len) { iconv_t conv; unsigned int i; const unsigned char *u; uint16_t *u16; char *inbuf, *outbuf; size_t inleft, outleft, res, space; *bmp = NULL; conv = iconv_open("UTF16BE", "UTF8"); if (conv != NULL) { inbuf = s; space = strlen(s) * 4; *bmp = malloc(space); outbuf = (char *) *bmp; if (outbuf == NULL) { iconv_close(conv); return -1; } memset(*bmp, 0, space); inleft = strlen(s); outleft = space; res = iconv(conv, &inbuf, &inleft, &outbuf, &outleft); iconv_close(conv); switch (res) { case (size_t) -1: return -1; break; default: *len = space - outleft; return 0; break; } } else { /* Impressively wrong. */ u16 = malloc((strlen(s) + 1) * 2); if (u16 == NULL) { return -1; } u = (const unsigned char *) s; for (i = 0; u[i] != '\0'; i++) { u16[i] = htons(u[i]); } *bmp = (unsigned char *) u16; *len = i * 2; } return 0; } char * cm_store_utf8_from_bmp_string(unsigned char *bmp, unsigned int len) { iconv_t conv; char *inbuf, *outbuf, *s; size_t inleft, outleft, res, space; conv = iconv_open("UTF8", "UTF16BE"); if (conv != NULL) { inbuf = (char *) bmp; space = len * 3; s = malloc(space); outbuf = s; if (outbuf == NULL) { iconv_close(conv); return NULL; } memset(s, '\0', space); inleft = len; outleft = space; res = iconv(conv, &inbuf, &inleft, &outbuf, &outleft); iconv_close(conv); switch (res) { case (size_t) -1: free(s); return NULL; break; default: return s; break; } } return NULL; } char * cm_store_base64_from_bin(void *parent, const unsigned char *buf, int length) { char *p, *ret; int max, i, j; uint32_t acc; if (length < 0) { length = strlen((const char *) buf); } max = 4 * howmany(length, 3) + 1; p = malloc(max); if (p == NULL) { return NULL; } for (i = 0, j = 0, acc = 0; i < length; i++) { acc = (acc << 8) | buf[i]; if ((i % 3) == 2) { p[j++] = BASE64_ALPHABET[(acc >> 18) & 0x3f]; p[j++] = BASE64_ALPHABET[(acc >> 12) & 0x3f]; p[j++] = BASE64_ALPHABET[(acc >> 6) & 0x3f]; p[j++] = BASE64_ALPHABET[(acc >> 0) & 0x3f]; acc = 0; } } switch (i % 3) { case 0: break; case 1: acc = (acc << 8) | 0; acc = (acc << 8) | 0; p[j++] = BASE64_ALPHABET[(acc >> 18) & 0x3f]; p[j++] = BASE64_ALPHABET[(acc >> 12) & 0x3f]; p[j++] = '='; p[j++] = '='; break; case 2: acc = (acc << 8) | 0; p[j++] = BASE64_ALPHABET[(acc >> 18) & 0x3f]; p[j++] = BASE64_ALPHABET[(acc >> 12) & 0x3f]; p[j++] = BASE64_ALPHABET[(acc >> 6) & 0x3f]; p[j++] = '='; break; } p[j++] = '\0'; ret = talloc_strdup(parent, p); free(p); return ret; } int cm_store_base64_to_bin(const char *serial, int insize, unsigned char *buf, int length) { const char *p, *q, *chars = BASE64_ALPHABET; unsigned char *b; uint32_t u, count; u = 0; count = 0; if (insize < 0) { insize = strlen(serial); } for (p = serial, b = buf; (((p - serial) < insize) && (*p != '\0') && (*p != '=') && ((b - buf) < length)); p++) { q = strchr(chars, *p); if (q != NULL) { switch (count % 4) { case 0: u = q - chars; break; case 1: u = (u << 6) | (q - chars); break; case 2: u = (u << 6) | (q - chars); break; case 3: u = (u << 6) | (q - chars); *b++ = (u >> 16) & 0xff; if (b - buf >= length) { break; } *b++ = (u >> 8) & 0xff; if (b - buf >= length) { break; } *b++ = (u >> 0) & 0xff; u = 0; break; } count++; } } switch (count % 4) { case 0: case 1: break; case 2: u = (u << 12); *b++ = (u >> 16) & 0xff; break; case 3: u = (u << 6); *b++ = (u >> 16) & 0xff; if (b - buf >= length) { break; } *b++ = (u >> 8) & 0xff; break; } return b - buf; } char * cm_store_base64_as_bin(void *parent, const char *serial, int size, int *length) { unsigned char *buf; ssize_t l; if (size < 0) { size = strlen(serial); } l = howmany(size, 4) * 3 + 1; buf = talloc_size(parent, l); if (buf != NULL) { l = cm_store_base64_to_bin(serial, size, buf, l - 1); buf[l] = '\0'; if (length != NULL) { *length = l; } } return (char *) buf; } char * cm_store_base64_from_hex(void *parent, const char *s) { unsigned char *buf; char *ret; unsigned int length; length = strlen(s) / 2; buf = malloc(length); if (buf == NULL) { return NULL; } length = cm_store_hex_to_bin(s, buf, length); ret = cm_store_base64_from_bin(parent, buf, length); free(buf); return ret; } certmonger-0.79.19/src/store-int.h0000644000175000017500000003333214511314133016322 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmstore_int_h #define cmstore_int_h #include #include struct cm_store_entry { /* Per-instance unique identifier. */ char *cm_busname; /* Store-private data - usually an identifier for the nonvolatile * saved copy, might be other stuff. */ void *cm_store_private; /* A persistent unique identifier or nickname. */ char *cm_nickname; /* Type of key pair to generate [or use default settings] RSA,2048 */ struct cm_key_type { enum cm_key_algorithm { cm_key_unspecified = 0, cm_key_rsa = 1, #ifdef CM_ENABLE_DSA cm_key_dsa, #endif #ifdef CM_ENABLE_EC cm_key_ecdsa, #endif } cm_key_algorithm, cm_key_gen_algorithm; int cm_key_size, cm_key_gen_size; } cm_key_type, cm_key_next_type; char *cm_key_next_marker; unsigned int cm_key_preserve: 1; time_t cm_key_generated_date, cm_key_next_generated_date; unsigned int cm_key_issued_count; unsigned int cm_key_requested_count, cm_key_next_requested_count; /* Location of key pair [use-once default] NSS,/etc/pki/nssdb */ enum cm_key_storage_type { cm_key_storage_none = 0, cm_key_storage_file, cm_key_storage_nssdb, } cm_key_storage_type; char *cm_key_storage_location; char *cm_key_token; char *cm_key_nickname; char *cm_key_pin; char *cm_key_pin_file; char *cm_key_owner; mode_t cm_key_perms; char *cm_nss_user; /* Cached plain public key (used for computing subject and authority key IDs) */ char *cm_key_pubkey, *cm_key_next_pubkey; /* Cached public key info (used in signing requests when using NSS) */ char *cm_key_pubkey_info, *cm_key_next_pubkey_info; /* Location of certificate [use-once default] * NSS,/etc/pki/nssdb,Server-Cert-default */ enum cm_cert_storage_type { cm_cert_storage_file = 0, cm_cert_storage_nssdb, } cm_cert_storage_type; char *cm_cert_storage_location; char *cm_cert_token; char *cm_cert_nickname; char *cm_cert_owner; mode_t cm_cert_perms; /* Cached certificate issuer/serial/subject/spki/expiration */ char *cm_cert_issuer_der; char *cm_cert_issuer; char *cm_cert_serial; char *cm_cert_subject_der; char *cm_cert_subject; char *cm_cert_spki; time_t cm_cert_not_before; time_t cm_cert_not_after; char **cm_cert_hostname; char **cm_cert_email; char **cm_cert_principal; char **cm_cert_ipaddress; char *cm_cert_ku; char *cm_cert_eku; unsigned int cm_cert_is_ca: 1; int cm_cert_ca_path_length; char **cm_cert_crl_distribution_point; char **cm_cert_freshest_crl; char **cm_cert_ocsp_location; char *cm_cert_ns_comment; char *cm_cert_profile; char *cm_cert_ns_certtype; unsigned int cm_cert_no_ocsp_check: 1; time_t cm_last_need_notify_check; time_t cm_last_need_enroll_check; /* How to notify administrator: syslog(LOG_AUTHPRIV?), mail to root@? */ enum cm_notification_method { cm_notification_unspecified, cm_notification_none, cm_notification_syslog, cm_notification_email, cm_notification_command, cm_notification_stdout, /* for testing _ONLY_ */ } cm_notification_method; char *cm_notification_destination; /* CSR template information [or imported from existing certificate] * subject (cn=host name) * subjectaltname * hostname * email * principal name * IP address * ku, eku * is_ca, ca_path_length * crl_distribution_points * freshest_crl * aia_ocsp_locations * nscomment * template */ char *cm_template_subject_der; char *cm_template_subject; char **cm_template_hostname; char **cm_template_email; char **cm_template_principal; char **cm_template_ipaddress; char *cm_template_ku; char *cm_template_eku; unsigned int cm_template_is_ca: 1; int cm_template_ca_path_length; char **cm_template_crl_distribution_point; char **cm_template_freshest_crl; char **cm_template_ocsp_location; char *cm_template_ns_comment; char *cm_template_profile; char *cm_template_issuer; char *cm_template_ns_certtype; char *cm_template_certificate_template; unsigned int cm_template_no_ocsp_check: 1; /* A challenge password, which may be included (in cleartext form!) in * a CSR. */ char *cm_template_challenge_password; char *cm_template_challenge_password_file; /* The CSR, base64-encoded. */ char *cm_csr; /* The SPKAC, base64-encoded. */ char *cm_spkac; /* An SCEP transaction number corresponding to this CSR and signing request. */ char *cm_scep_tx; /* An SCEP nonce. */ char *cm_scep_nonce, *cm_scep_last_nonce; /* An SCEP PKCSReq message, signed with our current key, and possibly * the next key. */ char *cm_scep_req, *cm_scep_req_next; /* An SCEP GetInitialCert message, signed with our current key, and * possibly the next key. */ char *cm_scep_gic, *cm_scep_gic_next; /* A minimal self-signed certificate. */ char *cm_minicert; /* Our idea of the state of the cert. */ enum cm_state { CM_NEED_KEY_PAIR, CM_GENERATING_KEY_PAIR, CM_NEED_KEY_GEN_PERMS, CM_NEED_KEY_GEN_PIN, CM_NEED_KEY_GEN_TOKEN, CM_HAVE_KEY_PAIR, CM_NEED_KEYINFO, CM_READING_KEYINFO, CM_NEED_KEYINFO_READ_PIN, CM_NEED_KEYINFO_READ_TOKEN, CM_HAVE_KEYINFO, CM_NEED_CSR, CM_GENERATING_CSR, CM_NEED_CSR_GEN_PIN, CM_NEED_CSR_GEN_TOKEN, CM_HAVE_CSR, CM_NEED_SCEP_DATA, CM_GENERATING_SCEP_DATA, CM_NEED_SCEP_GEN_PIN, CM_NEED_SCEP_GEN_TOKEN, CM_NEED_SCEP_ENCRYPTION_CERT, CM_NEED_SCEP_RSA_CLIENT_KEY, CM_HAVE_SCEP_DATA, CM_NEED_TO_SUBMIT, CM_SUBMITTING, CM_NEED_CA, CM_CA_UNREACHABLE, CM_CA_UNCONFIGURED, CM_CA_REJECTED, CM_CA_WORKING, CM_NEED_TO_SAVE_CERT, CM_PRE_SAVE_CERT, CM_START_SAVING_CERT, CM_SAVING_CERT, CM_NEED_CERTSAVE_PERMS, CM_NEED_CERTSAVE_TOKEN, CM_NEED_CERTSAVE_PIN, CM_NEED_TO_SAVE_CA_CERTS, CM_START_SAVING_CA_CERTS, CM_SAVING_CA_CERTS, CM_NEED_CA_CERT_SAVE_PERMS, CM_NEED_TO_SAVE_ONLY_CA_CERTS, CM_START_SAVING_ONLY_CA_CERTS, CM_SAVING_ONLY_CA_CERTS, CM_NEED_ONLY_CA_CERT_SAVE_PERMS, CM_NEED_TO_READ_CERT, CM_READING_CERT, CM_SAVED_CERT, CM_POST_SAVED_CERT, CM_MONITORING, CM_NEED_TO_NOTIFY_VALIDITY, CM_NOTIFYING_VALIDITY, CM_NEED_TO_NOTIFY_REJECTION, CM_NOTIFYING_REJECTION, CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED, CM_NOTIFYING_ISSUED_SAVE_FAILED, CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED, CM_NOTIFYING_ISSUED_CA_SAVE_FAILED, CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED, CM_NOTIFYING_ONLY_CA_SAVE_FAILED, CM_NEED_TO_NOTIFY_ISSUED_SAVED, CM_NOTIFYING_ISSUED_SAVED, CM_NEED_GUIDANCE, CM_NEWLY_ADDED, CM_NEWLY_ADDED_START_READING_KEYINFO, CM_NEWLY_ADDED_READING_KEYINFO, CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN, CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN, CM_NEWLY_ADDED_START_READING_CERT, CM_NEWLY_ADDED_READING_CERT, CM_NEWLY_ADDED_DECIDING, CM_INVALID, } cm_state; /* Whether to autorenew-at-expiration */ unsigned int cm_autorenew:1; /* Whether to start monitoring at issue */ unsigned int cm_monitor:1; /* Type and location of CA [or use default if NULL] */ char *cm_ca_nickname; /* Date of submission for in-progress submissions. */ time_t cm_submitted; /* Value of CA cookie for in-progress submissions. */ char *cm_ca_cookie; /* An error message from the CA, hopefully a useful one. */ char *cm_ca_error; /* The certificate, if we have one. */ char *cm_cert; /* Certificates between ours and the CA's root, if there are any. */ struct cm_nickcert { char *cm_nickname; /* Suggested nickname. */ char *cm_cert; /* PEM-format certificate. */ } **cm_cert_chain; /* Per-certificate CA certificate list, if for some reason we're * tracking CA certificates for just this certificate instead of as * part of the metadata we keep about the CA. */ struct cm_nickcert **cm_cert_roots; /* A command to run before we save the certificate. */ char *cm_pre_certsave_command; /* The UID of the user as whom we run the above command. */ char *cm_pre_certsave_uid; /* A command to run after we save the certificate. */ char *cm_post_certsave_command; /* The UID of the user as whom we run the above command. */ char *cm_post_certsave_uid; /* Initially-empty lists of places where we the CA's roots, the CA's * other roots, and the CA's other certs and our chain. */ char **cm_root_cert_store_files; char **cm_other_root_cert_store_files; char **cm_other_cert_store_files; char **cm_root_cert_store_nssdbs; char **cm_other_root_cert_store_nssdbs; char **cm_other_cert_store_nssdbs; }; struct cm_store_ca { /* Per-instance unique identifier. */ char *cm_busname; /* Store-private data - usually an identifier for the nonvolatile * saved copy, might be other stuff. */ void *cm_store_private; /* A persistent unique identifier or nickname. */ char *cm_nickname; /* What the helper suggests it be called. */ char *cm_ca_aka; /* We have multiple state machines. */ enum cm_ca_phase { cm_ca_phase_identify = 0, cm_ca_phase_certs, cm_ca_phase_profiles, cm_ca_phase_default_profile, cm_ca_phase_enroll_reqs, cm_ca_phase_renew_reqs, cm_ca_phase_capabilities, cm_ca_phase_encryption_certs, cm_ca_phase_invalid, } cm_ca_phase; /* Data refresh state. */ enum cm_ca_phase_state { CM_CA_IDLE = 0, CM_CA_NEED_TO_REFRESH, CM_CA_REFRESHING, CM_CA_DATA_UNREACHABLE, CM_CA_NEED_TO_SAVE_DATA, CM_CA_PRE_SAVE_DATA, CM_CA_START_SAVING_DATA, CM_CA_SAVING_DATA, CM_CA_NEED_POST_SAVE_DATA, CM_CA_POST_SAVE_DATA, CM_CA_SAVED_DATA, CM_CA_NEED_TO_ANALYZE, CM_CA_ANALYZING, CM_CA_DISABLED, } cm_ca_state[cm_ca_phase_invalid]; /* A list of issuer names. If no CA is specified when we create a new * request, and the certificate already exists and was issued by one of * these names, we'll use this CA. */ char **cm_ca_known_issuer_names; /* Whether or not this is the default, absent any matches with issuer * names of other CAs. */ int cm_ca_is_default:1; /* Type of CA. Internal helpers can't be deleted and are handled by * internal logic. External helpers can be deleted, and call out to a * helper to do the actual submission. */ enum cm_ca_type { cm_ca_internal_self, cm_ca_external, } cm_ca_type; char *cm_ca_internal_serial; int cm_ca_internal_force_issue_time:1; time_t cm_ca_internal_issue_time; char *cm_ca_external_helper; /* An error message from the CA, hopefully a useful one. */ char *cm_ca_error; /* "The" root, at the top of the chain of trust. */ struct cm_nickcert **cm_ca_root_certs; /* A possibly-empty list of other trusted roots, for whatever reason. */ struct cm_nickcert **cm_ca_other_root_certs; /* A possibly-empty list of other certificates which we might need when * constructing chains. If our issuer isn't self-signed, then it * should show up in this list. */ struct cm_nickcert **cm_ca_other_certs; /* A list of attributes which the CA requires us to supply with * requests for new certificates, which we should in turn require of * our clients. */ char **cm_ca_required_enroll_attributes; char **cm_ca_required_renewal_attributes; /* A list of enrollment profiles which are supported, and a default. */ char **cm_ca_profiles; char *cm_ca_default_profile; /* A command to run before we save data to wherever it goes. */ char *cm_ca_pre_save_command; /* The UID of the user as whom we run the above command. */ char *cm_ca_pre_save_uid; /* A command to run after we save data to wherever it goes. */ char *cm_ca_post_save_command; /* The UID of the user as whom we run the above command. */ char *cm_ca_post_save_uid; /* Initially-empty lists of places where we store our roots, other * roots, and other certs. */ char **cm_ca_root_cert_store_files; char **cm_ca_other_root_cert_store_files; char **cm_ca_other_cert_store_files; char **cm_ca_root_cert_store_nssdbs; char **cm_ca_other_root_cert_store_nssdbs; char **cm_ca_other_cert_store_nssdbs; /* CA capabilities. Currently only ever SCEP capabilities. */ char **cm_ca_capabilities; /* SCEP Cipher to use. Overrides CA Capabilities */ char *cm_ca_scep_cipher; /* SCEP Digest to use. Overrides CA Capabilities */ char *cm_ca_scep_digest; /* An SCEP CA identifier, for use in gathering an RA (and possibly a * CA) certificate. */ char *cm_ca_scep_ca_identifier; /* The CA's SCEP RA certificate, used for encrypting requests to it. * Currently only used for SCEP. */ char *cm_ca_encryption_cert; /* The CA's SCEP CA certificate, if it's different from the RA's * certificate. Currently only used for SCEP. */ char *cm_ca_encryption_issuer_cert; /* The CA's SCEP certificate pool, used for other SCEP-related * certificates. A concatenated list of PEM-format certificates, since * we don't need anything more complicated than that in order to verify * the chain on signed data coming from the RA. */ char *cm_ca_encryption_cert_pool; }; const char *cm_store_state_as_string(enum cm_state state); enum cm_state cm_store_state_from_string(const char *name); const char *cm_store_ca_state_as_string(enum cm_ca_phase_state state); enum cm_ca_phase_state cm_store_ca_state_from_string(const char *name); const char *cm_store_ca_phase_as_string(enum cm_ca_phase phase); enum cm_ca_phase cm_store_ca_phase_from_string(const char *name); char *cm_store_entry_next_busname(void *parent); struct cm_store_entry *cm_store_files_entry_read(void *parent, const char *filename); char *cm_store_ca_next_busname(void *parent); struct cm_store_ca *cm_store_files_ca_read(void *parent, const char *filename); #endif certmonger-0.79.19/src/store.h0000644000175000017500000000612214511314133015527 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2014,2015,2016 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmstore_h #define cmstore_h struct cm_store_entry; struct cm_store_ca; /* Generic routines. */ struct cm_store_entry *cm_store_entry_new(void *parent); struct cm_store_ca *cm_store_ca_new(void *parent); struct cm_store_entry *cm_store_entry_dup(void *parent, struct cm_store_entry *entry); struct cm_store_ca *cm_store_ca_dup(void *parent, struct cm_store_ca *ca); /* Store-specific entry storage. */ int cm_store_entry_save(struct cm_store_entry *entry); int cm_store_entry_delete(struct cm_store_entry *entry); struct cm_store_entry **cm_store_get_all_entries(void *parent); /* Store-specific CA storage. */ int cm_store_ca_save(struct cm_store_ca *ca); int cm_store_ca_delete(struct cm_store_ca *ca); struct cm_store_ca **cm_store_get_all_cas(void *parent); /* Utility functions. */ time_t cm_store_time_from_timestamp(const char *timestamp); char *cm_store_timestamp_from_time(time_t when, char timestamp[15]); int cm_store_make_uuid_string(char out[37]); int cm_store_make_uuid_string_underscore(char out[37]); char *cm_store_timestamp_from_time_for_display(time_t when, char timestamp[24]); char *cm_store_local_timestamp_from_time_for_display(time_t when); char *cm_store_increment_serial(void *parent, const char *old_serial); char *cm_store_serial_to_binary(void *parent, const unsigned char *serial, int length); char *cm_store_serial_to_der(void *parent, const char *serial); char *cm_store_hex_from_bin(void *parent, const unsigned char *serial, int length); int cm_store_hex_to_bin(const char *serial, unsigned char *buf, int length); char *cm_store_base64_from_bin(void *parent, const unsigned char *buf, int length); int cm_store_base64_to_bin(const char *serial, int insize, unsigned char *buf, int maxlength); char *cm_store_base64_as_bin(void *parent, const char *serial, int insize, int *length); char *cm_store_base64_from_hex(void *parent, const char *hex); char *cm_store_canonicalize_path(void *parent, const char *path); char *cm_store_maybe_strdup(void *parent, const char *s); char **cm_store_maybe_strdupv(void *parent, char **s); void cm_store_set_if_not_set_s(void *parent, char **dest, char *src); void cm_store_set_if_not_set_as(void *parent, char ***dest, char **src); int cm_store_utf8_to_bmp_string(char *s, unsigned char **bmp, unsigned int *len); char *cm_store_utf8_from_bmp_string(unsigned char *bmp, unsigned int len); #endif certmonger-0.79.19/src/submit-d.c0000644000175000017500000011052514511314133016115 0ustar gitgit00000000000000/* * Copyright (C) 2010,2011,2012,2013,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "submit-d.h" #include "submit-e.h" #include "submit-h.h" #include "submit-u.h" #include "util-m.h" #define DOGTAG_DEFAULTS_SET_PATH \ "/xml/output/set/record/list/record/set/defList/list/defList/set" #define DOGTAG_DEFAULTS_SET_MEMBER_NAME "defId" #define DOGTAG_DEFAULTS_SET_MEMBER_VALUE "defVal" #define DOGTAG_DEFAULTS_SET_MEMBER_CONSTRAINT "defConstraint" #define DOGTAG_DEFAULTS_SET_MEMBER_SYNTAX "defSyntax" static char * trim(void *parent, const char *value) { int l; if (value != NULL) { value += strspn(value, " \t\r\n"); l = strlen(value); while ((l > 0) && (strchr(" \t\r\n", value[l - 1]) != NULL)) { l--; } if (l > 0) { return talloc_strndup(parent, value, l); } else { return NULL; } } return NULL; } static char * cm_submit_d_xml_node_text(void *parent, xmlNodePtr node, const char *subname) { xmlNodePtr subnode; char *ret; const char *content; int i; subnode = NULL; if (subname != NULL) { /* point "node" at a child with the given name */ subnode = node->children; node = NULL; while (subnode != NULL) { if ((subnode->type == XML_ELEMENT_NODE) && (strcmp((const char *) subnode->name, subname) == 0)) { node = subnode; break; } subnode = subnode->next; } } if (node != NULL) { /* point "node" at its first text child, if it has one */ subnode = node->children; node = NULL; while (subnode != NULL) { if (subnode->type == XML_TEXT_NODE) { node = subnode; break; } subnode = subnode->next; } } ret = NULL; if (node != NULL) { content = (const char *) node->content; content += strspn(content, "\r\n"); i = strlen(content); while ((i > 0) && (strchr("\r\n", content[i - 1]) != NULL)) { i--; } ret = talloc_strndup(parent, content, i); } return ret; } static struct dogtag_default * cm_submit_d_xml_default(void *parent, xmlNodePtr node) { char *name, *value, *constraint, *syntax; const char *subname; struct dogtag_default *ret; subname = DOGTAG_DEFAULTS_SET_MEMBER_NAME; name = cm_submit_d_xml_node_text(parent, node, subname); subname = DOGTAG_DEFAULTS_SET_MEMBER_VALUE; value = cm_submit_d_xml_node_text(parent, node, subname); subname = DOGTAG_DEFAULTS_SET_MEMBER_CONSTRAINT; constraint = cm_submit_d_xml_node_text(parent, node, subname); subname = DOGTAG_DEFAULTS_SET_MEMBER_SYNTAX; syntax = cm_submit_d_xml_node_text(parent, node, subname); if ((value == NULL) && (syntax != NULL) && (strcmp(syntax, "choice") == 0)) { value = talloc_strdup(parent, constraint); if (value != NULL) { value[strcspn(value, ",")] = '\0'; } } if ((name == NULL) || (value == NULL) || (constraint == NULL) || (syntax == NULL)) { return NULL; } if (strcmp(constraint, "readonly") == 0) { return NULL; } ret = talloc_ptrtype(parent, ret); if (ret != NULL) { memset(ret, 0, sizeof(*ret)); ret->name = name; ret->value = value; if (strcmp(syntax, "int") == 0) { ret->syntax = dogtag_int; } else if (strcmp(syntax, "string") == 0) { ret->syntax = dogtag_string; } else if (strcmp(syntax, "boolean") == 0) { ret->syntax = dogtag_boolean; } else if (strcmp(syntax, "choice") == 0) { ret->syntax = dogtag_choice; } else if (strcmp(syntax, "string_list") == 0) { ret->syntax = dogtag_string_list; } else { ret->syntax = dogtag_unknown; } } return ret; } struct dogtag_default ** cm_submit_d_xml_defaults(void *parent, const char *xml) { /* "xpath" -> content */ struct dogtag_default **ret; xmlXPathContextPtr xpctx; xmlXPathObjectPtr obj; xmlDocPtr doc; xmlNodePtr node; xmlChar *xpath; int i, j; ret = NULL; doc = xmlParseMemory(xml, strlen(xml)); if (doc != NULL) { xpctx = xmlXPathNewContext(doc); if (xpctx != NULL) { xpath = xmlCharStrdup(DOGTAG_DEFAULTS_SET_PATH); obj = NULL; if (xpath != NULL) { obj = xmlXPathEval(xpath, xpctx); xmlFree(xpath); } node = NULL; if ((obj != NULL) && (obj->nodesetval != NULL) && (obj->nodesetval->nodeNr > 0)) { ret = malloc(sizeof(*ret) * (obj->nodesetval->nodeNr + 1)); if (ret == NULL) { xmlFree(obj); return NULL; } memset(ret, 0, sizeof(*ret) * (obj->nodesetval->nodeNr + 1)); for (i = 0, j = 0; (i < obj->nodesetval->nodeNr); i++) { node = obj->nodesetval->nodeTab[i]; ret[j] = cm_submit_d_xml_default(parent, node); if (ret[j] != NULL) { j++; } } ret[j] = NULL; } xmlXPathFreeObject(obj); xmlXPathFreeContext(xpctx); } xmlFreeDoc(doc); } return ret; } static char * cm_submit_d_xml_value(void *parent, const char *xml, const char *path) { /* "xpath" -> content */ xmlXPathContextPtr xpctx; xmlXPathObjectPtr obj; xmlDocPtr doc; xmlNodePtr node; xmlChar *xpath; char *ret = NULL; const char *content; int i; doc = xmlParseMemory(xml, strlen(xml)); if (doc != NULL) { xpctx = xmlXPathNewContext(doc); if (xpctx != NULL) { xpath = xmlCharStrdup(path); obj = NULL; if (xpath != NULL) { obj = xmlXPathEval(xpath, xpctx); xmlFree(xpath); } node = NULL; if ((obj != NULL) && (obj->nodesetval != NULL) && (obj->nodesetval->nodeNr > 0)) { for (i = 0; (i < obj->nodesetval->nodeNr) && (node == NULL); i++) { node = obj->nodesetval->nodeTab[i]->children; while (node != NULL) { if (node->type == XML_TEXT_NODE) { break; } node = node->next; } } } if (node != NULL) { content = (const char *) node->content; content = content + strspn(content, "\n"); i = strlen(content) - 1; while ((i > 0) && (strchr("\n", content[i]) != NULL)) { i--; } ret = talloc_strndup(parent, content, i + 1); } xmlXPathFreeObject(obj); xmlXPathFreeContext(xpctx); } xmlFreeDoc(doc); } return ret; } static char * cm_submit_d_text_node(void *parent, xmlXPathObjectPtr obj) { xmlNodePtr node = NULL; const char *content; int i; if ((obj != NULL) && (obj->nodesetval != NULL) && (obj->nodesetval->nodeNr > 0)) { for (i = 0; (i < obj->nodesetval->nodeNr) && (node == NULL); i++) { node = obj->nodesetval->nodeTab[i]->children; while (node != NULL) { if (node->type == XML_TEXT_NODE) { break; } node = node->next; } } } if (node != NULL) { content = (const char *) node->content; content = content + strspn(content, "\n"); i = strlen(content) - 1; while ((i > 0) && (strchr("\n", content[i]) != NULL)) { i--; } return talloc_strndup(parent, content, i + 1); } return NULL; } static xmlXPathObjectPtr node_eval(const xmlChar *base, const xmlChar *rel, xmlXPathContextPtr xpctx) { xmlXPathObjectPtr ret = NULL; char *path = NULL; xmlChar *xpath = NULL; path = talloc_asprintf(NULL, "%s/%s", base, rel); xpath = xmlCharStrdup(path); ret = xmlXPathEval(xpath, xpctx); xmlFree(xpath); talloc_free(path); return ret; } static char * cm_submit_d_xml_value_if(void *parent, xmlXPathContextPtr xpctx, xmlNodePtr node, const char *value_path, const char *boolean_path1, const char *boolean_path2) { xmlChar *npath, *vpath, *bpath1, *bpath2; xmlXPathObjectPtr vobj, bobj1, bobj2; char *v, *b1, *b2; vpath = xmlCharStrdup(value_path); bpath1 = xmlCharStrdup(boolean_path1); bpath2 = xmlCharStrdup(boolean_path2); npath = xmlGetNodePath(node); vobj = NULL; if (vpath != NULL) { vobj = node_eval(npath, vpath, xpctx); xmlFree(vpath); } v = cm_submit_d_text_node(parent, vobj); xmlXPathFreeObject(vobj); if ((v == NULL) || (strlen(v) == 0)) { xmlFree(bpath1); xmlFree(bpath2); return NULL; } bobj1 = NULL; if (bpath1 != NULL) { bobj1 = node_eval(npath, bpath1, xpctx); xmlFree(bpath1); } bobj2 = NULL; if (bpath2 != NULL) { bobj2 = node_eval(npath, bpath2, xpctx); xmlFree(bpath2); } if (bobj1 != NULL) { b1 = cm_submit_d_text_node(parent, bobj1); if (strcasecmp(b1, "true") != 0) { v = NULL; } xmlXPathFreeObject(bobj1); } if (bobj2 != NULL) { b2 = cm_submit_d_text_node(parent, bobj2); if (strcasecmp(b2, "true") != 0) { v = NULL; } xmlXPathFreeObject(bobj2); } return (v != NULL) ? talloc_strdup(parent, v) : NULL; } static char ** cm_submit_d_xml_profiles(void *parent, const char *xml) { xmlXPathContextPtr xpctx; xmlXPathObjectPtr obj; xmlDocPtr doc; xmlNodePtr node; xmlChar *xpath; char **ret = NULL, **tmp, *profile; int i, n = 0; doc = xmlParseMemory(xml, strlen(xml)); if (doc != NULL) { xpctx = xmlXPathNewContext(doc); if (xpctx != NULL) { xpath = xmlCharStrdup("/xml/output/set/record/list/*"); obj = NULL; if (xpath != NULL) { obj = xmlXPathEval(xpath, xpctx); xmlFree(xpath); } node = NULL; if ((obj != NULL) && (obj->nodesetval != NULL) && (obj->nodesetval->nodeNr > 0)) { for (i = 0; (i < obj->nodesetval->nodeNr); i++) { node = obj->nodesetval->nodeTab[i]; if ((node->type == XML_ELEMENT_NODE) && (strcmp((const char *) node->name, "record") == 0)) { profile = cm_submit_d_xml_value_if(parent, xpctx, node, "set/profileId", "set/profileIsEnable", "set/profileIsVisible"); if (profile != NULL) { tmp = talloc_zero_array(parent, char *, n + 2); if (tmp != NULL) { if (n > 0) { memcpy(tmp, ret, sizeof(char *) * n); } tmp[n] = profile; n++; tmp[n] = NULL; ret = tmp; } } } } } xmlXPathFreeObject(obj); xmlXPathFreeContext(xpctx); } xmlFreeDoc(doc); } return ret; } int cm_submit_d_submit_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId, char **cert) { char *tmp; /* ProfileSubmitServlet.java: * 0: issued * 1: internal error * 2: deferred (or "pending") * 3: rejected */ *error_code = cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorCode"); *error_reason = cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorReason"); *error = cm_submit_d_xml_value(parent, xml, "/XMLResponse/Error"); *status = cm_submit_d_xml_value(parent, xml, "/XMLResponse/Status"); *requestId = trim(parent, cm_submit_d_xml_value(parent, xml, "/XMLResponse/RequestId")); *cert = cm_submit_d_xml_value(parent, xml, "/XMLResponse/Requests/Request/b64"); if ((*cert != NULL) && (strlen(*cert) > 0)) { tmp = cm_submit_u_pem_from_base64("CERTIFICATE", 0, *cert); *cert = talloc_strdup(parent, tmp); free(tmp); } return 0; } int cm_submit_d_check_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId) { /* RequestStatus.java: * begin * pending * approved * svc_pending * canceled * rejected * complete */ *error = cm_submit_d_xml_value(parent, xml, "/xml/fixed/unexpectedError"); *status = cm_submit_d_xml_value(parent, xml, "/xml/header/status"); *requestId = cm_submit_d_xml_value(parent, xml, "/xml/header/requestId"); return 0; } int cm_submit_d_reject_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId) { *error = cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorReason") ?: cm_submit_d_xml_value(parent, xml, "/XMLResponse/Error"); *status = cm_submit_d_xml_value(parent, xml, "/XMLResponse/Status"); *requestId = trim(parent, cm_submit_d_xml_value(parent, xml, "/XMLResponse/RequestId")); return 0; } int cm_submit_d_review_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId) { *error_code = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorCode")); *error_reason = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorReason")); *requestId = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/requestId")); *status = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/requestStatus")); return 0; } int cm_submit_d_approve_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId) { *error_code = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorCode")); *error_reason = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorReason")); *requestId = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/requestId")); *status = trim(parent, cm_submit_d_xml_value(parent, xml, "/xml/output/set/requestStatus")); return 0; } int cm_submit_d_fetch_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId, char **cert) { char *stripped, *reformatted; *error = cm_submit_d_xml_value(parent, xml, "/xml/fixed/unexpectedError"); *status = cm_submit_d_xml_value(parent, xml, "/xml/fixed/requestStatus"); *requestId = cm_submit_d_xml_value(parent, xml, "/xml/header/requestId"); *cert = cm_submit_d_xml_value(parent, xml, "/xml/records/record/base64Cert"); if (*cert != NULL) { /* The formatting of the certificate includes an extra blank line after the * last line of base64 data, before the END line, which can trip up some * parsers. Clean it up here. */ stripped = cm_submit_u_base64_from_text(*cert); if (stripped != NULL) { reformatted = cm_submit_u_pem_from_base64("CERTIFICATE", 0, stripped); if (reformatted != NULL) { *cert = talloc_strdup(parent, reformatted); free(reformatted); } free(stripped); } } return 0; } int cm_submit_d_profiles_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char ***profiles) { *error_code = cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorCode"); *error_reason = cm_submit_d_xml_value(parent, xml, "/xml/output/set/errorReason"); *profiles = cm_submit_d_xml_profiles(parent, xml); return 0; } enum cm_external_status cm_submit_d_submit_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL, *cert = NULL; *out = NULL; *err = NULL; cm_submit_d_submit_result(parent, xml, &error_code, &error_reason, &error, &status, &requestId, &cert); if ((status != NULL) && (strcmp(status, "0") == 0) && (cert != NULL)) { *out = talloc_asprintf(parent, "%s\n", trim(parent, cert)); return CM_SUBMIT_STATUS_ISSUED; } if ((status != NULL) && (strcmp(status, "2") == 0) && (requestId != NULL)) { if (can_agent) { *out = talloc_asprintf(parent, "0\nstate=approve&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } else { *out = talloc_asprintf(parent, "state=check&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT; } } if ((error != NULL) || (error_code != NULL) || (error_reason != NULL)) { *out = talloc_asprintf(parent, "Server at \"%s\" replied", url); if (error != NULL) { *out = talloc_asprintf_append(*out, ": %s", error); } if (error_code != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_code); } if (error_reason != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_reason); } } return CM_SUBMIT_STATUS_REJECTED; } enum cm_external_status cm_submit_d_check_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL; *out = NULL; *err = NULL; cm_submit_d_check_result(parent, xml, &error_code, &error_reason, &error, &status, &requestId); if ((status != NULL) && (strcmp(status, "complete") == 0) && (requestId != NULL)) { *out = talloc_asprintf(parent, "0\nstate=retrieve&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } if ((status != NULL) && (strcmp(status, "pending") == 0) && (requestId != NULL)) { if (can_agent) { *out = talloc_asprintf(parent, "0\nstate=approve&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } else { *out = talloc_asprintf(parent, "state=check&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT; } } if ((error != NULL) || (error_code != NULL) || (error_reason != NULL)) { *out = talloc_asprintf(parent, "Server at \"%s\" replied", url); if (error != NULL) { *out = talloc_asprintf_append(*out, ": %s", error); } if (error_code != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_code); } if (error_reason != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_reason); } } return CM_SUBMIT_STATUS_REJECTED; } enum cm_external_status cm_submit_d_reject_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL; *out = NULL; *err = NULL; cm_submit_d_reject_result(parent, xml, &error_code, &error_reason, &error, &status, &requestId); if ((error != NULL) || (error_code != NULL) || (error_reason != NULL)) { *out = talloc_asprintf(parent, "Server at \"%s\" replied", url); if (error != NULL) { *out = talloc_asprintf_append(*out, ": %s", error); } if (error_code != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_code); } if (error_reason != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_reason); } } return CM_SUBMIT_STATUS_REJECTED; } enum cm_external_status cm_submit_d_review_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL; *out = NULL; *err = NULL; cm_submit_d_review_result(parent, xml, &error_code, &error_reason, &error, &status, &requestId); if ((status != NULL) && (strcmp(status, "pending") == 0) && (requestId != NULL)) { *out = talloc_asprintf(parent, "0\nstate=approve&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } if ((status != NULL) && (strcmp(status, "complete") == 0) && (requestId != NULL)) { *out = talloc_asprintf(parent, "0\nstate=retrieve&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } if ((error != NULL) || (error_code != NULL) || (error_reason != NULL)) { *out = talloc_asprintf(parent, "Server at \"%s\" replied", url); if (error != NULL) { *out = talloc_asprintf_append(*out, ": %s", error); } if (error_code != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_code); } if (error_reason != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_reason); } } return CM_SUBMIT_STATUS_REJECTED; } enum cm_external_status cm_submit_d_approve_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL; *out = NULL; *err = NULL; cm_submit_d_approve_result(parent, xml, &error_code, &error_reason, &error, &status, &requestId); if ((status != NULL) && (strcmp(status, "complete") == 0) && (requestId != NULL)) { *out = talloc_asprintf(parent, "0\nstate=retrieve&requestId=%s\n", cm_submit_u_url_encode(requestId)); return CM_SUBMIT_STATUS_WAIT_WITH_DELAY; } if ((error != NULL) || (error_code != NULL) || (error_reason != NULL)) { *out = talloc_asprintf(parent, "Server at \"%s\" replied", url); if (error != NULL) { *out = talloc_asprintf_append(*out, ": %s", error); } if (error_code != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_code); } if (error_reason != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_reason); } } return CM_SUBMIT_STATUS_REJECTED; } enum cm_external_status cm_submit_d_fetch_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL, *cert = NULL; *out = NULL; *err = NULL; cm_submit_d_fetch_result(parent, xml, &error_code, &error_reason, &error, &status, &requestId, &cert); if (cert != NULL) { *out = talloc_asprintf(parent, "%s\n", trim(parent, cert)); return CM_SUBMIT_STATUS_ISSUED; } if ((error != NULL) || (error_code != NULL) || (error_reason != NULL)) { *out = talloc_asprintf(parent, "Server at \"%s\" replied", url); if (error != NULL) { *out = talloc_asprintf_append(*out, ": %s", error); } if (error_code != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_code); } if (error_reason != NULL) { *out = talloc_asprintf_append(*out, ": %s", error_reason); } } return CM_SUBMIT_STATUS_REJECTED; } enum cm_external_status cm_submit_d_profiles_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error_code = NULL, *error_reason = NULL, *status = NULL; char **profiles = NULL; int i; *out = NULL; *err = NULL; cm_submit_d_profiles_result(parent, xml, &error_code, &error_reason, err, &status, &profiles); if (profiles != NULL) { for (i = 0; profiles[i] != NULL; i++) { if (*out != NULL) { *out = talloc_asprintf(parent, "%s%s\n", *out, profiles[i]); } else { *out = talloc_asprintf(parent, "%s\n", profiles[i]); } } return CM_SUBMIT_STATUS_ISSUED; } return CM_SUBMIT_STATUS_REJECTED; } #ifdef CM_SUBMIT_D_MAIN int main(int argc, const char **argv) { void *ctx; enum { op_none, op_submit_csr, op_submit_serial, op_check, op_review, op_reject, op_approve, op_fetch } op; int c, i, id, agent, clientauth, verbose; const char *method = NULL, *eeurl, *agenturl, *cgi = NULL, *file; const char *serial, *profile, *name, *email, *tele; const char *nssdb, *capath, *cainfo, *sslkey, *sslcert, *sslpin; const char *result, *specified_values; struct dogtag_default **defaults, *nodefault[] = { NULL }; char *params = NULL, *uri, *p, *q, *request; char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL, *cert = NULL; struct cm_submit_h_context *hctx; poptContext pctx; const struct poptOption popts[] = { {"submit-csr", 's', POPT_ARG_STRING, &file, 's', "submit request for signing", "FILENAME"}, {"submit-serial-hex", 'S', POPT_ARG_STRING, NULL, 'S', "request renewal using hex serial number", "HEXNUMBER"}, {"submit-serial-dec", 'D', POPT_ARG_STRING, NULL, 'D', "request renewal using serial number", "DECIMALNUMBER"}, {"check", 'c', POPT_ARG_INT, NULL, 'c', "check on pending request", "REQUESTNUMBER"}, {"review", 'R', POPT_ARG_INT, NULL, 'R', "review pending request", "REQUESTNUMBER"}, {"approve", 'A', POPT_ARG_INT, NULL, 'A', "approve pending request", "REQUESTNUMBER"}, {"reject", 'J', POPT_ARG_INT, NULL, 'J', "reject pending request", "REQUESTNUMBER"}, {"fetch", 'f', POPT_ARG_INT, NULL, 'f', "fetch certificate issued for request", "REQUESTNUMBER"}, {"values", 'V', POPT_ARG_STRING, &specified_values, 0, "values to set when approving a request", NULL}, {"client-auth", 'a', POPT_ARG_NONE, NULL, 'a', "submit request using TLS client auth", NULL}, {"ee-url", 'u', POPT_ARG_STRING, &eeurl, 0, NULL, "URL"}, {"agent-url", 'U', POPT_ARG_STRING, &agenturl, 0, NULL, "URL"}, {"name", 'n', POPT_ARG_STRING, &name, 0, "pass \"name\" when submitting request", NULL}, {"email", 'e', POPT_ARG_STRING, &email, 0, "pass \"email\" when submitting request", "ADDRESS"}, {"tele", 't', POPT_ARG_STRING, &tele, 0, "pass \"tele\" when submitting request", "NUMBER"}, {"profile", 'T', POPT_ARG_STRING, &profile, 0, "enrollment profile to request", "NAME"}, {"dbdir", 'd', POPT_ARG_STRING, &nssdb, 0, NULL, "DIRECTORY"}, {"capath", 'P', POPT_ARG_STRING, &capath, 0, NULL, NULL}, {"cafile", 'I', POPT_ARG_STRING, &cainfo, 0, NULL, NULL}, {"sslkey", 'K', POPT_ARG_STRING, &sslkey, 0, NULL, NULL}, {"sslcert", 'C', POPT_ARG_STRING, &sslcert, 0, NULL, NULL}, {"sslpin", 'p', POPT_ARG_STRING, &sslpin, 0, NULL, NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; op = op_none; id = 0; verbose = 0; agent = 0; clientauth = 0; eeurl = NULL; agenturl = NULL; uri = NULL; file = NULL; serial = NULL; name = NULL; email = NULL; tele = NULL; nssdb = NULL; capath = NULL; cainfo = NULL; sslkey = NULL; sslcert = NULL; sslpin = NULL; defaults = NULL; specified_values = NULL; profile = "caServerCert"; pctx = poptGetContext("submit-d", argc, argv, popts, 0); if (pctx == NULL) { return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': op = op_submit_csr; agent = 0; file = poptGetOptArg(pctx); break; case 'S': op = op_submit_serial; agent = 0; serial = util_dec_from_hex(poptGetOptArg(pctx)); break; case 'D': op = op_submit_serial; agent = 0; serial = poptGetOptArg(pctx); break; case 'c': op = op_check; agent = 0; id = strtol(poptGetOptArg(pctx), NULL, 0); break; case 'R': op = op_review; agent = 1; id = strtol(poptGetOptArg(pctx), NULL, 0); break; case 'A': op = op_approve; agent = 1; id = strtol(poptGetOptArg(pctx), NULL, 0); break; case 'J': op = op_reject; agent = 1; id = strtol(poptGetOptArg(pctx), NULL, 0); break; case 'f': op = op_fetch; agent = 0; id = strtol(poptGetOptArg(pctx), NULL, 0); break; case 'v': verbose++; break; case 'a': clientauth++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } if (nssdb != NULL) { setenv("SSL_DIR", nssdb, 1); } restart: ctx = talloc_new(NULL); switch (op) { case op_submit_csr: method = DOGTAG_PROFILE_SUBMIT_METHOD; cgi = DOGTAG_PROFILE_SUBMIT_RESOURCE; p = cm_submit_u_from_file_single(file); if (p == NULL) { printf("Error reading CSR from \"%s\".\n", file); return 1; } request = cm_submit_u_url_encode(p); if (request == NULL) { printf("Error URL-encoding CSR.\n"); return 1; } params = talloc_asprintf(ctx, "profileId=%s&" "cert_request_type=pkcs10&" "cert_request=%s&" "xml=true", profile, request); if (name != NULL) { params = talloc_asprintf(ctx, "%s&requestor_name=%s", params, name); } if (email != NULL) { params = talloc_asprintf(ctx, "%s&requestor_email=%s", params, email); } if (tele != NULL) { params = talloc_asprintf(ctx, "%s&requestor_phone=%s", params, tele); } break; case op_submit_serial: method = DOGTAG_PROFILE_SUBMIT_METHOD; cgi = DOGTAG_PROFILE_SUBMIT_RESOURCE; params = talloc_asprintf(ctx, "profileId=%s&" "serial_num=%s&" "renewal=true&" "xml=true", profile, serial); if (name != NULL) { params = talloc_asprintf(ctx, "%s&requestor_name=%s", params, name); } if (email != NULL) { params = talloc_asprintf(ctx, "%s&requestor_email=%s", params, email); } if (tele != NULL) { params = talloc_asprintf(ctx, "%s&requestor_phone=%s", params, tele); } break; case op_review: method = DOGTAG_PROFILE_REVIEW_METHOD; cgi = DOGTAG_PROFILE_REVIEW_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "xml=true", id); break; case op_reject: method = DOGTAG_PROFILE_PROCESS_METHOD; cgi = DOGTAG_PROFILE_PROCESS_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "op=reject&" "xml=true", id); break; case op_approve: if ((defaults == NULL) && (specified_values == NULL)) { /* ask the server for its defaults */ method = DOGTAG_PROFILE_REVIEW_METHOD; cgi = DOGTAG_PROFILE_REVIEW_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "xml=true", id); } else if (specified_values != NULL) { /* use values specified as CLI options */ method = DOGTAG_PROFILE_PROCESS_METHOD; cgi = DOGTAG_PROFILE_PROCESS_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "op=approve&" "xml=true&%s", id, specified_values); } else { /* use previously-retrieved defaults */ method = DOGTAG_PROFILE_PROCESS_METHOD; cgi = DOGTAG_PROFILE_PROCESS_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "op=approve&" "xml=true", id); for (i = 0; (defaults != NULL) && (defaults[i] != NULL) && (defaults[i]->name != NULL) && (defaults[i]->value != NULL); i++) { p = cm_submit_u_url_encode(defaults[i]->name); q = cm_submit_u_url_encode(defaults[i]->value); if ((p != NULL) && (q != NULL)) { params = talloc_asprintf(ctx, "%s&%s=%s", params, p, q); } } } break; case op_check: method = DOGTAG_CHECK_REQUEST_METHOD; cgi = DOGTAG_CHECK_REQUEST_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "importCert=true&" "xml=true", id); break; case op_fetch: method = DOGTAG_DISPLAY_CERT_METHOD; cgi = DOGTAG_DISPLAY_CERT_RESOURCE; params = talloc_asprintf(ctx, "requestId=%d&" "importCert=true&" "xml=true", id); break; case op_none: printf("Error: no specific request (-s/-S/-D/-c/-R/-A/-J/-f) given.\n"); poptPrintUsage(pctx, stdout, 0); return 1; } if (agent) { if (agenturl == NULL) { printf("Error: CA AGENT-URL not given.\n"); poptPrintUsage(pctx, stdout, 0); return 1; } if (strstr(agenturl, "/") == NULL) { agenturl = talloc_asprintf(ctx, "%s/ca/agent/ca", agenturl); } if ((strstr(agenturl, "http://") == NULL) && (strstr(agenturl, "https://") == NULL)) { agenturl = talloc_asprintf(ctx, "https://%s", agenturl); } } else { if (eeurl == NULL) { printf("Error: CA EE-URL not given.\n"); poptPrintUsage(pctx, stdout, 0); return 1; } if (strstr(eeurl, "/") == NULL) { eeurl = talloc_asprintf(ctx, "%s/ca/ee/ca", eeurl); } if ((strstr(eeurl, "http://") == NULL) && (strstr(eeurl, "https://") == NULL)) { eeurl = talloc_asprintf(ctx, "http://%s", eeurl); } } uri = talloc_asprintf(ctx, "%s/%s", agent ? agenturl : eeurl, cgi); if (verbose > 0) { fprintf(stderr, "url = \"%s%s%s\"\n", uri, params ? "?" : "", params ? params : ""); } hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL, NULL, cainfo, capath, sslcert, sslkey, sslpin, cm_submit_h_negotiate_off, cm_submit_h_delegate_off, clientauth ? cm_submit_h_clientauth_on : cm_submit_h_clientauth_off, cm_submit_h_env_modify_off, verbose > 1 ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); cm_submit_h_run(hctx); c = cm_submit_h_result_code(hctx); if (c != 0) { if ((result = cm_submit_h_result_code_text(hctx)) != NULL) { printf("Error %d: %s\n", c, result); } else { printf("Error %d.\n", c); } return 1; } result = cm_submit_h_results(hctx, NULL) ?: ""; if (verbose > 0) { fprintf(stderr, "result = \"%s\"\n", result); } switch (op) { case op_submit_csr: case op_submit_serial: cm_submit_d_submit_result(hctx, result, &error_code, &error_reason, &error, &status, &requestId, &cert); if (error_code != NULL) { printf("error code: %s\n", error_code); } if (error_reason != NULL) { printf("error reason: %s\n", error_reason); } if (error != NULL) { printf("error: %s\n", error); } if (status != NULL) { printf("status: %s\n", status); } if (requestId != NULL) { printf("requestId: %s\n", requestId); } if (cert != NULL) { printf("cert: %s\n", cert); } break; case op_reject: cm_submit_d_reject_result(hctx, result, &error_code, &error_reason, &error, &status, &requestId); if (error_code != NULL) { printf("error code: %s\n", error_code); } if (error_reason != NULL) { printf("error reason: %s\n", error_reason); } if (error != NULL) { printf("error: %s\n", error); } if (status != NULL) { printf("status: %s\n", status); } if (requestId != NULL) { printf("requestId: %s\n", requestId); } break; case op_review: defaults = cm_submit_d_xml_defaults(hctx, result); for (i = 0; (defaults != NULL) && (defaults[i] != NULL) && (defaults[i]->name != NULL) && (defaults[i]->value != NULL); i++) { p = cm_submit_u_url_encode(defaults[i]->name); q = cm_submit_u_url_encode(defaults[i]->value); if ((p != NULL) && (q != NULL)) { printf("default: %s=%s\n", p, q); } } free(defaults); cm_submit_d_approve_result(hctx, result, &error_code, &error_reason, &error, &status, &requestId); if (error_code != NULL) { printf("error code: %s\n", error_code); } if (error_reason != NULL) { printf("error reason: %s\n", error_reason); } if (error != NULL) { printf("error: %s\n", error); } if (status != NULL) { printf("status: %s\n", status); } if (requestId != NULL) { printf("requestId: %s\n", requestId); } break; case op_approve: if ((defaults == NULL) && (specified_values == NULL)) { /* ask for defaults */ defaults = cm_submit_d_xml_defaults(hctx, result); if (defaults == NULL) { defaults = nodefault; } goto restart; } else { cm_submit_d_approve_result(hctx, result, &error_code, &error_reason, &error, &status, &requestId); if (error_code != NULL) { printf("error code: %s\n", error_code); } if (error_reason != NULL) { printf("error reason: %s\n", error_reason); } if (error != NULL) { printf("error: %s\n", error); } if (status != NULL) { printf("status: %s\n", status); } if (requestId != NULL) { printf("requestId: %s\n", requestId); } } break; case op_check: cm_submit_d_check_result(hctx, result, &error_code, &error_reason, &error, &status, &requestId); if (error_code != NULL) { printf("error code: %s\n", error_code); } if (error_reason != NULL) { printf("error reason: %s\n", error_reason); } if (error != NULL) { printf("error: %s\n", error); } if (status != NULL) { printf("status: %s\n", status); } if (requestId != NULL) { printf("requestId: %s\n", requestId); } break; case op_fetch: cm_submit_d_fetch_result(hctx, result, &error_code, &error_reason, &error, &status, &requestId, &cert); if (error_code != NULL) { printf("error code: %s\n", error_code); } if (error_reason != NULL) { printf("error reason: %s\n", error_reason); } if (error != NULL) { printf("error: %s\n", error); } if (status != NULL) { printf("status: %s\n", status); } if (requestId != NULL) { printf("requestId: %s\n", requestId); } if (cert != NULL) { printf("cert: %s\n", cert); } break; case op_none: /* never reached */ break; } return 0; } #endif certmonger-0.79.19/src/submit-d.h0000644000175000017500000001021014511314133016110 0ustar gitgit00000000000000/* * Copyright (C) 2010,2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmitd_h #define cmsubmitd_h #define HTTP_METHOD_GET "GET" #define HTTP_METHOD_POST "POST" #define DOGTAG_PROFILE_SUBMIT_METHOD HTTP_METHOD_POST #define DOGTAG_PROFILE_SUBMIT_RESOURCE "profileSubmit" #define DOGTAG_PROFILE_SUBMIT_AGENT_RESOURCE "profileSubmitSSLClient" #define DOGTAG_PROFILE_REVIEW_METHOD HTTP_METHOD_GET #define DOGTAG_PROFILE_REVIEW_RESOURCE "profileReview" #define DOGTAG_PROFILE_PROCESS_METHOD HTTP_METHOD_POST #define DOGTAG_PROFILE_PROCESS_RESOURCE "profileProcess" #define DOGTAG_PROFILE_LIST_METHOD HTTP_METHOD_GET #define DOGTAG_PROFILE_LIST_RESOURCE "profileList" #define DOGTAG_CHECK_REQUEST_METHOD HTTP_METHOD_GET #define DOGTAG_CHECK_REQUEST_RESOURCE "checkRequest" #define DOGTAG_DISPLAY_CERT_METHOD HTTP_METHOD_GET #define DOGTAG_DISPLAY_CERT_RESOURCE "displayCertFromRequest" int cm_submit_d_submit_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId, char **cert); int cm_submit_d_check_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId); int cm_submit_d_reject_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId); int cm_submit_d_review_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId); int cm_submit_d_approve_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId); int cm_submit_d_fetch_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char **requestId, char **cert); int cm_submit_d_profiles_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, char ***profiles); enum cm_external_status cm_submit_d_submit_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); enum cm_external_status cm_submit_d_check_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); enum cm_external_status cm_submit_d_reject_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); enum cm_external_status cm_submit_d_review_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); enum cm_external_status cm_submit_d_approve_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); enum cm_external_status cm_submit_d_fetch_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); enum cm_external_status cm_submit_d_profiles_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err); struct dogtag_default { enum { dogtag_none, dogtag_boolean, dogtag_int, dogtag_choice, dogtag_string, dogtag_string_list, dogtag_unknown } syntax; char *name; char *value; }; struct dogtag_default **cm_submit_d_xml_defaults(void *parent, const char *xml); #endif certmonger-0.79.19/src/submit-e.c0000644000175000017500000010116514511314133016116 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2013,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include "env.h" #include "json.h" #include "log.h" #include "pkcs7.h" #include "store.h" #include "store-int.h" #include "submit.h" #include "submit-e.h" #include "submit-int.h" #include "submit-u.h" #include "subproc.h" #define CM_SUBMIT_E_CERTIFICATE "certificate" #define CM_SUBMIT_E_NICKNAME "nickname" #define CM_SUBMIT_E_ROOTS "roots" #define CM_SUBMIT_E_CHAIN "chain" struct cm_submit_external_state { enum cm_submit_external_phase { running_helper, postprocessing, } phase; struct cm_store_ca *ca; struct cm_store_entry *entry; const char *msg; int msg_length; }; static int cm_submit_e_postprocess_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata); /* Clean up a cookie value in a way that's compatible with what happens when we * save and then reload an entry: if the value fits on a single line (whether * or not it ends with a newline), we strip the newline off of the end. * Otherwise we strip out blank lines and make sure they end with a single * character. */ static char * sanitize_cookie(void *parent, const char *value) { const char *p, *q; char *ret; p = value + strcspn(value, "\r\n"); ret = talloc_strndup(parent, value, p - value); if (ret != NULL) { if (*p == '\r') { p++; } if (*p == '\n') { p++; } if (*p != '\0') { ret = talloc_strdup_append(ret, "\n"); } while (*p != '\0') { q = p + strcspn(p, "\r\n"); ret = talloc_asprintf_append(ret, "%.*s\n", (int) (q - p), p); if (*q == '\r') { q++; } if (*q == '\n') { q++; } if (p == q) { break; } p = q; } } return ret; } /* Try to save a CA-specific identifier for our submitted request. That is, if * it even gave us one. */ static int cm_submit_e_save_ca_cookie(struct cm_submit_state *state) { int status; long delay; const char *msg; char *p; talloc_free(state->entry->cm_ca_cookie); state->entry->cm_ca_cookie = NULL; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && ((WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT) || (WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT_WITH_DELAY))) { msg = cm_subproc_get_msg(state->subproc, NULL); if ((msg != NULL) && (strlen(msg) > 0)) { if (WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT_WITH_DELAY) { /* Pull off the first line. */ delay = strtol(msg, &p, 10); if ((p == NULL) || (strchr("\r\n", *p) == NULL)) { cm_log(1, "Error parsing result: %s.\n", msg); return -1; } state->delay = delay; msg = p + strspn(p, "\r\n"); } state->entry->cm_ca_cookie = sanitize_cookie(state->entry, msg); if (state->entry->cm_ca_cookie == NULL) { cm_log(1, "Out of memory.\n"); return -ENOMEM; } cm_log(1, "Saved cookie \"%s\".\n", state->entry->cm_ca_cookie); return 0; } else { cm_log(1, "No cookie.\n"); return -1; } } return -1; } /* Check if an attempt to submit the CSR has completed. */ static int cm_submit_e_ready(struct cm_submit_state *state) { int status, ready, length; const char *msg; char *tmp; struct cm_submit_external_state *estate; struct cm_subproc_state *subproc; estate = state->reserved; ready = cm_subproc_ready(state->subproc); switch (ready) { case 0: status = cm_subproc_get_exitstatus(state->subproc); switch (estate->phase) { case running_helper: cm_log(1, "Certificate submission attempt complete.\n"); if (WIFEXITED(status)) { cm_log(1, "Child status = %d.\n", WEXITSTATUS(status)); msg = cm_subproc_get_msg(state->subproc, &length); if ((msg != NULL) && (length > 0)) { cm_log(1, "Child output:\n\"%.*s\"\n", length, msg); /* If it's a single line, assume it's * log-worthy unless the code is all we * care about. */ if (strcspn(msg, "\n") >= (strlen(msg) - 2)) { switch (WEXITSTATUS(status)) { case CM_SUBMIT_STATUS_ISSUED: case CM_SUBMIT_STATUS_WAIT: case CM_SUBMIT_STATUS_WAIT_WITH_DELAY: case CM_SUB_STATUS_NEED_SCEP_DATA: break; default: cm_log(0, "%s", msg); break; } } /* If it was an error, save it. */ if ((WEXITSTATUS(status) == CM_SUBMIT_STATUS_ISSUED) || (WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT) || (WEXITSTATUS(status) == CM_SUBMIT_STATUS_WAIT_WITH_DELAY)) { /* Clear any old error messages. */ talloc_free(state->entry->cm_ca_error); state->entry->cm_ca_error = NULL; } else { /* Save the new error message. */ talloc_free(state->entry->cm_ca_error); state->entry->cm_ca_error = talloc_strndup(state->entry, msg, strcspn(msg, "\r\n")); } /* Save the output for processing later. */ tmp = talloc_size(estate, length + 1); if (tmp != NULL) { memcpy(tmp, msg, length); tmp[length] = '\0'; estate->msg_length = length; } estate->msg = tmp; /* Now launch the postprocessing step, * if we've got data to process. */ if (WEXITSTATUS(status) == CM_SUBMIT_STATUS_ISSUED) { subproc = cm_subproc_start(cm_submit_e_postprocess_main, state, estate->ca, estate->entry, estate); if (subproc != NULL) { cm_subproc_done(state->subproc); state->subproc = subproc; estate->phase = postprocessing; return -1; } } } return 0; } else { cm_log(1, "Child exited unexpectedly.\n"); return 0; } break; case postprocessing: cm_log(1, "Certificate submission postprocessing complete.\n"); if (WIFEXITED(status)) { cm_log(1, "Child status = %d.\n", WEXITSTATUS(status)); msg = cm_subproc_get_msg(state->subproc, &length); /* Clear intermediate output. */ estate->msg = NULL; estate->msg_length = 0; /* If we got output from the child, save it. */ if ((msg != NULL) && (length > 0)) { /* If it was an error, save it. */ if (WEXITSTATUS(status) == 0) { /* Save the output for processing later. */ cm_log(1, "Child output:\n\"%.*s\"\n", length, msg); tmp = talloc_size(estate, length + 1); if (tmp != NULL) { memcpy(tmp, msg, length); tmp[length] = '\0'; estate->msg_length = length; } estate->msg = tmp; } else{ cm_log(1, "Exit status was %d.\n", WEXITSTATUS(status)); } } return 0; } else { cm_log(1, "Child exited unexpectedly.\n"); return 0; } break; } /* Shouldn't ever get here. */ abort(); return 0; break; default: cm_log(1, "Certificate submission still ongoing.\n"); return -1; break; } } /* Check if the certificate was issued. If the exit status was 0, it was * issued. */ static int cm_submit_e_issued(struct cm_submit_state *state) { struct cm_json *json, *cert, *chain, *roots, *val, *nick; const char *msg, *k, *eom = NULL; struct cm_submit_external_state *estate; struct cm_nickcert **nickcerts, *nickcert; ssize_t i, j; int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != CM_SUBMIT_STATUS_ISSUED)) { cm_log(1, "Certificate not (yet?) issued.\n"); return -1; } estate = state->reserved; msg = estate->msg; if (msg != NULL) { if ((cm_json_decode(state, msg, -1, &json, &eom) != 0) || (*eom != '\0')) { cm_log(1, "Error parsing child output as JSON.\n"); return -1; } } else { json = NULL; } if ((json == NULL) || (cm_json_get(json, CM_SUBMIT_E_CERTIFICATE) == NULL)) { cm_log(1, "No issued certificate read.\n"); return -1; } talloc_free(state->entry->cm_cert); state->entry->cm_cert = NULL; cert = cm_json_get(json, CM_SUBMIT_E_CERTIFICATE); if (cm_json_type(cert) != cm_json_type_string) { cm_log(1, "Error parsing child output as JSON.\n"); return -1; } state->entry->cm_cert = talloc_strdup(state->entry, cm_json_string(cert, NULL)); cm_log(1, "Issued certificate is \"%s\".\n", state->entry->cm_cert); talloc_free(state->entry->cm_cert_chain); state->entry->cm_cert_chain = NULL; chain = cm_json_get(json, CM_SUBMIT_E_CHAIN); if (cm_json_type(chain) == cm_json_type_array) { nickcerts = talloc_array_ptrtype(state->entry, nickcerts, cm_json_array_size(chain) + 1); for (i = 0, j = 0; i < cm_json_array_size(chain); i++) { cert = cm_json_n(chain, i); if (cm_json_type(cert) != cm_json_type_object) { continue; } val = cm_json_get(cert, CM_SUBMIT_E_CERTIFICATE); if ((val == NULL) || (cm_json_type(val) != cm_json_type_string)) { continue; } nick = cm_json_get(cert, CM_SUBMIT_E_NICKNAME); if ((nick == NULL) || (cm_json_type(nick) != cm_json_type_string)) { continue; } nickcert = talloc_zero(nickcerts, struct cm_nickcert); k = cm_json_string(nick, NULL); nickcert->cm_nickname = talloc_strdup(nickcert, k); k = cm_json_string(val, NULL); nickcert->cm_cert = talloc_strdup(nickcert, k); nickcerts[j++] = nickcert; } nickcerts[j] = NULL; state->entry->cm_cert_chain = nickcerts; } talloc_free(state->entry->cm_cert_roots); state->entry->cm_cert_roots = NULL; roots = cm_json_get(json, CM_SUBMIT_E_ROOTS); if (cm_json_type(roots) == cm_json_type_array) { nickcerts = talloc_array_ptrtype(state->entry, nickcerts, cm_json_array_size(roots) + 1); for (i = 0, j = 0; i < cm_json_array_size(roots); i++) { cert = cm_json_n(roots, i); if (cm_json_type(cert) != cm_json_type_object) { continue; } val = cm_json_get(cert, CM_SUBMIT_E_CERTIFICATE); if ((val == NULL) || (cm_json_type(val) != cm_json_type_string)) { continue; } nick = cm_json_get(cert, CM_SUBMIT_E_NICKNAME); if ((nick == NULL) || (cm_json_type(nick) != cm_json_type_string)) { continue; } nickcert = talloc_zero(nickcerts, struct cm_nickcert); k = cm_json_string(nick, NULL); nickcert->cm_nickname = talloc_strdup(nickcert, k); k = cm_json_string(val, NULL); nickcert->cm_cert = talloc_strdup(nickcert, k); nickcerts[j++] = nickcert; } nickcerts[j] = NULL; state->entry->cm_cert_roots = nickcerts; } cm_log(1, "Certificate issued (%ld chain certificates, %ld roots).\n", cm_json_array_size(chain) > 0 ? (long) cm_json_array_size(chain) : 0, cm_json_array_size(roots) > 0 ? (long) cm_json_array_size(roots) : 0); return 0; } /* Check if the submission helper can't request certificates. */ static int cm_submit_e_unsupported(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED)) { return 0; } return -1; } /* Check if the submission helper is just unconfigured. */ static int cm_submit_e_unconfigured(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_UNCONFIGURED)) { return 0; } return -1; } /* Check if the certificate request was rejected. */ static int cm_submit_e_rejected(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_REJECTED)) { return 0; } return -1; } /* Check if we need SCEP data for this helper. */ static int cm_submit_e_need_scep_messages(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES)) { return 0; } return -1; } /* Check if the CA says we need to use a new public key. */ static int cm_submit_e_need_rekey(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_NEED_REKEY)) { return 0; } return -1; } /* Check if the CA was unreachable. If the exit status was right, then we * never actually talked to the CA. */ static int cm_submit_e_unreachable(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (WIFEXITED(status) && (WEXITSTATUS(status) == CM_SUBMIT_STATUS_UNREACHABLE)) { return 0; } return -1; } /* Done talking to the CA; clean up. */ static void cm_submit_e_done(struct cm_submit_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Dig the SubjectPublicKeyInfo out of the certificate, and return it * hex-encoded, as we do when we're reading key information, so that we can * easily compare it to values obtained from there. */ static char * cm_submit_e_get_spki(void *parent, const char *pem) { X509 *x = NULL; BIO *in; unsigned char *pubkey, *p; char *wpem, *ret = NULL; int pubkey_len; wpem = talloc_strdup(parent, pem); if (wpem != NULL) { in = BIO_new_mem_buf(wpem, -1); if (in != NULL) { x = PEM_read_bio_X509(in, NULL, NULL, NULL); BIO_free(in); } } if (x != NULL) { pubkey_len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL); if (pubkey_len > 0) { pubkey = talloc_size(wpem, pubkey_len); if (pubkey != NULL) { p = pubkey; i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &p); ret = cm_store_hex_from_bin(parent, pubkey, pubkey_len); } } X509_free(x); } talloc_free(wpem); return ret; } /* Attempt to postprocess the helper output, breaking up PKCS#7 signed data * blobs into certificates, decrypting PKCS#7 enveloped data, and making a few * sanity checks. */ static int cm_submit_e_postprocess_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_submit_external_state *estate = userdata; struct cm_json *msg, *json, *chain, *roots, *tmp, *cert, *val, *nick; char *leaf = NULL, *top = NULL, **others = NULL, *encoded, *spki; const char *eom = NULL, *nickname, *p; const unsigned char *u; char *toproot = NULL, *leafroot = NULL, **otherroots = NULL; char *nthnick; ssize_t length; int i, j; FILE *status; void (*decrypt)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length) = NULL; struct cm_submit_decrypt_envelope_args decrypt_args; status = fdopen(fd, "w"); if (status == NULL) { cm_log(1, "Internal error.\n"); _exit(errno); } cm_log(1, "Postprocessing output \"%.*s\".\n", estate->msg_length, estate->msg); switch (entry->cm_key_storage_type) { case cm_key_storage_none: decrypt = NULL; break; case cm_key_storage_file: decrypt = &cm_submit_o_decrypt_envelope; break; case cm_key_storage_nssdb: decrypt = &cm_submit_n_decrypt_envelope; break; } memset(&decrypt_args, 0, sizeof(decrypt_args)); decrypt_args.ca = ca; decrypt_args.entry = entry; /* If we can't decode it as JSON, decode it as basic data. */ if ((cm_json_decode(estate, estate->msg, estate->msg_length, &msg, &eom) != 0) || (eom != estate->msg + estate->msg_length)) { /* Data is one or more certificates and PKCS#7 bundles, * probably in PEM format, or if there's only one, possibly in * DER format. Take it apart and build a JSON structure out of * it to mimic an incoming message. */ i = cm_pkcs7_parse(0, estate, &leaf, &top, &others, decrypt, &decrypt_args, (const unsigned char *) estate->msg, estate->msg_length, NULL); msg = cm_json_new_object(estate); chain = cm_json_new_array(msg); if (i == 0) { if (leaf != NULL) { cert = cm_json_new_string(msg, leaf, -1); cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert); } for (i = 0; (others != NULL) && (others[i] != NULL); i++) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, others[i], -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "chain #%d", i + 1); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } if (top!= NULL) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, top, -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "chain #%d", i + 1); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } if (cm_json_array_size(chain) > 0) { cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain); } } } /* Get ready to build an output message. */ json = cm_json_new_object(entry); roots = cm_json_new_array(json); chain = cm_json_new_array(json); /* Data is a JSON object, with a "certificate" PEM string, and possibly * "chain" and "roots" arrays containing objects which are * nickname/string sets. Parse out the certificate, keeping the leaf * node as the certificate, relegating the rest to the chain list. */ cert = cm_json_get(msg, CM_SUBMIT_E_CERTIFICATE); u = (const unsigned char *) cm_json_string(cert, &length); i = cm_pkcs7_parse(0, estate, &leaf, &top, &others, NULL, NULL, u, length, NULL); if (i == 0) { if (leaf != NULL) { cert = cm_json_new_string(json, leaf, -1); cm_json_set(json, CM_SUBMIT_E_CERTIFICATE, cert); } for (i = 0; (others != NULL) && (others[i] != NULL); i++) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, others[i], -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "chain #0.%d", i + 1); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } if (top!= NULL) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, top, -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "chain #0.%d", i + 1); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } } /* Now look at each item in the roots list. */ tmp = cm_json_get(msg, CM_SUBMIT_E_ROOTS); for (i = 0; i < cm_json_array_size(tmp); i++) { cert = cm_json_n(tmp, i); if (cm_json_type(cert) != cm_json_type_object) { continue; } /* Pull the root certificate, or whatever it is. */ val = cm_json_get(cert, CM_SUBMIT_E_CERTIFICATE); if ((val == NULL) || (cm_json_type(val) != cm_json_type_string)) { continue; } /* Read the nickname, or provide a default. */ nick = cm_json_get(cert, CM_SUBMIT_E_NICKNAME); if ((nick == NULL) || (cm_json_type(nick) != cm_json_type_string)) { p = talloc_asprintf(cert, "root #%d", i + 1); nick = cm_json_new_string(roots, p, -1); } nickname = cm_json_string(nick, NULL); /* Let the parser at it. */ u = (const unsigned char *) cm_json_string(val, &length); j = cm_pkcs7_parse(0, estate, &leafroot, &toproot, &otherroots, NULL, NULL, u, length, NULL); if (j == 0) { if (leafroot != NULL) { cert = cm_json_new_object(roots); val = cm_json_new_string(cert, leafroot, -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nick = cm_json_new_string(cert, nickname, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(roots, cert); } for (j = 0; (otherroots != NULL) && (otherroots[j] != NULL); j++) { cert = cm_json_new_object(roots); val = cm_json_new_string(cert, otherroots[i], -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "%s #%d", nickname, j + 2); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(roots, cert); } if (toproot != NULL) { cert = cm_json_new_object(roots); val = cm_json_new_string(cert, toproot, -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "%s #%d", nickname, j + 2); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(roots, cert); } } } /* Now do the same for any chain certificates. */ tmp = cm_json_get(msg, CM_SUBMIT_E_CHAIN); for (i = 0; i < cm_json_array_size(tmp); i++) { cert = cm_json_n(tmp, i); if (cm_json_type(cert) != cm_json_type_object) { continue; } /* Pull the chain certificate, or whatever it is. */ val = cm_json_get(cert, CM_SUBMIT_E_CERTIFICATE); if ((val == NULL) || (cm_json_type(val) != cm_json_type_string)) { continue; } /* Read the nickname, or provide a default. */ nick = cm_json_get(cert, CM_SUBMIT_E_NICKNAME); if ((nick == NULL) || (cm_json_type(nick) != cm_json_type_string)) { p = talloc_asprintf(cert, "chain #%d", i + 1); nick = cm_json_new_string(chain, p, -1); } nickname = cm_json_string(nick, NULL); /* Let the parser at it. */ u = (const unsigned char *) cm_json_string(val, &length); j = cm_pkcs7_parse(0, estate, &leafroot, &toproot, &otherroots, NULL, NULL, u, length, NULL); if (j == 0) { if (leafroot != NULL) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, leafroot, -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nick = cm_json_new_string(cert, nickname, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } for (j = 0; (otherroots != NULL) && (otherroots[j] != NULL); j++) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, otherroots[i], -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "%s #%d", nickname, j + 2); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } if (toproot != NULL) { cert = cm_json_new_object(chain); val = cm_json_new_string(cert, toproot, -1); cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val); nthnick = talloc_asprintf(cert, "%s #%d", nickname, j + 2); nick = cm_json_new_string(cert, nthnick, -1); cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick); cm_json_append(chain, cert); } } } /* and put the lists into the final document. */ if (cm_json_array_size(chain) > 0) { cm_json_set(json, CM_SUBMIT_E_CHAIN, chain); } if (cm_json_array_size(roots) > 0) { cm_json_set(json, CM_SUBMIT_E_ROOTS, roots); } /* Provide some indications about the key. */ spki = cm_submit_e_get_spki(json, leaf); if (spki != NULL) { if ((entry->cm_key_next_pubkey_info != NULL) && (strlen(entry->cm_key_next_pubkey_info) > 0)) { if (strcmp(spki, entry->cm_key_pubkey_info) == 0) { /* We were issued a certificate * containing a the OLD pubkey. */ cm_json_set(json, "key_reused", cm_json_new_boolean(json, 1)); } else if ((strcmp(spki, entry->cm_key_next_pubkey_info) != 0)) { /* We were issued a certificate * containing a pubkey different from * one we asked to be signed. */ cm_json_set(json, "key_mismatch", cm_json_new_boolean(json, 1)); } else { cm_json_set(json, "key_checked", cm_json_new_boolean(json, 1)); } } else { if ((strcmp(spki, entry->cm_key_pubkey_info) != 0)) { /* We were issued a certificate * containing a pubkey different from * one we asked to be signed. */ cm_json_set(json, "key_mismatch", cm_json_new_boolean(json, 1)); } else { cm_json_set(json, "key_checked", cm_json_new_boolean(json, 1)); } } } else { cm_log(3, "Error retrieving SPKI from certificate.\n"); } encoded = cm_json_encode(entry, json); fprintf(status, "%s\n", encoded); fflush(status); _exit(0); } /* Attempt to exec the helper. */ struct cm_submit_e_helper_args { int error_fd; const char *spki, *operation; }; static int maybe_setenv(const char *var, const char *val) { if ((var == NULL) || (val == NULL) || (strlen(val) == 0)) { return -1; } cm_log(2, "Setting \"%s\" to \"%s\" for child.\n", var, val); return setenv(var, val, 1); } static int cm_submit_e_helper_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { struct cm_submit_e_helper_args *args = userdata; char **argv; const char *error, *key_type; unsigned char u; maybe_setenv(CM_SUBMIT_REQ_SUBJECT_ENV, entry->cm_template_subject); maybe_setenv(CM_SUBMIT_REQ_EMAIL_ENV, cm_submit_maybe_joinv(NULL, "\n", entry->cm_template_email)); maybe_setenv(CM_SUBMIT_REQ_HOSTNAME_ENV, cm_submit_maybe_joinv(NULL, "\n", entry->cm_template_hostname)); maybe_setenv(CM_SUBMIT_REQ_PRINCIPAL_ENV, cm_submit_maybe_joinv(NULL, "\n", entry->cm_template_principal)); maybe_setenv(CM_SUBMIT_OPERATION_ENV, args->operation); maybe_setenv(CM_SUBMIT_CSR_ENV, entry->cm_csr); maybe_setenv(CM_SUBMIT_SPKAC_ENV, entry->cm_spkac); maybe_setenv(CM_SUBMIT_SPKI_ENV, args->spki); maybe_setenv(CM_STORE_LOCAL_CA_DIRECTORY_ENV, cm_env_local_ca_dir()); key_type = NULL; switch (entry->cm_key_type.cm_key_algorithm) { case cm_key_rsa: key_type = "RSA"; break; #ifdef CM_ENABLE_DSA case cm_key_dsa: key_type = "DSA"; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: key_type = "EC"; break; #endif case cm_key_unspecified: key_type = NULL; break; } maybe_setenv(CM_SUBMIT_KEY_TYPE_ENV, key_type); maybe_setenv(CM_SUBMIT_COOKIE_ENV, entry->cm_ca_cookie); maybe_setenv(CM_SUBMIT_CA_NICKNAME_ENV, entry->cm_ca_nickname); maybe_setenv(CM_SUBMIT_PROFILE_ENV, entry->cm_template_profile); maybe_setenv(CM_SUBMIT_ISSUER_ENV, entry->cm_template_issuer); maybe_setenv(CM_SUBMIT_CERTIFICATE_ENV, entry->cm_cert); /* Only pass SCEP data to the helper if we haven't used this set of * nonced data before. It'll ask for fresh data if it needs it. */ maybe_setenv(CM_SUBMIT_SCEP_CA_IDENTIFIER_ENV, ca->cm_ca_scep_ca_identifier); maybe_setenv(CM_SUBMIT_SCEP_RA_CERTIFICATE_ENV, ca->cm_ca_encryption_cert); maybe_setenv(CM_SUBMIT_SCEP_CA_CERTIFICATE_ENV, ca->cm_ca_encryption_issuer_cert); maybe_setenv(CM_SUBMIT_SCEP_CERTIFICATES_ENV, ca->cm_ca_encryption_cert_pool); if ((entry->cm_scep_last_nonce == NULL) || (entry->cm_scep_nonce == NULL) || (strcmp(entry->cm_scep_last_nonce, entry->cm_scep_nonce) != 0)) { maybe_setenv(CM_SUBMIT_SCEP_PKCSREQ_ENV, entry->cm_scep_req); maybe_setenv(CM_SUBMIT_SCEP_GETCERTINITIAL_ENV, entry->cm_scep_gic); maybe_setenv(CM_SUBMIT_SCEP_PKCSREQ_REKEY_ENV, entry->cm_scep_req_next); maybe_setenv(CM_SUBMIT_SCEP_GETCERTINITIAL_REKEY_ENV, entry->cm_scep_gic_next); } maybe_setenv(CM_SUBMIT_REQ_IP_ADDRESS_ENV, cm_submit_maybe_joinv(NULL, "\n", entry->cm_template_ipaddress)); if (dup2(fd, STDOUT_FILENO) == -1) { u = errno; cm_log(1, "Error redirecting standard out for " "enrollment helper: %s.\n", strerror(errno)); if (write(args->error_fd, &u, 1) != 1) { cm_log(1, "Error sending error result to parent.\n"); } return u; } error = NULL; argv = cm_subproc_parse_args(ca, ca->cm_ca_external_helper, &error); if (argv == NULL) { if (error != NULL) { cm_log(0, "Error parsing \"%s\": %s.\n", ca->cm_ca_external_helper, error); } else { cm_log(0, "Error parsing \"%s\".\n", ca->cm_ca_external_helper); } return -1; } cm_log(2, "Redirecting stdin to /dev/null, leaving stdout and stderr open for child \"%s\".\n", argv[0]); cm_subproc_mark_most_cloexec(STDOUT_FILENO, STDERR_FILENO, -1); cm_log(1, "Running enrollment helper \"%s\".\n", argv[0]); execvp(argv[0], argv); u = errno; if (write(args->error_fd, &u, 1) != 1) { cm_log(1, "Error sending error result to parent.\n"); } return u; } /* Start CSR submission using parameters stored in the entry. */ static struct cm_submit_state * cm_submit_e_start_or_resume(struct cm_store_ca *ca, struct cm_store_entry *entry, const char *spki, const char *operation) { int errorfds[2], nread; unsigned char u; struct cm_submit_state *state; struct cm_submit_external_state *estate; struct cm_submit_e_helper_args args; state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->entry = entry; state->save_ca_cookie = cm_submit_e_save_ca_cookie; state->ready = cm_submit_e_ready; state->issued = cm_submit_e_issued; state->rejected = cm_submit_e_rejected; state->need_scep_messages = cm_submit_e_need_scep_messages; state->need_rekey = cm_submit_e_need_rekey; state->unreachable = cm_submit_e_unreachable; state->unconfigured = cm_submit_e_unconfigured; state->unsupported = cm_submit_e_unsupported; state->done = cm_submit_e_done; state->delay = -1; estate = talloc_ptrtype(state, estate); if (estate == NULL) { talloc_free(state); return NULL; } memset(estate, 0, sizeof(*estate)); estate->phase = running_helper; estate->ca = ca; estate->entry = entry; state->reserved = estate; if (pipe(errorfds) != -1) { if (fcntl(errorfds[1], F_SETFD, 1L) == -1) { close(errorfds[0]); close(errorfds[1]); cm_log(-1, "Unexpected error while " "starting helper \"%s\".", ca->cm_ca_external_helper); cm_subproc_done(state->subproc); talloc_free(state); state = NULL; } else { args.error_fd = errorfds[1]; args.spki = spki; args.operation = operation; state->subproc = cm_subproc_start(cm_submit_e_helper_main, state, ca, entry, &args); close(errorfds[1]); if (state->subproc == NULL) { talloc_free(state); state = NULL; } else { nread = read(errorfds[0], &u, 1); switch (nread) { case 0: /* no data = kernel * closed-on-exec, so the * helper started */ break; case -1: /* huh? */ cm_log(-1, "Unexpected error " "while starting helper " "\"%s\".\n", ca->cm_ca_external_helper); cm_subproc_done(state->subproc); talloc_free(state); state = NULL; break; case 1: default: cm_log(-1, "Error while starting " "helper \"%s\": %s.\n", ca->cm_ca_external_helper, strerror(u)); cm_subproc_done(state->subproc); talloc_free(state); state = NULL; break; } } close(errorfds[0]); } } } return state; } /* Start CSR submission using parameters stored in the entry. */ struct cm_submit_state * cm_submit_e_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { struct cm_submit_state *ret; char *spki = NULL; if (entry->cm_key_pubkey_info != NULL) { spki = cm_store_base64_from_hex(entry, entry->cm_key_pubkey_info); } if ((entry->cm_ca_cookie != NULL) && (strlen(entry->cm_ca_cookie) > 0)) { ret = cm_submit_e_start_or_resume(ca, entry, spki, "POLL"); } else { ret = cm_submit_e_start_or_resume(ca, entry, spki, "SUBMIT"); if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { entry->cm_key_next_requested_count++; } else { entry->cm_key_requested_count++; } } if (spki != NULL) { talloc_free(spki); } return ret; } const char * cm_submit_e_status_text(enum cm_external_status status) { switch (status) { case CM_SUBMIT_STATUS_ISSUED: return "ISSUED"; case CM_SUBMIT_STATUS_WAIT: return "WAIT"; case CM_SUBMIT_STATUS_REJECTED: return "REJECTED"; case CM_SUBMIT_STATUS_UNREACHABLE: return "UNREACHABLE"; case CM_SUBMIT_STATUS_UNCONFIGURED: return "UNCONFIGURED"; case CM_SUBMIT_STATUS_WAIT_WITH_DELAY: return "WAIT_WITH_DELAY"; case CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED: return "OPERATION_NOT_SUPPORTED_BY_HELPER"; case CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES: return "NEED_SCEP_MESSAGES"; case CM_SUBMIT_STATUS_NEED_REKEY: return "NEED_REKEY"; } return "(unknown)"; } certmonger-0.79.19/src/submit-e.h0000644000175000017500000000624514511314133016126 0ustar gitgit00000000000000/* * Copyright (C) 2009,2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmite_h #define cmsubmite_h #define CM_DOGTAG_IPA_RENEW_AGENT_CA_NAME "dogtag-ipa-renew-agent" #define CM_DOGTAG_IPA_RENEW_AGENT_HELPER_PATH \ CM_DEFAULT_HELPER_PATH "/dogtag-ipa-renew-agent-submit" enum cm_external_status { CM_SUBMIT_STATUS_ISSUED = 0, CM_SUBMIT_STATUS_WAIT = 1, CM_SUBMIT_STATUS_REJECTED = 2, CM_SUBMIT_STATUS_UNREACHABLE = 3, CM_SUBMIT_STATUS_UNCONFIGURED = 4, CM_SUBMIT_STATUS_WAIT_WITH_DELAY = 5, CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED = 6, CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES = 16, CM_SUBMIT_STATUS_NEED_REKEY = 17, }; const char *cm_submit_e_status_text(enum cm_external_status status); #define CM_SUBMIT_REQ_SUBJECT_ENV "CERTMONGER_REQ_SUBJECT" #define CM_SUBMIT_REQ_HOSTNAME_ENV "CERTMONGER_REQ_HOSTNAME" #define CM_SUBMIT_REQ_PRINCIPAL_ENV "CERTMONGER_REQ_PRINCIPAL" #define CM_SUBMIT_REQ_EMAIL_ENV "CERTMONGER_REQ_EMAIL" #define CM_SUBMIT_REQ_IP_ADDRESS_ENV "CERTMONGER_REQ_IP_ADDRESS" #define CM_SUBMIT_OPERATION_ENV "CERTMONGER_OPERATION" #define CM_SUBMIT_CSR_ENV "CERTMONGER_CSR" #define CM_SUBMIT_SPKAC_ENV "CERTMONGER_SPKAC" #define CM_SUBMIT_SPKI_ENV "CERTMONGER_SPKI" #define CM_SUBMIT_KEY_TYPE_ENV "CERTMONGER_KEY_TYPE" #define CM_SUBMIT_COOKIE_ENV "CERTMONGER_CA_COOKIE" #define CM_SUBMIT_CA_NICKNAME_ENV "CERTMONGER_CA_NICKNAME" #define CM_SUBMIT_PROFILE_ENV "CERTMONGER_CA_PROFILE" #define CM_SUBMIT_ISSUER_ENV "CERTMONGER_CA_ISSUER" #define CM_SUBMIT_CERTIFICATE_ENV "CERTMONGER_CERTIFICATE" #define CM_SUBMIT_SCEP_CA_IDENTIFIER_ENV "CERTMONGER_SCEP_CA_IDENTIFIER" #define CM_SUBMIT_SCEP_RA_CERTIFICATE_ENV "CERTMONGER_SCEP_RA_CERTIFICATE" #define CM_SUBMIT_SCEP_CA_CERTIFICATE_ENV "CERTMONGER_SCEP_CA_CERTIFICATE" #define CM_SUBMIT_SCEP_CERTIFICATES_ENV "CERTMONGER_SCEP_CERTIFICATES" #define CM_SUBMIT_SCEP_PKCSREQ_ENV "CERTMONGER_PKCSREQ" #define CM_SUBMIT_SCEP_PKCSREQ_REKEY_ENV "CERTMONGER_PKCSREQ_REKEY" #define CM_SUBMIT_SCEP_GETCERTINITIAL_ENV "CERTMONGER_GETCERTINITIAL" #define CM_SUBMIT_SCEP_GETCERTINITIAL_REKEY_ENV "CERTMONGER_GETCERTINITIAL_REKEY" #define CM_OP_SUBMIT "SUBMIT" #define CM_OP_POLL "POLL" #define CM_OP_IDENTIFY "IDENTIFY" #define CM_OP_FETCH_ROOTS "FETCH-ROOTS" #define CM_OP_FETCH_PROFILES "GET-SUPPORTED-TEMPLATES" #define CM_OP_FETCH_DEFAULT_PROFILE "GET-DEFAULT-TEMPLATE" #define CM_OP_FETCH_ENROLL_REQUIREMENTS "GET-NEW-REQUEST-REQUIREMENTS" #define CM_OP_FETCH_RENEWAL_REQUIREMENTS "GET-RENEW-REQUEST-REQUIREMENTS" #define CM_OP_FETCH_SCEP_CA_CERTS "FETCH-SCEP-CA-CERTS" #define CM_OP_FETCH_SCEP_CA_CAPS "FETCH-SCEP-CA-CAPS" #endif certmonger-0.79.19/src/submit-h.c0000644000175000017500000003043314511314133016120 0ustar gitgit00000000000000/* * Copyright (C) 2010,2011,2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "submit-e.h" #include "submit-h.h" #if HAVE_DECL_CURLOPT_KEYPASSWD #define CM_CURLOPT_PKI_PASSWD CURLOPT_KEYPASSWD #else #if HAVE_DECL_CURLOPT_SSLKEYPASSWD #define CM_CURLOPT_PKI_PASSWD CURLOPT_SSLKEYPASSWD #else #if HAVE_DECL_CURLOPT_SSLCERTPASSWD #define CM_CURLOPT_PKI_PASSWD CURLOPT_SSLCERTPASSWD #endif #endif #endif struct cm_submit_h_context { int ret; long response_code; char *method, *uri, *args, *accept, *ctype, *referer, *cainfo, *capath, *result; int result_length; char *sslcert, *sslkey, *sslpass; enum cm_submit_h_opt_negotiate negotiate; enum cm_submit_h_opt_delegate negotiate_delegate; enum cm_submit_h_opt_clientauth client_auth; enum cm_submit_h_opt_env_modify modify_env; enum cm_submit_h_opt_curl_verbose verbose; CURL *curl; }; struct cm_submit_h_context * cm_submit_h_init(void *parent, const char *method, const char *uri, const char *args, const char *content_type, const char *accept, const char *referer, const char *cainfo, const char *capath, const char *sslcert, const char *sslkey, const char *sslpass, enum cm_submit_h_opt_negotiate neg, enum cm_submit_h_opt_delegate del, enum cm_submit_h_opt_clientauth cli, enum cm_submit_h_opt_env_modify env, enum cm_submit_h_opt_curl_verbose verbose) { struct cm_submit_h_context *ctx; ctx = talloc_ptrtype(parent, ctx); if (ctx != NULL) { memset(ctx, 0, sizeof(*ctx)); ctx->method = talloc_strdup(ctx, method); ctx->uri = talloc_strdup(ctx, uri); ctx->args = args ? talloc_strdup(ctx, args) : NULL; ctx->ctype = content_type ? talloc_strdup(ctx, content_type) : NULL; ctx->referer = referer ? talloc_strdup(ctx, referer) : NULL; ctx->accept = accept ? talloc_strdup(ctx, accept) : NULL; ctx->cainfo = cainfo ? talloc_strdup(ctx, cainfo) : NULL; ctx->capath = capath ? talloc_strdup(ctx, capath) : NULL; ctx->sslcert = sslcert ? talloc_strdup(ctx, sslcert) : NULL; ctx->sslkey = sslkey ? talloc_strdup(ctx, sslkey) : NULL; ctx->sslpass = sslpass ? talloc_strdup(ctx, sslpass) : NULL; ctx->curl = NULL; ctx->ret = -1; ctx->response_code = 0; ctx->result = NULL; ctx->negotiate = neg; ctx->negotiate_delegate = del; ctx->client_auth = cli; ctx->modify_env = env; ctx->verbose = verbose; } return ctx; } static uint append_result(char *in, uint size, uint nmemb, struct cm_submit_h_context *ctx) { uint n; char *data; if (size < nmemb) { n = nmemb; nmemb = size; size = n; } for (n = 0; n < nmemb; n++) { data = talloc_realloc_size(ctx, ctx->result, ctx->result_length + size + 1); if (data == NULL) { return n * size; } memcpy(data + ctx->result_length, in + n * size, size); data[ctx->result_length + size] = '\0'; ctx->result = data; ctx->result_length += size; } return n * size; } void cm_submit_h_run(struct cm_submit_h_context *ctx) { struct curl_slist *headers = NULL; char *uri, *header; if (ctx->curl != NULL) { curl_easy_cleanup(ctx->curl); } if ((ctx->modify_env == cm_submit_h_env_modify_on) & (ctx->cainfo != NULL)) { setenv("SSL_DIR", ctx->cainfo, 1); } ctx->curl = curl_easy_init(); if (ctx->curl != NULL) { if (ctx->verbose) { curl_easy_setopt(ctx->curl, CURLOPT_VERBOSE, 1L); } if ((ctx->cainfo != NULL) || (ctx->capath != NULL)) { curl_easy_setopt(ctx->curl, CURLOPT_SSL_VERIFYPEER, 1L); curl_easy_setopt(ctx->curl, CURLOPT_SSL_VERIFYHOST, 2L); } if (ctx->cainfo != NULL) { curl_easy_setopt(ctx->curl, CURLOPT_CAINFO, ctx->cainfo); } if (ctx->capath != NULL) { curl_easy_setopt(ctx->curl, CURLOPT_CAPATH, ctx->capath); } if (strcasecmp(ctx->method, "GET") == 0) { uri = talloc_asprintf(ctx, "%s%s%s", ctx->uri, ctx->args ? "?" : "", ctx->args ? ctx->args : ""); curl_easy_setopt(ctx->curl, CURLOPT_URL, uri); curl_easy_setopt(ctx->curl, CURLOPT_HTTPGET, 1L); } else { curl_easy_setopt(ctx->curl, CURLOPT_URL, ctx->uri); curl_easy_setopt(ctx->curl, CURLOPT_HTTPGET, 0L); if ((ctx->args != NULL) && (strlen(ctx->args) > 0)) { curl_easy_setopt(ctx->curl, CURLOPT_POSTFIELDS, ctx->args); } } if (ctx->negotiate == cm_submit_h_negotiate_on) { #if defined(CURLAUTH_NEGOTIATE) curl_easy_setopt(ctx->curl, CURLOPT_HTTPAUTH, CURLAUTH_NEGOTIATE); curl_easy_setopt(ctx->curl, CURLOPT_USERPWD, ":"); #else cm_log(-1, "warning: libcurl doesn't appear to support " "Negotiate authentication, continuing\n"); #endif #if defined(CURLOPT_GSSAPI_DELEGATION) && defined(CURLGSSAPI_DELEGATION_FLAG) /* The default before CURLOPT_GSSAPI_DELEGATION existed * was CURLGSSAPI_DELEGATION_FLAG, so we should be fine * if it's not defined. */ curl_easy_setopt(ctx->curl, CURLOPT_GSSAPI_DELEGATION, ctx->negotiate_delegate == cm_submit_h_delegate_on ? CURLGSSAPI_DELEGATION_FLAG : CURLGSSAPI_DELEGATION_NONE); #endif } else if (ctx->client_auth == cm_submit_h_clientauth_on) { curl_easy_setopt(ctx->curl, CURLOPT_HTTPAUTH, CURLAUTH_NONE); if (ctx->sslcert != NULL) { curl_easy_setopt(ctx->curl, CURLOPT_SSLCERT, ctx->sslcert); } if (ctx->sslkey != NULL) { curl_easy_setopt(ctx->curl, CURLOPT_SSLKEY, ctx->sslkey); } if (ctx->sslpass != NULL) { curl_easy_setopt(ctx->curl, CM_CURLOPT_PKI_PASSWD, ctx->sslpass); } } else { curl_easy_setopt(ctx->curl, CURLOPT_FOLLOWLOCATION, 1); curl_easy_setopt(ctx->curl, CURLOPT_HTTPAUTH, CURLAUTH_NONE); } if (ctx->accept != NULL) { header = talloc_asprintf(ctx, "Accept: %s", ctx->accept); if (header != NULL) { headers = curl_slist_append(headers, header); } } if (ctx->ctype != NULL) { header = talloc_asprintf(ctx, "Content-Type: %s", ctx->ctype); if (header != NULL) { headers = curl_slist_append(headers, header); } } if (ctx->referer != NULL) { header = talloc_asprintf(ctx, "Referer: %s", ctx->referer); if (header != NULL) { headers = curl_slist_append(headers, header); } } curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(ctx->curl, CURLOPT_WRITEFUNCTION, append_result); curl_easy_setopt(ctx->curl, CURLOPT_WRITEDATA, ctx); if (ctx->result != NULL) { talloc_free(ctx->result); ctx->result = NULL; } ctx->ret = curl_easy_perform(ctx->curl); curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &ctx->response_code); if (headers != NULL) { curl_slist_free_all(headers); } } } int cm_submit_h_response_code(struct cm_submit_h_context *ctx) { return ctx->response_code; } int cm_submit_h_result_code(struct cm_submit_h_context *ctx) { return ctx->ret; } const char * cm_submit_h_result_code_text(struct cm_submit_h_context *ctx) { return curl_easy_strerror(ctx->ret); } const char * cm_submit_h_results(struct cm_submit_h_context *ctx, int *length) { if (length != NULL) { *length = ctx->result_length; } return ctx->result; } const char * cm_submit_h_result_type(struct cm_submit_h_context *ctx) { char *ret = NULL; if (ctx->curl != NULL) { if (curl_easy_getinfo(ctx->curl, CURLINFO_CONTENT_TYPE, &ret) != CURLE_OK) { ret = NULL; } } return ret; } void cm_submit_h_cleanup(struct cm_submit_h_context *ctx) { if (ctx != NULL && ctx->curl != NULL) { curl_easy_cleanup(ctx->curl); } } #ifdef CM_SUBMIT_H_MAIN int main(int argc, const char **argv) { struct cm_submit_h_context *ctx; struct stat st; enum cm_submit_h_opt_negotiate negotiate; enum cm_submit_h_opt_delegate negotiate_delegate; enum cm_submit_h_opt_clientauth clientauth; int c, fd, l, verbose = 0, length = 0, rval = 0; char *ctype, *accept, *capath, *cainfo, *sslcert, *sslkey, *sslpass; char *pinfile; const char *method, *url; poptContext pctx; struct poptOption popts[] = { {"accept-type", 'a', POPT_ARG_STRING, &accept, 0, "acceptable response content-type", NULL}, {"capath", 'C', POPT_ARG_STRING, &capath, 0, "root certificate directory", "DIRECTORY"}, {"cainfo", 'c', POPT_ARG_STRING, &cainfo, 0, "root certificate info", NULL}, {"negotiate", 'N', POPT_ARG_NONE, NULL, 'N', "use Negotiate", NULL}, {"delegate", 'D', POPT_ARG_NONE, NULL, 'D', "use Negotiate with delegation", NULL}, {"sslcert", 'k', POPT_ARG_STRING, &sslcert, 'k', "use client authentication with cert", "CERT"}, {"sslkey", 'K', POPT_ARG_STRING, &sslkey, 'K', "use client authentication with key", "KEY"}, {"pinfile", 'p', POPT_ARG_STRING, &pinfile, 'p', "client authentication key pinfile", "FILENAME"}, {"pin", 'P', POPT_ARG_STRING, &sslpass, 0, "client authentication key pin", NULL}, {"content-type", 't', POPT_ARG_STRING, &ctype, 0, "client data content-type", NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; ctype = NULL; accept = NULL; capath = NULL; cainfo = NULL; sslcert = NULL; sslkey = NULL; sslpass = NULL; pinfile = NULL; negotiate = cm_submit_h_negotiate_off; negotiate_delegate = cm_submit_h_delegate_off; clientauth = cm_submit_h_clientauth_off; pctx = poptGetContext("submit-h", argc, argv, popts, 0); if (pctx == NULL) { exit(1); } poptSetOtherOptionHelp(pctx, "[options...] METHOD URL"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'N': negotiate = cm_submit_h_negotiate_on; break; case 'D': negotiate = cm_submit_h_negotiate_on; negotiate_delegate = cm_submit_h_delegate_on; break; case 'k': clientauth = cm_submit_h_clientauth_on; break; case 'K': clientauth = cm_submit_h_clientauth_on; break; case 'p': if (pinfile != NULL) { fd = open(pinfile, O_RDONLY); if (fd != -1) { if ((fstat(fd, &st) == 0) && (st.st_size > 0)) { sslpass = malloc(st.st_size + 1); if (sslpass != NULL) { if (read(fd, sslpass, st.st_size) != -1) { sslpass[st.st_size] = '\0'; l = strcspn(sslpass, "\r\n"); if (l != 0) { sslpass[l] = '\0'; } } else { fprintf(stderr, "Error reading \"%s\": %s.\n", pinfile, strerror(errno)); exit(1); } } } else { fprintf(stderr, "Error determining size of \"%s\": %s.\n", pinfile, strerror(errno)); exit(1); } close(fd); } else { fprintf(stderr, "Error reading PIN from \"%s\": %s.\n", pinfile, strerror(errno)); exit(1); } } break; case 'v': verbose++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } method = poptGetArg(pctx); url = poptGetArg(pctx); if ((method == NULL) || (url == NULL)) { printf("Missing a required argument.\n"); poptPrintUsage(pctx, stdout, 0); return 1; } ctx = cm_submit_h_init(NULL, method, url, poptGetArg(pctx), ctype, accept, NULL, cainfo, capath, sslcert, sslkey, sslpass, negotiate, negotiate_delegate, clientauth, cm_submit_h_env_modify_on, verbose ? cm_submit_h_curl_verbose_on : cm_submit_h_curl_verbose_off); cm_submit_h_run(ctx); if (cm_submit_h_results(ctx, &length) != NULL) { printf("%.*s", length, cm_submit_h_results(ctx, NULL)); } if (cm_submit_h_result_code(ctx) != 0) { fflush(stdout); fprintf(stderr, "libcurl error %d:%s\n", cm_submit_h_result_code(ctx), cm_submit_h_result_code_text(ctx)); } rval = cm_submit_h_result_code(ctx); cm_submit_h_cleanup(ctx); return rval; } #endif certmonger-0.79.19/src/submit-h.h0000644000175000017500000000443614511314133016131 0ustar gitgit00000000000000/* * Copyright (C) 2010,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmith_h #define cmsubmith_h struct cm_submit_h_context; enum cm_submit_h_opt_env_modify { cm_submit_h_env_modify_off, cm_submit_h_env_modify_on }; enum cm_submit_h_opt_negotiate { cm_submit_h_negotiate_off, cm_submit_h_negotiate_on }; enum cm_submit_h_opt_delegate { cm_submit_h_delegate_off, cm_submit_h_delegate_on }; enum cm_submit_h_opt_clientauth { cm_submit_h_clientauth_off, cm_submit_h_clientauth_on }; enum cm_submit_h_opt_curl_verbose { cm_submit_h_curl_verbose_off, cm_submit_h_curl_verbose_on }; struct cm_submit_h_context *cm_submit_h_init(void *parent, const char *method, const char *uri, const char *args, const char *content_type, const char *accept, const char *referer, const char *cainfo, const char *capath, const char *sslcert, const char *sslkey, const char *sslpass, enum cm_submit_h_opt_negotiate neg, enum cm_submit_h_opt_delegate del, enum cm_submit_h_opt_clientauth cli, enum cm_submit_h_opt_env_modify env, enum cm_submit_h_opt_curl_verbose verbose); void cm_submit_h_run(struct cm_submit_h_context *ctx); int cm_submit_h_response_code(struct cm_submit_h_context *ctx); int cm_submit_h_result_code(struct cm_submit_h_context *ctx); const char *cm_submit_h_result_code_text(struct cm_submit_h_context *ctx); const char *cm_submit_h_results(struct cm_submit_h_context *ctx, int *length); const char *cm_submit_h_result_type(struct cm_submit_h_context *ctx); void cm_submit_h_cleanup(struct cm_submit_h_context *ctx); #endif certmonger-0.79.19/src/submit-int.h0000644000175000017500000000621714511314133016473 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmitint_h #define cmsubmitint_h struct cm_store_entry; struct cm_submit_state { /* The parent usually needs a pointer to the entry for updating. */ struct cm_store_entry *entry; /* The parent uses this to manage the subprocess that's doing the heavy * lifting. */ struct cm_subproc_state *subproc; /* Check if the CSR was submitted to the CA yet, or we determined that * doing so was not possible at this time. */ int (*ready)(struct cm_submit_state *state); /* Save CA-specific identifier for our submitted request. */ int (*save_ca_cookie)(struct cm_submit_state *state); /* Check if the certificate was issued. */ int (*issued)(struct cm_submit_state *state); /* Check if the certificate request was rejected. */ int (*rejected)(struct cm_submit_state *state); /* Check if we need SCEP-specific data to be provided. */ int (*need_scep_messages)(struct cm_submit_state *state); /* Check if we need to try again with different keys. */ int (*need_rekey)(struct cm_submit_state *state); /* Check if the CA was unreachable for some reason. */ int (*unreachable)(struct cm_submit_state *state); /* Check if the CA was unconfigured in some way. */ int (*unconfigured)(struct cm_submit_state *state); /* Check if we can't submit requests to the CA. */ int (*unsupported)(struct cm_submit_state *state); /* Done talking to the CA. */ void (*done)(struct cm_submit_state *state); /* Recommended delay before the next connection to the CA. */ int delay; /* Reserved for implementation use. Currently only used by the * "external" submission implementations. */ void *reserved; }; struct cm_submit_state *cm_submit_e_start(struct cm_store_ca *ca, struct cm_store_entry *entry); struct cm_submit_state *cm_submit_sn_start(struct cm_store_ca *ca, struct cm_store_entry *entry); struct cm_submit_state *cm_submit_so_start(struct cm_store_ca *ca, struct cm_store_entry *entry); #define CM_BASIC_CONSTRAINT_NOT_CA "3000" char *cm_submit_maybe_joinv(void *parent, const char *sep, char **s); struct cm_submit_decrypt_envelope_args { struct cm_store_ca *ca; struct cm_store_entry *entry; }; void cm_submit_o_decrypt_envelope(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length); void cm_submit_n_decrypt_envelope(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length); #endif certmonger-0.79.19/src/submit-n.c0000644000175000017500000003324514511314133016132 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "store-int.h" #include "keyiread-n.h" #include "log.h" #include "pin.h" #include "prefs-n.h" #include "store.h" #include "submit.h" #include "submit-e.h" #include "submit-int.h" #include "submit-u.h" #include "subproc.h" #include "util-n.h" #include "util-o.h" #define PRIVKEY_LIST_EMPTY(l) PRIVKEY_LIST_END(PRIVKEY_LIST_HEAD(l), l) SECOidTag cm_submit_n_tag_from_nid(int nid) { ASN1_OBJECT *obj; SECItem oid; obj = OBJ_nid2obj(nid); if (obj != NULL) { memset(&oid, 0, sizeof(oid)); oid.data = (unsigned char *) util_OBJ_get0_data(obj); oid.len = util_OBJ_length(obj); return SECOID_FindOIDTag(&oid); } else { return SEC_OID_UNKNOWN; } } static SECItem * try_to_decode(void *parent, PLArenaPool *arena, SECItem *item, SECKEYPrivateKey *privkey, X509 *old_cert) { SECOidTag tag; SECItem *ret = NULL, param, *parameters; ASN1_OBJECT *algorithm; int nid, padding; CK_MECHANISM_TYPE mech; ASN1_STRING *params = NULL; PKCS7 *p7 = NULL; PKCS7_RECIP_INFO *p7i = NULL; BIGNUM *exponent = NULL; EVP_PKEY *pkey = NULL; BIO *out; RSA *rsa = NULL; char buf[BUFSIZ]; const unsigned char *u; unsigned char *enc_key, *dec, *reenc, *param_data; unsigned int enc_key_len, dec_len; ssize_t reenc_len; long error, l; /* Do the standard parse and sanity checking. */ u = item->data; p7 = d2i_PKCS7(NULL, &u, item->len); if (p7 == NULL) { cm_log(1, "Error decoding PKCS#7 enveloped data: %s\n", cm_store_base64_from_bin(NULL, item->data, item->len)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } goto done; } if (!PKCS7_type_is_enveloped(p7)) { cm_log(1, "PKCS#7 data is not enveloped data.\n"); goto done; } if (sk_PKCS7_RECIP_INFO_num(p7->d.enveloped->recipientinfo) != 1) { cm_log(1, "PKCS#7 enveloped data is for %d recipients.\n", sk_PKCS7_RECIP_INFO_num(p7->d.enveloped->recipientinfo)); goto done; } p7i = sk_PKCS7_RECIP_INFO_value(p7->d.enveloped->recipientinfo, 0); if ((p7i->key_enc_algor == NULL) || (p7i->key_enc_algor->parameter == NULL)) { cm_log(1, "PKCS#7 recipient info is missing parameters.\n"); goto done; } /* Try to decrypt the bulk key using the private key. */ algorithm = p7i->key_enc_algor->algorithm; nid = OBJ_obj2nid(algorithm); tag = cm_submit_n_tag_from_nid(nid); mech = PK11_AlgtagToMechanism(tag); if (p7i->key_enc_algor->parameter->type == V_ASN1_OCTET_STRING) { params = p7i->key_enc_algor->parameter->value.octet_string; memset(¶m, 0, sizeof(param)); param.len = util_ASN1_STRING_length(params); param_data = PORT_ArenaZAlloc(arena, param.len); if (param_data == NULL) { cm_log(1, "Out of memory decrypting bulk key.\n"); goto done; } memcpy(param_data, util_ASN1_STRING_get0_data(params), param.len); param.data = param_data; parameters = ¶m; } else { parameters = NULL; } enc_key_len = util_ASN1_STRING_length(p7i->enc_key); enc_key = PORT_ArenaZAlloc(arena, enc_key_len); if (enc_key == NULL) { cm_log(1, "Out of memory decrypting bulk key.\n"); goto done; } memcpy(enc_key, util_ASN1_STRING_get0_data(p7i->enc_key), enc_key_len); dec_len = enc_key_len + BUFSIZ; dec = talloc_size(parent, dec_len); if (parameters == NULL) { if (PK11_PrivDecryptPKCS1(privkey, dec, &dec_len, dec_len, enc_key, enc_key_len) != SECSuccess) { cm_log(1, "Error decrypting bulk key: %s.\n", PR_ErrorToName(PORT_GetError())); goto done; } } else { #ifdef HAVE_PK11_PRIVDECRYPT if (PK11_PrivDecrypt(privkey, mech, parameters, dec, &dec_len, dec_len, enc_key, enc_key_len) != SECSuccess) { cm_log(1, "Error decrypting bulk key: %s.\n", PR_ErrorToName(PORT_GetError())); goto done; } #else cm_log(1, "Error decrypting bulk key: " "the version of NSS we were built with does not " "support decryption with specified parameters\n"); goto done; #endif } /* Generate a dummy key to use when re-encrypting the bulk key using * OpenSSL so that we can decrypt it again, and with it the payload. */ pkey = EVP_PKEY_new(); if (pkey == NULL) { cm_log(1, "Error allocating new key.\n"); goto done; } exponent = BN_new(); if (exponent == NULL) { cm_log(1, "Error setting up exponent.\n"); goto done; } BN_set_word(exponent, CM_DEFAULT_RSA_EXPONENT); rsa = RSA_new(); if (rsa == NULL) { cm_log(1, "Error allocating new RSA key.\n"); goto done; } retry_gen: if (RSA_generate_key_ex(rsa, CM_DEFAULT_PUBKEY_SIZE, exponent, NULL) != 1) { cm_log(1, "Error generating key.\n"); goto done; } if (RSA_check_key(rsa) != 1) { /* should be unnecessary */ cm_log(1, "Key fails checks. Retrying.\n"); goto retry_gen; } EVP_PKEY_set1_RSA(pkey, rsa); /* Encrypt the bulk key. We're about to decrypt it again, so do it the * simplest way that we can. */ reenc_len = dec_len + RSA_size(rsa); reenc = talloc_size(parent, reenc_len); padding = RSA_PKCS1_PADDING; reenc_len = RSA_public_encrypt(dec_len, dec, reenc, rsa, padding); if (reenc_len < 0) { cm_log(1, "Error reencrypting.\n"); goto retry_gen; } /* Set the new encrypted bulk key. */ p7i->key_enc_algor->algorithm = OBJ_dup(OBJ_nid2obj(NID_rsaEncryption)); ASN1_TYPE_set(p7i->key_enc_algor->parameter, V_ASN1_NULL, NULL); util_ASN1_OCTET_STRING_set(p7i->enc_key, reenc, reenc_len); /* And now, finally, decrypt the payload. */ out = BIO_new(BIO_s_mem()); if (out == NULL) { cm_log(1, "Out of memory.\n"); goto done; } if (PKCS7_decrypt(p7, pkey, NULL, out, 0) == 1) { u = NULL; l = BIO_get_mem_data(out, &u); cm_log(1, "Succeeded in decrypting enveloped data.\n"); if (u != NULL) { ret = SECITEM_AllocItem(arena, NULL, l + 1); if (ret != NULL) { memcpy(ret->data, u, l + 1); ret->data[l] = '\0'; ret->len = l; } } } done: if (ret == NULL) { while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } } if (pkey != NULL) { EVP_PKEY_free(pkey); } if (exponent != NULL) { BN_free(exponent); } if (p7 != NULL) { PKCS7_free(p7); } return ret; } void cm_submit_n_decrypt_envelope(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length) { const char *token, *reason, *es; char *pin; PLArenaPool *arena = NULL; SECStatus error; NSSInitContext *ctx = NULL; PK11SlotInfo *slot = NULL; PK11SlotList *slotlist = NULL; PK11SlotListElement *sle; SECKEYPrivateKeyList *keylist = NULL; SECKEYPrivateKeyListNode *kle = NULL; CK_MECHANISM_TYPE mech; SECItem item, *plain; struct cm_pin_cb_data cb_data; int n_tokens, ec; struct cm_submit_decrypt_envelope_args *args = decrypt_userdata; X509 *old_cert = NULL; util_o_init(); ERR_load_crypto_strings(); /* Open the database. */ ctx = NSS_InitContext(args->entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB); if (ctx == NULL) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); } else { es = NULL; } if (es != NULL) { cm_log(1, "Unable to open NSS database '%s': %s.\n", args->entry->cm_key_storage_location, es); } else { cm_log(1, "Unable to open NSS database '%s'.\n", args->entry->cm_key_storage_location); } goto done; } if (NSS_ShutdownContext(ctx) != SECSuccess) { cm_log(0, "Error shutting down NSS.\n"); _exit(1); } ctx = NSS_InitContext(args->entry->cm_key_storage_location, NULL, NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOROOTINIT); if (ctx == NULL) { cm_log(0, "Unable to initialize NSS %s.\n", args->entry->cm_key_storage_location); _exit(1); } reason = util_n_fips_hook(); if (reason != NULL) { cm_log(1, "Error putting NSS into FIPS mode: %s\n", reason); goto done; } /* Allocate a memory pool. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Out of memory opening database '%s'.\n", args->entry->cm_key_storage_location); goto done; } /* Find the tokens that we might use for key storage. */ mech = 0; slotlist = PK11_GetAllTokens(mech, PR_FALSE, PR_FALSE, NULL); if (slotlist == NULL) { cm_log(1, "Error locating token to be used for key storage.\n"); goto done; } /* Walk the list looking for the requested token, or look at all of * them if none specifically was requested. */ pin = NULL; if (cm_pin_read_for_key(args->entry, &pin) != 0) { cm_log(1, "Error reading PIN for key storage.\n"); goto done; } if (args->entry->cm_key_token == NULL) { args->entry->cm_key_token = util_internal_token_name(args->entry); } PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb); n_tokens = 0; /* In practice, the internal slot is either a non-storage slot (in * non-FIPS mode) or the database slot (in FIPS mode), and we only want * to skip over the one that can't be used to store things. */ for (sle = slotlist->head; (sle != NULL) && (sle->slot != NULL); sle = sle->next) { slot = sle->slot; if (PK11_IsInternal(slot) && !PK11_IsInternalKeySlot(slot)) { cm_log(3, "Skipping NSS internal slot (%s).\n", PK11_GetTokenName(slot)); goto next_slot; } /* Read the token's name. */ token = PK11_GetTokenName(slot); if (token != NULL) { cm_log(3, "Found token '%s'.\n", token); } else { cm_log(3, "Found unnamed token.\n"); } /* If this is the wrong token, move on. */ if ((args->entry->cm_key_token != NULL) && (strlen(args->entry->cm_key_token) > 0) && ((token == NULL) || (strcmp(args->entry->cm_key_token, token) != 0))) { if (token != NULL) { cm_log(1, "Token is named \"%s\", not \"%s\", " "skipping.\n", token, args->entry->cm_key_token); } else { cm_log(1, "Token is unnamed, not \"%s\", " "skipping.\n", args->entry->cm_key_token); } goto next_slot; } n_tokens++; /* Set up args for the PIN callback. */ memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = args->entry; cb_data.n_attempts = 0; /* Now log in, if we have to. */ if (cm_pin_read_for_key(args->entry, &pin) != 0) { cm_log(1, "Error reading PIN for key storage " "token \"%s\", skipping.\n", token); goto done; } error = PK11_Authenticate(slot, PR_TRUE, &cb_data); if (error != SECSuccess) { cm_log(1, "submit-n: Error authenticating to token " "\"%s\".\n", token); goto done; } break; next_slot: /* If this was the last token, stop walking. */ slot = NULL; if (sle == slotlist->tail) { break; } } if (args->entry->cm_cert != NULL) { BIO *bio = NULL; cm_log(3, "Parsing existing certificate\n"); bio = BIO_new_mem_buf(args->entry->cm_cert, -1); if (bio == NULL) { cm_log(1, "Out of memory.\n"); goto done; } else { old_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); BIO_free(bio); if (old_cert == NULL) { cm_log(1, "Error parsing certificate \"%s\".\n", args->entry->cm_cert); goto done; } } } cm_log(3, "old_cert is %s\n", old_cert == NULL ? "NULL" : "present"); /* Now that we're logged in, try to decrypt the enveloped data. */ plain = NULL; if (slot != NULL) { keylist = PK11_ListPrivKeysInSlot(slot, NULL, NULL); if (keylist != NULL) { memset(&item, 0, sizeof(item)); item.data = talloc_memdup(args->entry, envelope, length); item.len = length; for (kle = PRIVKEY_LIST_HEAD(keylist); !PRIVKEY_LIST_EMPTY(keylist) && !PRIVKEY_LIST_END(kle, keylist); kle = PRIVKEY_LIST_NEXT(kle)) { plain = try_to_decode(args->entry, arena, &item, kle->key, old_cert); if (plain != NULL) { break; } } } } if (plain == NULL) { cm_log(1, "Error decrypting enveloped data: %s.\n", PR_ErrorToName(PORT_GetError()) ?: "(unknown error)"); goto done; } cm_log(1, "Succeeded in decrypting enveloped data.\n"); *payload = talloc_size(args->entry, plain->len + 1); if (*payload != NULL) { memcpy(*payload, plain->data, plain->len); (*payload)[plain->len] = '\0'; *payload_length = plain->len; } done: if (keylist != NULL) { SECKEY_DestroyPrivateKeyList(keylist); } if (slotlist != NULL) { PK11_FreeSlotList(slotlist); } if (arena != NULL) { PORT_FreeArena(arena, PR_TRUE); } if (ctx != NULL) { error = NSS_ShutdownContext(ctx); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } } if (old_cert != NULL) { X509_free(old_cert); } } certmonger-0.79.19/src/submit-o.c0000644000175000017500000003127314511314133016132 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "pin.h" #include "prefs.h" #include "prefs-o.h" #include "store.h" #include "store-int.h" #include "submit.h" #include "submit-e.h" #include "submit-int.h" #include "submit-o.h" #include "submit-u.h" #include "subproc.h" #include "util-o.h" static void cm_submit_o_set_things(X509 **cert, X509 *signer, unsigned char uuid[16], unsigned int uuid_len, STACK_OF(X509_EXTENSION) *extensions) { PLArenaPool *arena = NULL; CERTCertificate subject, issuer; CERTSignedData scert; SECItem item, *encoded; X509_EXTENSION *ext; unsigned char *p, *q; const unsigned char *d; int length, l, i; arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Out of memory for decoding cert_info."); return; } memset(&item, 0, sizeof(item)); if (signer != NULL) { length = i2d_X509(signer, NULL); if (length < 0) { cm_log(1, "Error encoding signer cert."); PORT_FreeArena(arena, PR_TRUE); return; } p = q = malloc(length); l = i2d_X509(signer, &q); if (l != length) { cm_log(1, "Error encoding signer cert: %d != %d.", l, length); free(p); PORT_FreeArena(arena, PR_TRUE); return; } memset(&scert, 0, sizeof(scert)); item.data = p; item.len = length; if (SEC_ASN1DecodeItem(arena, &scert, CERT_SignedDataTemplate, &item) != SECSuccess) { cm_log(1, "Error decoding signer cert: %s.", PR_ErrorToName(PORT_GetError())); free(p); PORT_FreeArena(arena, PR_TRUE); return; } memset(&issuer, 0, sizeof(issuer)); if (SEC_ASN1DecodeItem(arena, &issuer, CERT_CertificateTemplate, &scert.data) != SECSuccess) { cm_log(1, "Error decoding signer cert info: %s.", PR_ErrorToName(PORT_GetError())); free(p); PORT_FreeArena(arena, PR_TRUE); return; } free(p); } for (i = 0; i < sk_X509_EXTENSION_num(extensions); i++) { ext = sk_X509_EXTENSION_value(extensions, i); if (ext != NULL) { if (X509_add_ext(*cert, ext, -1) != 1) { cm_log(1, "Error adding extension to certificate."); PORT_FreeArena(arena, PR_TRUE); return; } } } length = i2d_X509(*cert, NULL); if (length < 0) { cm_log(1, "Error encoding cert."); PORT_FreeArena(arena, PR_TRUE); return; } p = q = malloc(length); l = i2d_X509(*cert, &q); if (l != length) { cm_log(1, "Error encoding cert: %d != %d.", l, length); free(p); PORT_FreeArena(arena, PR_TRUE); return; } memset(&scert, 0, sizeof(scert)); item.data = p; item.len = length; if (SEC_ASN1DecodeItem(arena, &scert, CERT_SignedDataTemplate, &item) != SECSuccess) { cm_log(1, "Error decoding cert: %s.", PR_ErrorToName(PORT_GetError())); free(p); PORT_FreeArena(arena, PR_TRUE); return; } memset(&subject, 0, sizeof(subject)); if (SEC_ASN1DecodeItem(arena, &subject, CERT_CertificateTemplate, &scert.data) != SECSuccess) { cm_log(1, "Error decoding cert info: %s.", PR_ErrorToName(PORT_GetError())); free(p); PORT_FreeArena(arena, PR_TRUE); return; } free(p); memset(&subject.issuerID, 0, sizeof(subject.issuerID)); memset(&subject.subjectID, 0, sizeof(subject.subjectID)); if (uuid_len > 0) { subject.subjectID.data = uuid; subject.subjectID.len = uuid_len; if (signer != NULL) { subject.issuerID = issuer.subjectID; } else { subject.issuerID.data = uuid; subject.issuerID.len = uuid_len; } } memset(&scert.data, 0, sizeof(scert.data)); encoded = SEC_ASN1EncodeItem(arena, &scert.data, &subject, CERT_CertificateTemplate); if (encoded != &scert.data) { cm_log(1, "Error re-encoding cert_info: %s.", PR_ErrorToName(PORT_GetError())); PORT_FreeArena(arena, PR_TRUE); return; } memset(&item, 0, sizeof(item)); encoded = SEC_ASN1EncodeItem(arena, &item, &scert, CERT_SignedDataTemplate); if (encoded != &item) { cm_log(1, "Error re-encoding cert: %s.", PR_ErrorToName(PORT_GetError())); PORT_FreeArena(arena, PR_TRUE); return; } d = item.data; *cert = d2i_X509(NULL, &d, item.len); if (*cert == NULL) { cm_log(1, "Error re-decoding cert."); PORT_FreeArena(arena, PR_TRUE); return; } PORT_FreeArena(arena, PR_TRUE); } int cm_submit_o_sign(void *parent, char *csr, X509 *signer, EVP_PKEY *signer_key, const char *hexserial, time_t now, long life, X509 **cert) { X509_REQ *req; BIO *bio; ASN1_INTEGER *seriali; ASN1_TIME *not_before, *not_after; BASIC_CONSTRAINTS *basic; ASN1_OCTET_STRING *skid; AUTHORITY_KEYID akid; unsigned char *seriald, *basicd, md[CM_DIGEST_MAX]; const unsigned char *serialtmp, *basictmp; char *serial; int status = CM_SUBMIT_STATUS_WAIT, seriall, basicl, crit, i; unsigned int mdlen, uuid_len; unsigned char uuid[16]; bio = BIO_new_mem_buf(csr, -1); if (bio != NULL) { req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL); if (req != NULL) { *cert = X509_new(); if (*cert != NULL) { X509_set_subject_name(*cert, X509_REQ_get_subject_name(req)); if (signer != NULL) { X509_set_issuer_name(*cert, X509_get_subject_name(signer)); } else { X509_set_issuer_name(*cert, X509_REQ_get_subject_name(req)); } X509_set_pubkey(*cert, util_X509_REQ_get0_pubkey(req)); not_before = util_ASN1_TIME_new(); ASN1_TIME_set(not_before, now); util_X509_set1_notBefore(*cert, not_before); if ((life == 0) && (signer != NULL)) { not_after = util_ASN1_TIME_dup((ASN1_TIME *)util_X509_get0_notAfter(signer)); } else { not_after = util_ASN1_TIME_new(); ASN1_TIME_set(not_after, now + life); } util_X509_set1_notAfter(*cert, not_after); X509_set_version(*cert, 2); /* set the serial number */ cm_log(3, "Setting certificate serial number \"%s\".\n", hexserial); serial = cm_store_serial_to_der(parent, hexserial); seriall = strlen(serial) / 2; seriald = talloc_size(parent, seriall); seriall = cm_store_hex_to_bin(serial, seriald, seriall); serialtmp = seriald; seriali = d2i_ASN1_INTEGER(NULL, &serialtmp, seriall); X509_set_serialNumber(*cert, seriali); uuid_len = 0; #ifdef HAVE_UUID if (cm_prefs_populate_unique_id()) { if (cm_submit_uuid_new(uuid) == 0) { uuid_len = sizeof(uuid); } } #endif /* Add a signature so that it looks right...ish. */ X509_sign(*cert, signer_key, cm_prefs_ossl_hash()); /* Add extensions and possibly add deprecated UUIDs. */ cm_submit_o_set_things(cert, signer, uuid, uuid_len, X509_REQ_get_extensions(req)); /* add basic constraints if needed */ i = X509_get_ext_by_NID(*cert, NID_basic_constraints, -1); if (i == -1) { basicl = strlen(CM_BASIC_CONSTRAINT_NOT_CA) / 2; basicd = talloc_size(parent, basicl); basicl = cm_store_hex_to_bin(CM_BASIC_CONSTRAINT_NOT_CA, basicd, basicl); basictmp = basicd; basic = d2i_BASIC_CONSTRAINTS(NULL, &basictmp, basicl); X509_add1_ext_i2d(*cert, NID_basic_constraints, basic, 1, 0); } /* copy the signer's subject key id to our authority key id */ if (signer != NULL) { skid = X509_get_ext_d2i(signer, NID_subject_key_identifier, &crit, NULL); memset(&akid, 0, sizeof(akid)); akid.keyid = skid; X509_add1_ext_i2d(*cert, NID_authority_key_identifier, &akid, crit, X509V3_ADD_REPLACE); /* make sure we have a subject key id */ i = X509_get_ext_by_NID(*cert, NID_subject_key_identifier, -1); if (i == -1) { if (X509_pubkey_digest(*cert, EVP_sha1(), md, &mdlen)) { skid = util_ASN1_OCTET_STRING_new(); util_ASN1_OCTET_STRING_set(skid, md, mdlen); X509_add1_ext_i2d(*cert, NID_subject_key_identifier, skid, 0, 0); } } } /* finish up */ if (signer_key != NULL) { X509_sign(*cert, signer_key, cm_prefs_ossl_hash()); status = CM_SUBMIT_STATUS_ISSUED; } else { status = CM_SUBMIT_STATUS_UNREACHABLE; } } else { cm_log(1, "Error building template certificate.\n"); status = CM_SUBMIT_STATUS_REJECTED; } } else { cm_log(1, "Error reading signing request.\n"); } BIO_free(bio); } else { cm_log(1, "Error parsing signing request.\n"); } return status; } void cm_submit_o_decrypt_envelope(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length) { struct cm_pin_cb_data cb_data; struct cm_submit_decrypt_envelope_args *args = decrypt_userdata; FILE *keyfp, *keyfp_next; BIO *out = NULL; EVP_PKEY *pkey = NULL, *pkey_next = NULL; PKCS7 *p7; char buf[LINE_MAX], *pin, *filename, *p; const unsigned char *u; long error, l; int result = 0; X509 *old_cert = NULL; if ((args->entry->cm_key_next_marker != NULL) && (strlen(args->entry->cm_key_next_marker) > 0)) { filename = util_build_next_filename(args->entry->cm_key_storage_location, args->entry->cm_key_next_marker); keyfp_next = fopen(filename, "r"); free(filename); } else { keyfp_next = NULL; } keyfp = fopen(args->entry->cm_key_storage_location, "r"); util_o_init(); ERR_load_crypto_strings(); if (cm_pin_read_for_key(args->entry, &pin) != 0) { cm_log(1, "Error reading key encryption PIN.\n"); goto done; } memset(&cb_data, 0, sizeof(cb_data)); cb_data.entry = args->entry; cb_data.n_attempts = 0; if (keyfp != NULL) { pkey = PEM_read_PrivateKey(keyfp, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); } if (keyfp_next != NULL) { pkey_next = PEM_read_PrivateKey(keyfp_next, NULL, cm_pin_read_for_key_ossl_cb, &cb_data); } if ((pkey == NULL) && (pkey_next == NULL)) { error = errno; cm_log(1, "Error reading private key '%s': %s.\n", args->entry->cm_key_storage_location, strerror(error)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } goto done; } u = envelope; p7 = d2i_PKCS7(NULL, &u, length); if ((p7 == NULL) || !PKCS7_type_is_enveloped(p7)) { goto done; } out = BIO_new(BIO_s_mem()); if (out == NULL) { cm_log(1, "Out of memory.\n"); goto done; } if (args->entry->cm_cert != NULL) { BIO *bio = NULL; cm_log(3, "Parsing existing certificate\n"); bio = BIO_new_mem_buf(args->entry->cm_cert, -1); if (bio == NULL) { cm_log(1, "Out of memory.\n"); goto done; } else { old_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); BIO_free(bio); if (old_cert == NULL) { cm_log(1, "Error parsing certificate \"%s\".\n", args->entry->cm_cert); goto done; } } } cm_log(3, "old_cert is %s\n", old_cert == NULL ? "NULL" : "present"); if (pkey_next != NULL) { result = PKCS7_decrypt(p7, pkey_next, old_cert, out, 0); if (result == 1) { goto done; } else { error = errno; cm_log(1, "Error decrypting PKCS#7 with pkey_next: %s.\n", strerror(error)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } } } result = PKCS7_decrypt(p7, pkey, old_cert, out, 0); if (result == 0) { error = errno; cm_log(1, "Error decrypting PKCS#7 with pkey: %s.\n", strerror(error)); while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } } done: if (result == 1) { p = NULL; l = BIO_get_mem_data(out, &p); cm_log(1, "Succeeded in decrypting enveloped data.\n"); if (p != NULL) { *payload = malloc(l + 1); if (*payload != NULL) { memcpy(*payload, p, l + 1); (*payload)[l] = '\0'; *payload_length = l; } } } if (keyfp != NULL) { fclose(keyfp); } if (keyfp_next != NULL) { fclose(keyfp_next); } if (pkey != NULL) { EVP_PKEY_free(pkey); } if (pkey_next != NULL) { EVP_PKEY_free(pkey_next); } if (out != NULL) { BIO_free(out); } if (old_cert != NULL) { X509_free(old_cert); } } certmonger-0.79.19/src/submit-o.h0000644000175000017500000000167414511314133016141 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmito_h #define cmsubmito_h SECOidTag cm_submit_n_tag_from_nid(int nid); int cm_submit_o_sign(void *parent, char *csr, X509 *signer, EVP_PKEY *signer_key, const char *hexserial, time_t now, long life, X509 **cert); #endif certmonger-0.79.19/src/submit-sn.c0000644000175000017500000003345714511314133016322 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "certext-n.h" #include "keyiread-n.h" #include "log.h" #include "prefs.h" #include "prefs-n.h" #include "store.h" #include "store-int.h" #include "submit.h" #include "submit-int.h" #include "submit-u.h" #include "subproc.h" static int cm_submit_sn_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { FILE *status; char *b64, *serial; const char *p, *q; SECStatus error; SECItem *esdata = NULL, *ecert = NULL; struct cm_keyiread_n_ctx_and_keys *keys; SECKEYPrivateKey *privkey; CERTCertificate *ucert = NULL; CERTCertExtension **extensions; CERTCertificateRequest *req = NULL, sreq; CERTSignedData *data = NULL, sdata, scert; CERTValidity *validity; PRTime now, life; time_t lifedelta; PLArenaPool *arena = NULL; SECOidData *sigoid, *extoid, *basicoid; int i, serial_length, basic_length; unsigned char btrue = 0xff; PRBool found_basic; /* Start up NSS and open the database. */ keys = cm_keyiread_n_get_keys(entry, 0); if (keys == NULL) { cm_log(1, "Unable to locate private key for self-signing.\n"); _exit(2); } /* Select the right key pair. */ if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { privkey = keys->privkey_next; } else { privkey = keys->privkey; } /* Allocate a memory pool. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { cm_log(1, "Error opening database '%s'.\n", entry->cm_key_storage_location); NSS_Shutdown(); _exit(ENOMEM); } /* Decode the CSR into a signeddata structure. */ p = entry->cm_csr; q = NULL; if (p != NULL) { while (strncmp(p, "-----BEGIN ", 11) == 0) { p += strcspn(p, "\r\n"); p += strspn(p, "\r\n"); } q = strstr(p, "-----END"); } if ((q == NULL) || (*p == '\0')) { cm_log(1, "Unable to parse CSR.\n"); _exit(1); } esdata = NSSBase64_DecodeBuffer(arena, NULL, p, q - p); if (esdata == NULL) { cm_log(1, "Unable to decode CSR into buffer.\n"); _exit(1); } memset(&sdata, 0, sizeof(sdata)); if (SEC_ASN1DecodeItem(arena, &sdata, CERT_SignedDataTemplate, esdata) != SECSuccess) { cm_log(1, "Unable to decode signed signing request.\n"); _exit(1); } else { data = &sdata; } sigoid = SECOID_FindOIDByTag(cm_prefs_nss_sig_alg(privkey)); if (sigoid == NULL) { cm_log(1, "Internal error resolving signature OID.\n"); _exit(1); } extoid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST); if (extoid == NULL) { cm_log(1, "Internal error resolving extension OID.\n"); _exit(1); } /* Decode the CSR from the signeddata structure into a usable request. */ memset(&sreq, 0, sizeof(sreq)); sreq.arena = arena; if (SEC_ASN1DecodeItem(arena, &sreq, CERT_CertificateRequestTemplate, &data->data) != SECSuccess) { cm_log(1, "Unable to decode signing request.\n"); _exit(1); } else { req = &sreq; } /* Build a certificate using the contents of the signing request. */ if (ca->cm_ca_internal_force_issue_time) { now = ca->cm_ca_internal_issue_time; now *= 1000000; } else { now = PR_Now(); } if (cm_submit_u_delta_from_string(cm_prefs_selfsign_validity_period(), now / 1000000, &lifedelta) == 0) { life = lifedelta; } else { if (cm_submit_u_delta_from_string(CM_DEFAULT_CERT_LIFETIME, now / 1000000, &lifedelta) == 0) { life = lifedelta; } else { life = 365 * 24 * 60 * 60; } } life *= 1000000L; validity = CERT_CreateValidity(now, now + life); if (validity == NULL) { cm_log(1, "Unable to create validity structure.\n"); _exit(1); } else { ucert = CERT_CreateCertificate(0, &req->subject, validity, req); CERT_DestroyValidity(validity); if (ucert == NULL) { cm_log(1, "Unable to create certificate structure.\n"); _exit(1); } } /* Populate the certificate's fields. */ SEC_ASN1EncodeInteger(arena, &ucert->version, 2); serial = ca->cm_ca_internal_serial; if (serial != NULL) { cm_log(3, "Setting certificate serial number \"%s\".\n", serial); serial_length = strlen(serial) / 2; ucert->serialNumber.data = PORT_ArenaZAlloc(arena, serial_length); serial_length = cm_store_hex_to_bin(serial, ucert->serialNumber.data, serial_length); ucert->serialNumber.len = serial_length; } else { cm_log(1, "Unable to set certificate serial number.\n"); _exit(1); } if (SECOID_SetAlgorithmID(arena, &ucert->signature, sigoid->offset, NULL) != SECSuccess) { cm_log(1, "Unable to set signature algorithm ID.\n"); _exit(1); } ucert->issuer = req->subject; ucert->subject = req->subject; ucert->subjectPublicKeyInfo = req->subjectPublicKeyInfo; #ifdef HAVE_UUID if (cm_prefs_populate_unique_id()) { ucert->subjectID.data = PORT_ArenaZAlloc(arena, 16); if (ucert->subjectID.data != NULL) { if (cm_submit_uuid_new(ucert->subjectID.data) == 0) { ucert->subjectID.len = 16 * 8; } else { ucert->subjectID.data = NULL; } } else { ucert->subjectID.len = 0; } ucert->issuerID = ucert->subjectID; } #endif /* Try to copy the extensions from the request into the certificate. */ for (i = 0; (req->attributes != NULL) && (req->attributes[i] != NULL); i++) { if (SECITEM_ItemsAreEqual(&req->attributes[i]->attrType, &extoid->oid)) { /* Found the requested-extensions attribute. */ break; } } /* Add the requested extensions. */ if ((req->attributes != NULL) && (req->attributes[i] != NULL)) { if (SEC_ASN1DecodeItem(arena, &ucert->extensions, CERT_SequenceOfCertExtensionTemplate, req->attributes[i]->attrValue[0]) != SECSuccess) { cm_log(1, "Error decoding requested extensions.\n"); } } /* Figure out the OID for basicConstraints. */ basicoid = SECOID_FindOIDByTag(SEC_OID_X509_BASIC_CONSTRAINTS); if (basicoid == NULL) { cm_log(1, "Unable to get basic constraints OID.\n"); _exit(1); } /* Count the number of extensions and whether or not we requested a * basicConstraints extension. */ found_basic = PR_FALSE; if (ucert->extensions == NULL) { i = 0; } else { for (i = 0; ucert->extensions[i] != NULL; i++) { if (SECITEM_ItemsAreEqual(&ucert->extensions[i]->id, &basicoid->oid)) { found_basic = PR_TRUE; } } } /* Allocate space for one more extension. */ extensions = PORT_ArenaZAlloc(arena, (i + 2) * sizeof(extensions[0])); if (extensions != NULL) { if (i != 0) { /* Note that C99 says copy of 0 items is ok, quieting clang */ memcpy(extensions, ucert->extensions, i * sizeof(extensions[0])); } if (found_basic) { extensions[i] = NULL; } else { extensions[i] = PORT_ArenaZAlloc(arena, sizeof(*(extensions[i]))); } extensions[i + 1] = NULL; ucert->extensions = extensions; } /* Add basic constraints. */ if ((extensions != NULL) && (extensions[i] != NULL) && !found_basic) { extensions[i]->id = basicoid->oid; extensions[i]->critical.data = &btrue; extensions[i]->critical.len = 1; basic_length = strlen(CM_BASIC_CONSTRAINT_NOT_CA) / 2; extensions[i]->value.data = PORT_ArenaZAlloc(arena, basic_length); extensions[i]->value.len = basic_length; basic_length = cm_store_hex_to_bin(CM_BASIC_CONSTRAINT_NOT_CA, extensions[i]->value.data, extensions[i]->value.len); extensions[i]->value.len = basic_length; } /* Encode the certificate into a tbsCertificate. */ ecert = SEC_ASN1EncodeItem(arena, NULL, ucert, CERT_CertificateTemplate); if (ecert == NULL) { cm_log(1, "Error encoding certificate structure.\n"); _exit(1); } /* Create a signature. */ memset(&scert, 0, sizeof(scert)); scert.data = *ecert; if (SECOID_SetAlgorithmID(arena, &scert.signatureAlgorithm, sigoid->offset, NULL) != SECSuccess) { cm_log(1, "Unable to set signature algorithm ID.\n"); _exit(1); } if (SEC_SignData(&scert.signature, ecert->data, ecert->len, privkey, sigoid->offset) != SECSuccess) { cm_log(1, "Unable to generate signature.\n"); _exit(1); } /* Of course, the signature is a bitstring, so its length is specified * in bits, but the item that stores it starts with the item length in * bytes. */ scert.signature.len *= 8; /* Encode the signed certificate. */ ecert = SEC_ASN1EncodeItem(arena, NULL, &scert, CERT_SignedDataTemplate); if (ecert == NULL) { cm_log(1, "Unable to encode signed certificate.\n"); _exit(1); } /* Encode the certificate as base64. */ b64 = NSSBase64_EncodeItem(arena, NULL, -1, ecert); if (b64 == NULL) { cm_log(1, "Unable to b64-encode certificate.\n"); _exit(1); } /* Send the certificate to our parent. */ status = fdopen(fd, "w"); if (status == NULL) { cm_log(1, "Internal error.\n"); _exit(errno); } fprintf(status, "-----BEGIN CERTIFICATE-----\n"); p = b64; while (*p != '\0') { q = p + strcspn(p, "\r\n"); fprintf(status, "%.*s\n", (int) (q - p), p); p = q + strspn(q, "\r\n"); } fprintf(status, "-----END CERTIFICATE-----\n"); fclose(status); if (keys->pubkey != NULL) { SECKEY_DestroyPublicKey(keys->pubkey); } if (keys->privkey != NULL) { SECKEY_DestroyPrivateKey(keys->privkey); } if (keys->pubkey_next != NULL) { SECKEY_DestroyPublicKey(keys->pubkey_next); } if (keys->privkey_next != NULL) { SECKEY_DestroyPrivateKey(keys->privkey_next); } PORT_FreeArena(arena, PR_TRUE); error = NSS_ShutdownContext(keys->ctx); PORT_FreeArena(keys->arena, PR_TRUE); if (error != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } return 0; } /* Save CA-specific identifier for our submitted request. */ static int cm_submit_sn_save_ca_cookie(struct cm_submit_state *state) { talloc_free(state->entry->cm_ca_cookie); state->entry->cm_ca_cookie = talloc_strdup(state->entry, state->entry->cm_key_storage_location); if (state->entry->cm_ca_cookie == NULL) { cm_log(1, "Out of memory.\n"); return ENOMEM; } return 0; } /* Check if an attempt to submit has completed. */ static int cm_submit_sn_ready(struct cm_submit_state *state) { return cm_subproc_ready(state->subproc); } /* Check if the certificate was issued. */ static int cm_submit_sn_issued(struct cm_submit_state *state) { const char *msg; int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { return -1; } msg = cm_subproc_get_msg(state->subproc, NULL); if ((strstr(msg, "-----BEGIN CERTIFICATE-----") != NULL) && (strstr(msg, "-----END CERTIFICATE-----") != NULL)) { talloc_free(state->entry->cm_cert); state->entry->cm_cert = talloc_strdup(state->entry, msg); return 0; } return -1; } /* Check if the signing request was rejected. */ static int cm_submit_sn_rejected(struct cm_submit_state *state) { return -1; /* it never gets rejected */ } /* Check if we need SCEP messages. */ static int cm_submit_sn_need_scep_messages(struct cm_submit_state *state) { return -1; /* nope */ } /* Check if we need to use a different key. */ static int cm_submit_sn_need_rekey(struct cm_submit_state *state) { return -1; /* nope */ } /* Check if the CA was unreachable. */ static int cm_submit_sn_unreachable(struct cm_submit_state *state) { return -1; /* uh, we're the CA */ } /* Check if the CA was unconfigured. */ static int cm_submit_sn_unconfigured(struct cm_submit_state *state) { return -1; /* uh, we're the CA */ } /* Check if the CA is something we can ask for certificates. */ static int cm_submit_sn_unsupported(struct cm_submit_state *state) { return -1; /* uh, we're the CA */ } /* Done talking to the CA. */ static void cm_submit_sn_done(struct cm_submit_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start CSR submission using parameters stored in the entry. */ struct cm_submit_state * cm_submit_sn_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { struct cm_submit_state *state; if (entry->cm_key_storage_type != cm_key_storage_nssdb) { cm_log(1, "Wrong submission method: only keys stored " "in an NSS database can be used.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->save_ca_cookie = cm_submit_sn_save_ca_cookie; state->ready = cm_submit_sn_ready; state->issued = cm_submit_sn_issued; state->rejected = cm_submit_sn_rejected; state->need_scep_messages = cm_submit_sn_need_scep_messages; state->need_rekey = cm_submit_sn_need_rekey; state->unreachable = cm_submit_sn_unreachable; state->unconfigured = cm_submit_sn_unconfigured; state->unsupported = cm_submit_sn_unsupported; state->done = cm_submit_sn_done; state->delay = -1; state->entry = entry; state->subproc = cm_subproc_start(cm_submit_sn_main, state, ca, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { entry->cm_key_next_requested_count++; } else { entry->cm_key_requested_count++; } } return state; } certmonger-0.79.19/src/submit-so.c0000644000175000017500000001623214511314133016313 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "pin.h" #include "prefs.h" #include "prefs-o.h" #include "store.h" #include "store-int.h" #include "submit.h" #include "submit-int.h" #include "submit-o.h" #include "submit-u.h" #include "subproc.h" #include "tm.h" #include "util-o.h" static int cm_submit_so_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *userdata) { FILE *keyfp, *pem; EVP_PKEY *pkey; X509 *cert; char *pin; int status; long error; char buf[LINE_MAX]; time_t lifedelta; long life; time_t now; char *filename; util_o_init(); ERR_load_crypto_strings(); status = 1; cert = NULL; if (ca->cm_ca_internal_force_issue_time) { now = ca->cm_ca_internal_issue_time; } else { now = cm_time(NULL); } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { filename = util_build_next_filename(entry->cm_key_storage_location, entry->cm_key_next_marker); if (filename == NULL) { cm_log(1, "Error reading private key: %s.\n", strerror(errno)); keyfp = NULL; } else { keyfp = fopen(filename, "r"); } } else { filename = entry->cm_key_storage_location; keyfp = fopen(filename, "r"); } if (cm_submit_u_delta_from_string(cm_prefs_selfsign_validity_period(), now, &lifedelta) == 0) { life = lifedelta; } else { if (cm_submit_u_delta_from_string(CM_DEFAULT_CERT_LIFETIME, now, &lifedelta) == 0) { life = lifedelta; } else { life = 365 * 24 * 60 * 60; } } if (keyfp != NULL) { pkey = EVP_PKEY_new(); if (pkey != NULL) { if (cm_pin_read_for_key(entry, &pin) == 0) { pkey = PEM_read_PrivateKey(keyfp, NULL, NULL, pin); if (pkey != NULL) { status = cm_submit_o_sign(ca, entry->cm_csr, NULL, pkey, ca->cm_ca_internal_serial, now, life, &cert); } else { cm_log(1, "Error reading private key from " "'%s': %s.\n", filename, strerror(errno)); } } else { cm_log(1, "Error reading PIN.\n"); } EVP_PKEY_free(pkey); } else { cm_log(1, "Internal error.\n"); } fclose(keyfp); } else { cm_log(1, "Error opening key file '%s' for reading: %s.\n", filename, strerror(errno)); } if (status == 0) { pem = fdopen(fd, "w"); if (pem != NULL) { if (PEM_write_X509(pem, cert) == 0) { cm_log(1, "Error serializing certificate.\n"); status = -1; } fclose(pem); } } while ((error = ERR_get_error()) != 0) { ERR_error_string_n(error, buf, sizeof(buf)); cm_log(1, "%s\n", buf); } if (filename != NULL && filename != entry->cm_key_storage_location) { free(filename); } if (status != 0) { _exit(status); } return 0; } /* Save CA-specific identifier for our submitted request. */ static int cm_submit_so_save_ca_cookie(struct cm_submit_state *state) { talloc_free(state->entry->cm_ca_cookie); state->entry->cm_ca_cookie = talloc_strdup(state->entry, state->entry->cm_key_storage_location); if (state->entry->cm_ca_cookie == NULL) { cm_log(1, "Out of memory.\n"); return ENOMEM; } return 0; } /* Check if an attempt to submit has finished. */ static int cm_submit_so_ready(struct cm_submit_state *state) { return cm_subproc_ready(state->subproc); } /* Check if the certificate was issued. */ static int cm_submit_so_issued(struct cm_submit_state *state) { const char *msg; msg = cm_subproc_get_msg(state->subproc, NULL); if ((strstr(msg, "-----BEGIN CERTIFICATE-----") != NULL) && (strstr(msg, "-----END CERTIFICATE-----") != NULL)) { talloc_free(state->entry->cm_cert); state->entry->cm_cert = talloc_strdup(state->entry, msg); return 0; } return -1; } /* Check if the signing request was rejected. */ static int cm_submit_so_rejected(struct cm_submit_state *state) { int status; status = cm_subproc_get_exitstatus(state->subproc); if (!WIFEXITED(status) || (WEXITSTATUS(status) != 2)) { return -1; /* it should never get rejected */ } return 0; } /* Check if we need SCEP messages. */ static int cm_submit_so_need_scep_messages(struct cm_submit_state *state) { return -1; /* nope */ } /* Check if we need to use a different key. */ static int cm_submit_so_need_rekey(struct cm_submit_state *state) { return -1; /* nope */ } /* Check if the CA was unreachable. */ static int cm_submit_so_unreachable(struct cm_submit_state *state) { return -1; /* uh, we're the CA */ } /* Check if the CA was unconfigured. */ static int cm_submit_so_unconfigured(struct cm_submit_state *state) { return -1; /* uh, we're the CA */ } /* Check if the CA is something we can ask for certificates. */ static int cm_submit_so_unsupported(struct cm_submit_state *state) { return -1; /* uh, we're the CA */ } /* Done talking to the CA. */ static void cm_submit_so_done(struct cm_submit_state *state) { if (state->subproc != NULL) { cm_subproc_done(state->subproc); } talloc_free(state); } /* Start CSR submission using parameters stored in the entry. */ struct cm_submit_state * cm_submit_so_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { struct cm_submit_state *state; if (entry->cm_key_storage_type != cm_key_storage_file) { cm_log(1, "Wrong submission method: only keys stored " "in files can be used.\n"); return NULL; } state = talloc_ptrtype(entry, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->entry = entry; state->save_ca_cookie = cm_submit_so_save_ca_cookie; state->ready = cm_submit_so_ready; state->issued = cm_submit_so_issued; state->rejected = cm_submit_so_rejected; state->need_scep_messages = cm_submit_so_need_scep_messages; state->need_rekey = cm_submit_so_need_rekey; state->unreachable = cm_submit_so_unreachable; state->unconfigured = cm_submit_so_unconfigured; state->unsupported = cm_submit_so_unsupported; state->done = cm_submit_so_done; state->delay = -1; state->subproc = cm_subproc_start(cm_submit_so_main, state, ca, entry, NULL); if (state->subproc == NULL) { talloc_free(state); state = NULL; } if ((entry->cm_key_next_marker != NULL) && (strlen(entry->cm_key_next_marker) > 0)) { entry->cm_key_next_requested_count++; } else { entry->cm_key_requested_count++; } } return state; } certmonger-0.79.19/src/submit-u.c0000644000175000017500000002073014511314133016134 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_UUID #if defined(HAVE_UUID_H) #include #elif defined(HAVE_UUID_UUID_H) #include #endif #endif #include "log.h" #include "submit-u.h" #define BASE64_ALPHABET "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ "abcdefghijklmnopqrstuvwxyz" \ "0123456789" \ "+/=" static char * my_stpcpy(char *dest, const char *src) { size_t len; len = strlen(src); memcpy(dest, src, len); dest[len] = '\0'; return dest + len; } /* Read a CSR from a file. */ char * cm_submit_u_from_file(const char *filename) { FILE *fp; char *csr, *p, buf[BUFSIZ]; if ((filename == NULL) || (strcmp(filename, "-") == 0)) { fp = stdin; } else { fp = fopen(filename, "r"); if (fp == NULL) { fprintf(stderr, "Error opening \"%s\": %s.\n", filename, strerror(errno)); return NULL; } } csr = NULL; while (fgets(buf, sizeof(buf), fp) != NULL) { if (csr == NULL) { csr = strdup(buf); if (csr == NULL) { if (fp != stdin) { fclose(fp); } return NULL; } } else { p = malloc(strlen(csr) + sizeof(buf)); if (p == NULL) { if (fp != stdin) { fclose(fp); } free(csr); return NULL; } memcpy(my_stpcpy(p, csr), buf, sizeof(buf)); free(csr); csr = p; } } if (fp != stdin) { fclose(fp); } if (csr == NULL) { csr = strdup(""); } else { int length = strlen(csr); if (csr[length-1] != '\n') { length += 1; csr = realloc(csr, length + 1); if (csr == NULL) { return NULL; } csr[length - 1] = '\n'; csr[length] = '\0'; } } return csr; } /* Read a CSR from a file and return it as a single base64 blob. */ char * cm_submit_u_from_file_single(const char *filename) { char *csr, *p, *q; unsigned int i; const char *strip[] = { "-----BEGIN CERTIFICATE REQUEST-----", "-----END CERTIFICATE REQUEST-----", "-----BEGIN NEW CERTIFICATE REQUEST-----", "-----END NEW CERTIFICATE REQUEST-----", }; csr = cm_submit_u_from_file(filename); if (csr == NULL) { return NULL; } for (i = 0; i < sizeof(strip) / sizeof(strip[0]); i++) { while ((p = strstr(csr, strip[i])) != NULL) { q = p + strcspn(p, "\r\n"); memmove(p, q, strlen(q) + 1); } } q = strdup(csr); for (p = csr, i = 0; *p != '\0'; p++) { if (strchr("\r\n\t ", *p) == NULL) { q[i++] = *p; } } q[i] = '\0'; free(csr); return q; } /* Return a simple base64 string from a data item in PEM format or already in * simple base64 format. */ char * cm_submit_u_base64_from_text(const char *base64_or_pem) { const char *p, *q; char *ret, *s; int i; p = strstr(base64_or_pem, "-----BEGIN"); if (p != NULL) { q = p + 10; q += strcspn(q, "-"); p = q + strcspn(q, "\r\n"); q = strstr(p, "-----END"); if (q != NULL) { ret = malloc(q - p + 1); if (ret != NULL) { s = ret; for (i = 0; i < (q - p); i++) { if (strchr(BASE64_ALPHABET, p[i])) { *s++ = p[i]; } } *s++ = '\0'; } } else { ret = NULL; } return ret; } else { p = base64_or_pem; ret = malloc(strlen(p) + 1); if (ret != NULL) { s = ret; for (i = 0; p[i] != '\0'; i++) { if (strchr(BASE64_ALPHABET, p[i])) { *s++ = p[i]; } } *s++ = '\0'; } return ret; } } char * cm_submit_u_pem_from_base64(const char *what, int dos, const char *base64) { char *ret, *tmp, *p; const char *q; int i; const unsigned int width = 64; tmp = strdup(base64); if (tmp == NULL) { return NULL; } for (p = tmp, q = base64; *q != '\0'; q++) { if (strchr(BASE64_ALPHABET, *q)) { *p++ = *q; } } *p = '\0'; i = strlen("-----BEGIN -----\r\n" "-----END -----\r\n") + strlen(what) * 2 + strlen(tmp) + howmany(strlen(tmp), width) * 2; ret = malloc(i + 1); if (ret != NULL) { p = my_stpcpy(ret, "-----BEGIN "); p = my_stpcpy(p, what); p = my_stpcpy(p, dos ? "-----\r\n" : "-----\n"); q = tmp; while (strlen(q) > width) { memcpy(p, q, width); p += width; q += width; p = my_stpcpy(p, dos ? "\r\n" : "\n"); } if (strlen(q) > 0) { p = my_stpcpy(p, q); p = my_stpcpy(p, dos ? "\r\n" : "\n"); } p = my_stpcpy(p, "-----END "); p = my_stpcpy(p, what); strcpy(p, dos ? "-----\r\n" : "-----\n"); } free(tmp); return ret; } char * cm_submit_princ_realm_data(krb5_context ctx, krb5_principal princ) { #if HAVE_DECL_KRB5_PRINC_COMPONENT return (krb5_princ_realm(ctx, princ))->data; #else return princ->realm; #endif } int cm_submit_princ_realm_len(krb5_context ctx, krb5_principal princ) { #if HAVE_DECL_KRB5_PRINC_COMPONENT return (krb5_princ_realm(ctx, princ))->length; #else return strlen(princ->realm); #endif } char * cm_submit_u_url_encode(const char *plain) { const char *hexchars = "0123456789ABCDEF"; const char *unreserved = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789-_.~"; char *ret = malloc(strlen(plain) * 3 + 1); int i, j; unsigned int c; if (ret != NULL) { for (i = 0, j = 0; plain[i] != '\0'; i++) { c = ((unsigned char) plain[i]) & 0xff; if (strchr(unreserved, c) != NULL) { ret[j++] = plain[i]; } else { if (c == 32) { ret[j++] = '+'; } else { ret[j++] = '%'; ret[j++] = hexchars[(c & 0xf0) >> 4]; ret[j++] = hexchars[(c & 0x0f)]; } } } ret[j] = '\0'; } return ret; } #ifdef HAVE_UUID int cm_submit_uuid_fixed_for_testing = 0; int cm_submit_uuid_new(unsigned char uuid[16]) { uuid_t res; uuid_clear(res); if (cm_submit_uuid_fixed_for_testing) { int i; for (i = 0; i < 16; i++) { res[i] = i + 1; } } else { uuid_generate(res); } if (uuid_is_null(res)) { return -1; } /* For whatever reason, NSS assumes that any of the final bits which * are clear are unused rather than simply set to zero, so we force the * least significant bit to 1 to preserve the entire (hopefully still * unique) UUID. */ res[15] |= 1; memcpy(uuid, res, 16); return 0; } #endif /* Convert a delta string to a time_t. */ int cm_submit_u_delta_from_string(const char *deltas, time_t now, time_t *delta) { struct tm now_tm, *pnow; time_t start; int multiple, i, val, done, digits; unsigned char c; val = 0; digits = 0; done = 0; if (strlen(deltas) == 0) { return -1; } start = now; for (i = 0; !done; i++) { c = (unsigned char) deltas[i]; switch (c) { case '\0': done++; /* fall through */ case 's': multiple = 1; now += val * multiple; val = 0; break; case 'm': multiple = 60; now += val * multiple; val = 0; break; case 'h': multiple = 60 * 60; now += val * multiple; val = 0; break; case 'd': multiple = 60 * 60 * 24; now += val * multiple; val = 0; break; case 'w': multiple = 60 * 60 * 24 * 7; now += val * multiple; val = 0; break; case 'M': pnow = localtime_r(&now, &now_tm); if (pnow == NULL) { multiple = 60 * 60 * 24 * 30; now += val * multiple; } else { now_tm.tm_mon += val; now_tm.tm_year += (now_tm.tm_mon / 12); now_tm.tm_mon %= 12; now_tm.tm_isdst = -1; /* don't tell libc that * we "know" what's up * with DST for the time * in this structure */ now = mktime(&now_tm); } val = 0; break; case 'y': pnow = localtime_r(&now, &now_tm); if (pnow == NULL) { multiple = 60 * 60 * 24 * 365; now += val * multiple; } else { now_tm.tm_year += val; now = mktime(&now_tm); } val = 0; break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': val = (val * 10) + (c - '0'); digits++; break; default: /* just skip this character */ break; } } if (digits == 0) { return -1; } *delta = now + val - start; return 0; } certmonger-0.79.19/src/submit-u.h0000644000175000017500000000271614511314133016145 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmitu_h #define cmsubmitu_h char *cm_submit_u_from_file(const char *filename); char *cm_submit_u_from_file_single(const char *filename); char *cm_submit_princ_realm_data(krb5_context ctx, krb5_principal princ); int cm_submit_princ_realm_len(krb5_context ctx, krb5_principal princ); char *cm_submit_u_base64_from_text(const char *base64_or_pem); char *cm_submit_u_pem_from_base64(const char *what, int dos, const char *base64); char *cm_submit_u_url_encode(const char *plain); #ifdef HAVE_UUID /* Generate UUIDs. */ int cm_submit_uuid_new(unsigned char uuid[16]); extern int cm_submit_uuid_fixed_for_testing; #endif /* Convert a delta in string form to a time_t. */ int cm_submit_u_delta_from_string(const char *deltas, time_t now, time_t *delta); #endif certmonger-0.79.19/src/submit-x.c0000644000175000017500000006425314511314133016147 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2012,2013,2014,2015,2016 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "certext.h" #include "log.h" #include "submit-e.h" #include "submit-u.h" #include "submit-x.h" static char * get_error_message(krb5_context ctx, krb5_error_code kcode) { const char *ret; #ifdef HAVE_KRB5_GET_ERROR_MESSAGE ret = ctx ? krb5_get_error_message(ctx, kcode) : NULL; if (ret == NULL) { ret = error_message(kcode); } #else ret = error_message(kcode); #endif return strdup(ret); } char * cm_submit_x_ccache_realm(char **msg) { krb5_context ctx; krb5_ccache ccache; krb5_principal princ; krb5_error_code kret; krb5_data *data; char *ret; if (msg != NULL) { *msg = NULL; } kret = krb5_init_context(&ctx); if (kret != 0) { fprintf(stderr, "Error initializing Kerberos: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return NULL; } kret = krb5_cc_default(ctx, &ccache); if (kret != 0) { fprintf(stderr, "Error resolving default ccache: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return NULL; } kret = krb5_cc_get_principal(ctx, ccache, &princ); if (kret != 0) { fprintf(stderr, "Error reading default principal: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return NULL; } data = krb5_princ_realm(ctx, princ); if (data == NULL) { fprintf(stderr, "Error retrieving principal realm.\n"); if (msg != NULL) { *msg = "Error retrieving principal realm.\n"; } return NULL; } ret = malloc(data->length + 1); if (ret == NULL) { fprintf(stderr, "Out of memory for principal realm.\n"); if (msg != NULL) { *msg = "Out of memory for principal realm.\n"; } return NULL; } memcpy(ret, data->data, data->length); ret[data->length] = '\0'; return ret; } krb5_error_code cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg) { krb5_context ctx; krb5_keytab keytab; krb5_ccache ccache; krb5_creds creds; krb5_principal princ; krb5_error_code kret; krb5_get_init_creds_opt gicopts, *gicoptsp; char tgs[LINE_MAX], *ret; if (msg != NULL) { *msg = NULL; } kret = krb5_init_context(&ctx); if (kret != 0) { ret = get_error_message(ctx, kret); fprintf(stderr, "Error initializing Kerberos: %s.\n", ret); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } if (ktname != NULL) { kret = krb5_kt_resolve(ctx, ktname, &keytab); } else { kret = krb5_kt_default(ctx, &keytab); } if (kret != 0) { fprintf(stderr, "Error resolving keytab: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } princ = NULL; if (principal != NULL) { kret = krb5_parse_name(ctx, principal, &princ); if (kret != 0) { fprintf(stderr, "Error parsing \"%s\": %s.\n", principal, ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } } else { kret = krb5_sname_to_principal(ctx, NULL, NULL, KRB5_NT_SRV_HST, &princ); if (kret != 0) { fprintf(stderr, "Error building client name: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } } strcpy(tgs, KRB5_TGS_NAME); snprintf(tgs + strlen(tgs), sizeof(tgs) - strlen(tgs), "/%.*s", cm_submit_princ_realm_len(ctx, princ), cm_submit_princ_realm_data(ctx, princ)); snprintf(tgs + strlen(tgs), sizeof(tgs) - strlen(tgs), "@%.*s", cm_submit_princ_realm_len(ctx, princ), cm_submit_princ_realm_data(ctx, princ)); memset(&creds, 0, sizeof(creds)); #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC memset(&gicopts, 0, sizeof(gicopts)); gicoptsp = NULL; kret = krb5_get_init_creds_opt_alloc(ctx, &gicoptsp); if (kret != 0) { fprintf(stderr, "Internal error: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } #else krb5_get_init_creds_opt_init(&gicopts); gicoptsp = &gicopts; #endif krb5_get_init_creds_opt_set_forwardable(gicoptsp, 1); kret = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, tgs, gicoptsp); #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt_free(ctx, gicoptsp); #endif if (kret != 0) { fprintf(stderr, "Error obtaining initial credentials: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } ccache = NULL; kret = krb5_cc_resolve(ctx, "MEMORY:" PACKAGE_NAME "_submit", &ccache); if (kret == 0) { kret = krb5_cc_initialize(ctx, ccache, creds.client); } if (kret != 0) { fprintf(stderr, "Error initializing credential cache: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } kret = krb5_cc_store_cred(ctx, ccache, &creds); if (kret != 0) { fprintf(stderr, "Error storing creds in credential cache: %s.\n", ret = get_error_message(ctx, kret)); if (msg != NULL) { *msg = ret; } else { free(ret); } return kret; } krb5_cc_close(ctx, ccache); krb5_kt_close(ctx, keytab); krb5_free_principal(ctx, princ); krb5_free_context(ctx); putenv("KRB5CCNAME=MEMORY:" PACKAGE_NAME "_submit"); return 0; } struct cm_submit_x_context { xmlrpc_env xenv; xmlrpc_server_info *server; struct xmlrpc_clientparms cparams; struct xmlrpc_curl_xportparms xparams; xmlrpc_client_transport *xtransport; xmlrpc_client *client; const char *method; xmlrpc_value *params, *namedarg, *results; unsigned int fault_occurred:1; int fault_code; const char *fault_text; }; struct cm_submit_x_context * cm_submit_x_init(void *parent, const char *uri, const char *method, const char *cainfo, const char *capath, const char *uid, const char *pwd, enum cm_submit_x_opt_negotiate negotiate, enum cm_submit_x_opt_delegate delegate) { struct cm_submit_x_context *ctx; ctx = talloc_ptrtype(parent, ctx); if (ctx == NULL) { return NULL; } memset(ctx, 0, sizeof(*ctx)); xmlrpc_env_init(&ctx->xenv); xmlrpc_client_setup_global_const(&ctx->xenv); ctx->server = xmlrpc_server_info_new(&ctx->xenv, uri); if (ctx->server == NULL) { talloc_free(ctx); return NULL; } xmlrpc_server_info_set_user(&ctx->xenv, ctx->server, "", ""); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d faking up basic auth: (%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } if (negotiate == cm_submit_x_negotiate_on) { xmlrpc_server_info_allow_auth_negotiate(&ctx->xenv, ctx->server); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d turning on negotiate auth: " "(%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } } else { xmlrpc_server_info_disallow_auth_negotiate(&ctx->xenv, ctx->server); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d turning off negotiate auth: " "(%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } } if ((uid != NULL) && (pwd != NULL) && (strlen(uid) > 0) && (strlen(pwd) > 0)) { xmlrpc_server_info_allow_auth_basic(&ctx->xenv, ctx->server); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d turning on basic auth: " "(%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } } else { xmlrpc_server_info_disallow_auth_basic(&ctx->xenv, ctx->server); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d turning off basic auth: " "(%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } } memset(&ctx->xparams, 0, sizeof(ctx->xparams)); ctx->xparams.cainfo = talloc_strdup(ctx, cainfo); ctx->xparams.capath = talloc_strdup(ctx, capath); /* Use a specially-crafted User-Agent value to pass along a * Referer header so the request won't be rejected by the remote * IPA server. */ ctx->xparams.user_agent = talloc_asprintf(ctx, "%s/%s\r\nReferer: %s\r\nX-Original-User-Agent:", PACKAGE_NAME, PACKAGE_VERSION, uri); #ifdef HAVE_STRUCT_XMLRPC_CURL_XPORTPARMS_GSSAPI_DELEGATION if ((negotiate == cm_submit_x_negotiate_on) && (delegate == cm_submit_x_delegate_on)) { ctx->xparams.gssapi_delegation = TRUE; } #endif (*xmlrpc_curl_transport_ops.create)(&ctx->xenv, 0, PACKAGE_NAME, PACKAGE_VERSION, &ctx->xparams, sizeof(ctx->xparams), &ctx->xtransport); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d: (%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } if (ctx->xtransport != NULL) { memset(&ctx->cparams, 0, sizeof(ctx->cparams)); ctx->cparams.transportOpsP = &xmlrpc_curl_transport_ops; ctx->cparams.transportP = ctx->xtransport; xmlrpc_client_create(&ctx->xenv, XMLRPC_CLIENT_NO_FLAGS, PACKAGE_NAME, PACKAGE_VERSION, &ctx->cparams, sizeof(ctx->cparams), &ctx->client); if (ctx->client == NULL) { talloc_free(ctx); } } ctx->params = xmlrpc_array_new(&ctx->xenv); ctx->namedarg = xmlrpc_struct_new(&ctx->xenv); ctx->results = NULL; ctx->method = talloc_strdup(ctx, method); return ctx; } void cm_submit_x_add_arg_s(struct cm_submit_x_context *ctx, const char *s) { xmlrpc_value *arg; arg = xmlrpc_string_new(&ctx->xenv, s); if (arg != NULL) { xmlrpc_array_append_item(&ctx->xenv, ctx->params, arg); } } void cm_submit_x_add_arg_as(struct cm_submit_x_context *ctx, const char **s) { xmlrpc_value *arg, *str; int i; arg = xmlrpc_array_new(&ctx->xenv); if (arg != NULL) { for (i = 0; (s != NULL) && (s[i] != NULL); i++) { str = xmlrpc_string_new(&ctx->xenv, s[i]); if (str != NULL) { xmlrpc_array_append_item(&ctx->xenv, arg, str); } } xmlrpc_array_append_item(&ctx->xenv, ctx->params, arg); } } void cm_submit_x_add_arg_b(struct cm_submit_x_context *ctx, int b) { xmlrpc_value *arg; arg = xmlrpc_bool_new(&ctx->xenv, b != 0); if (arg != NULL) { xmlrpc_array_append_item(&ctx->xenv, ctx->params, arg); } } void cm_submit_x_add_named_arg_s(struct cm_submit_x_context *ctx, const char *name, const char *s) { xmlrpc_value *arg; arg = xmlrpc_string_new(&ctx->xenv, s); if (arg != NULL) { xmlrpc_struct_set_value(&ctx->xenv, ctx->namedarg, name, arg); } } void cm_submit_x_add_named_arg_b(struct cm_submit_x_context *ctx, const char *name, int b) { xmlrpc_value *arg; arg = xmlrpc_bool_new(&ctx->xenv, b != 0); if (arg != NULL) { xmlrpc_struct_set_value(&ctx->xenv, ctx->namedarg, name, arg); } } void cm_submit_x_run(struct cm_submit_x_context *ctx) { if (xmlrpc_struct_size(&ctx->xenv, ctx->namedarg) > 0) { xmlrpc_array_append_item(&ctx->xenv, ctx->params, ctx->namedarg); } ctx->results = NULL; xmlrpc_client_call2(&ctx->xenv, ctx->client, ctx->server, ctx->method, ctx->params, &ctx->results); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d: (%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); ctx->fault_occurred = TRUE; ctx->fault_code = ctx->xenv.fault_code; ctx->fault_text = talloc_strdup(ctx, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } else { ctx->fault_occurred = FALSE; ctx->fault_code = 0; ctx->fault_text = NULL; } } int cm_submit_x_has_results(struct cm_submit_x_context *ctx) { return (ctx->results != NULL) ? 0 : -1; } int cm_submit_x_faulted(struct cm_submit_x_context *ctx) { return ctx->fault_occurred ? 0 : -1; } int cm_submit_x_fault_code(struct cm_submit_x_context *ctx) { return ctx->fault_occurred ? ctx->fault_code : -1; } const char * cm_submit_x_fault_text(struct cm_submit_x_context *ctx) { return ctx->fault_occurred ? ctx->fault_text : NULL; } int cm_submit_x_get_bss(struct cm_submit_x_context *ctx, int *b, char **s1, char **s2) { const char *p; xmlrpc_bool boo; xmlrpc_value *arg; *b = 0; *s1 = NULL; *s2 = NULL; if (xmlrpc_value_type(ctx->results) != XMLRPC_TYPE_ARRAY) { return -1; } xmlrpc_array_read_item(&ctx->xenv, ctx->results, 0, &arg); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } else { xmlrpc_read_bool(&ctx->xenv, arg, &boo); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *b = boo; } xmlrpc_array_read_item(&ctx->xenv, ctx->results, 1, &arg); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } else { xmlrpc_read_string(&ctx->xenv, arg, &p); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *s1 = talloc_strdup(ctx, p); } xmlrpc_array_read_item(&ctx->xenv, ctx->results, 2, &arg); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } else { xmlrpc_read_string(&ctx->xenv, arg, &p); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *s2 = talloc_strdup(ctx, p); } return 0; } int cm_submit_x_get_b(struct cm_submit_x_context *ctx, int idx, int *b) { xmlrpc_bool boo; xmlrpc_value *arg; *b = 0; if (xmlrpc_value_type(ctx->results) != XMLRPC_TYPE_ARRAY) { return -1; } xmlrpc_array_read_item(&ctx->xenv, ctx->results, idx, &arg); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } else { xmlrpc_read_bool(&ctx->xenv, arg, &boo); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *b = boo; } return 0; } int cm_submit_x_get_s(struct cm_submit_x_context *ctx, int idx, char **s) { const char *p; xmlrpc_value *arg; *s = NULL; if (xmlrpc_value_type(ctx->results) != XMLRPC_TYPE_ARRAY) { return -1; } xmlrpc_array_read_item(&ctx->xenv, ctx->results, idx, &arg); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } else { xmlrpc_read_string(&ctx->xenv, arg, &p); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *s = talloc_strdup(ctx, p); } return 0; } static xmlrpc_value * cm_submit_x_get_struct(struct cm_submit_x_context *ctx) { int i; xmlrpc_value *arg; if (xmlrpc_value_type(ctx->results) == XMLRPC_TYPE_STRUCT) { return ctx->results; } if (xmlrpc_value_type(ctx->results) != XMLRPC_TYPE_ARRAY) { return NULL; } for (i = 0;; i++) { xmlrpc_array_read_item(&ctx->xenv, ctx->results, i, &arg); if (arg == NULL) { break; } if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return NULL; } if (xmlrpc_value_type(arg) == XMLRPC_TYPE_STRUCT) { return arg; } } if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return NULL; } return NULL; } int cm_submit_x_get_named_n(struct cm_submit_x_context *ctx, const char *name, int *n) { int i; xmlrpc_value *arg, *val, *result; *n = 0; arg = cm_submit_x_get_struct(ctx); if (arg == NULL) { return -1; } xmlrpc_struct_find_value(&ctx->xenv, arg, name, &val); if (val == NULL) { xmlrpc_struct_find_value(&ctx->xenv, arg, "result", &result); if (result == NULL) { return -1; } if (xmlrpc_value_type(result) != XMLRPC_TYPE_STRUCT) { return -1; } xmlrpc_struct_find_value(&ctx->xenv, result, name, &val); if (val == NULL) { return -1; } } if (xmlrpc_value_type(val) != XMLRPC_TYPE_INT) { fprintf(stderr, "Expected value \"%s\" is not an integer.\n", name); return -1; } xmlrpc_read_int(&ctx->xenv, val, &i); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *n = i; return 0; } int cm_submit_x_get_named_b(struct cm_submit_x_context *ctx, const char *name, int *b) { xmlrpc_bool boo; xmlrpc_value *arg, *val, *result; *b = 0; arg = cm_submit_x_get_struct(ctx); if (arg == NULL) { return -1; } xmlrpc_struct_find_value(&ctx->xenv, arg, name, &val); if (val == NULL) { xmlrpc_struct_find_value(&ctx->xenv, arg, "result", &result); if (result == NULL) { return -1; } if (xmlrpc_value_type(result) != XMLRPC_TYPE_STRUCT) { return -1; } xmlrpc_struct_find_value(&ctx->xenv, result, name, &val); if (val == NULL) { return -1; } } if (xmlrpc_value_type(val) != XMLRPC_TYPE_BOOL) { fprintf(stderr, "Expected value \"%s\" is not a boolean.\n", name); return -1; } xmlrpc_read_bool(&ctx->xenv, val, &boo); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *b = boo; return 0; } int cm_submit_x_get_named_s(struct cm_submit_x_context *ctx, const char *name, char **s) { const char *p; char *tmp; const unsigned char *binary; size_t length; xmlrpc_value *arg, *val, *result; *s = NULL; arg = cm_submit_x_get_struct(ctx); if (arg == NULL) { return -1; } xmlrpc_struct_find_value(&ctx->xenv, arg, name, &val); if (val == NULL) { xmlrpc_struct_find_value(&ctx->xenv, arg, "result", &result); if (result == NULL) { return -1; } if (xmlrpc_value_type(result) != XMLRPC_TYPE_STRUCT) { return -1; } xmlrpc_struct_find_value(&ctx->xenv, result, name, &val); if (val == NULL) { return -1; } } if (xmlrpc_value_type(val) != XMLRPC_TYPE_STRING) { if (xmlrpc_value_type(val) == XMLRPC_TYPE_BASE64) { xmlrpc_read_base64(&ctx->xenv, val, &length, &binary); tmp = talloc_strndup(ctx, (const char *) binary, length); if (strlen(tmp) == length) { *s = tmp; return 0; } else { fprintf(stderr, "Expected value \"%s\" is " "not a string.\n", name); return -1; } } else { fprintf(stderr, "Expected value \"%s\" is not a string.\n", name); return -1; } } xmlrpc_read_string(&ctx->xenv, val, &p); if (ctx->xenv.fault_occurred) { xmlrpc_env_clean(&ctx->xenv); return -1; } *s = talloc_strdup(ctx, p); return 0; } #ifdef CM_SUBMIT_X_MAIN int main(int argc, const char **argv) { int i, j, c, ret, k5 = FALSE, make_ccache = TRUE, verbose = 0; xmlrpc_int64 i8; int32_t i32; const char *uri = NULL, *method = NULL, *ktname = NULL, *kpname = NULL; const char *s, *cainfo = NULL, *capath = NULL, *csrfile, *dictval; const char *uid = NULL, *pwd = NULL; char *csr, *p, *skey, *sval, *s1, *s2; struct cm_submit_x_context *ctx; xmlrpc_value *arg, *key, *val; xmlrpc_bool boo; poptContext pctx; struct poptOption popts[] = { {"uri", 's', POPT_ARG_STRING, &uri, 0, "server location", "URI"}, {"method", 'm', POPT_ARG_STRING, &method, 0, "RPC to call", "METHOD"}, {"user", 'U', POPT_ARG_STRING, &uid, 0, "basic user name", "NAME"}, {"password", 'P', POPT_ARG_STRING, &pwd, 0, "basic password", "PASSWORD"}, {"kerberos", 'k', POPT_ARG_NONE, NULL, 'k', "use Negotiate authentication", NULL}, {"no-make-ccache", 'K', POPT_ARG_NONE, NULL, 'K', "use creds from default ccache instead of using the keytab", NULL}, {"keytab", 't', POPT_ARG_STRING, &ktname, 0, "keytab to use to obtain creds", "KEYTAB"}, {"principal", 'p', POPT_ARG_STRING, &kpname, 0, "client for whom creds will be obtained", "PRINCIPAL"}, {"capath", 'C', POPT_ARG_STRING, &capath, 0, NULL, NULL}, {"cafile", 'c', POPT_ARG_STRING, &cainfo, 0, NULL, NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("submit-x", argc, argv, popts, 0); if (pctx == NULL) { return CM_SUBMIT_STATUS_UNCONFIGURED; } poptSetOtherOptionHelp(pctx, "[options...] [values...]"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'k': k5 = TRUE; uid = NULL; pwd = NULL; break; case 'U': case 'P': k5 = FALSE; break; case 'K': make_ccache = FALSE; break; case 'v': verbose++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } cm_log_set_method(cm_log_stderr); cm_log_set_level(verbose); if (uri == NULL) { printf("No URI (-s) set.\n"); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } if (method == NULL) { printf("No method (-m) set.\n"); poptPrintUsage(pctx, stdout, 0); return CM_SUBMIT_STATUS_UNCONFIGURED; } ret = CM_SUBMIT_STATUS_UNREACHABLE; /* Read the CSR from the environment, or from the command-line. */ csr = getenv(CM_SUBMIT_CSR_ENV); csrfile = poptGetArg(pctx); if (csrfile != NULL) { csr = cm_submit_u_from_file(csrfile); } if (csr == NULL) { fprintf(stderr, "Error reading certificate signing request.\n"); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Clean up the CSR. */ if (strcmp(method, "wait_for_cert") == 0) { /* certmaster rewrites the incoming request to its cache * previously-received requests, and in doing so uses a * different PEM header than the one we default to using. So * turn any "NEW CERTIFICATE REQUEST" notes into "CERTIFICATE * REQUEST" before sending them. */ while ((p = strstr(csr, "NEW CERTIFICATE REQUEST")) != NULL) { memmove(p, p + 4, strlen(p + 4) + 1); } } if (strcmp(method, "cert_request") == 0) { /* IPA just wants base64-encoded binary data, no whitepace */ p = strstr(csr, "-----BEGIN"); if (p != NULL) { p += strcspn(p, "\n"); if (*p == '\n') { p++; } memmove(csr, p, strlen(p) + 1); } p = strstr(csr, "\n-----END"); if (p != NULL) { *p = '\0'; } while ((p = strchr(csr, '\r')) != NULL) { memmove(p, p + 1, strlen(p)); } while ((p = strchr(csr, '\n')) != NULL) { memmove(p, p + 1, strlen(p)); } } /* Initialize for XML-RPC. */ ctx = cm_submit_x_init(NULL, uri, method, cainfo, capath, uid, pwd, k5 || (kpname != NULL) || (ktname != NULL) ? cm_submit_x_negotiate_on : cm_submit_x_negotiate_off, k5 || (kpname != NULL) || (ktname != NULL) ? cm_submit_x_delegate_on : cm_submit_x_delegate_off); if (ctx == NULL) { fprintf(stderr, "Error setting up for XMLRPC.\n"); return CM_SUBMIT_STATUS_UNCONFIGURED; } /* Both servers take the CSR, in their preferred format, first. */ cm_submit_x_add_arg_s(ctx, csr); /* Maybe we need a ccache. */ if (k5 || (kpname != NULL) || (ktname != NULL)) { if (!make_ccache) { cm_submit_x_make_ccache(ktname, kpname, NULL); } } /* Add additional arguments as dict values. */ while ((dictval = poptGetArg(pctx)) != NULL) { skey = strdup(dictval); sval = skey + strcspn(skey, "="); if (*sval != '\0') { *sval++ = '\0'; } if (strcasecmp(sval, "true") == 0) { cm_submit_x_add_named_arg_b(ctx, skey, 1); } else if (strcasecmp(sval, "false") == 0) { cm_submit_x_add_named_arg_b(ctx, skey, 0); } else { cm_submit_x_add_named_arg_s(ctx, skey, sval); } free(skey); } /* Submit the request. */ cm_submit_x_run(ctx); /* Check the results. */ if (cm_submit_x_has_results(ctx) == 0) { for (i = 0; (xmlrpc_value_type(ctx->results) == XMLRPC_TYPE_ARRAY) && (i < xmlrpc_array_size(&ctx->xenv, ctx->results)); i++) { xmlrpc_array_read_item(&ctx->xenv, ctx->results, i, &arg); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d: (%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } else { switch (xmlrpc_value_type(arg)) { case XMLRPC_TYPE_BOOL: xmlrpc_read_bool(&ctx->xenv, arg, &boo); printf("b: %s\n", boo ? "true" : "false"); break; case XMLRPC_TYPE_STRING: xmlrpc_read_string(&ctx->xenv, arg, &s); printf("s: %s\n", s); break; case XMLRPC_TYPE_I8: xmlrpc_read_i8(&ctx->xenv, arg, &i8); printf("n: %lld\n", (long long) i8); break; case XMLRPC_TYPE_INT: xmlrpc_read_int(&ctx->xenv, arg, &i32); printf("n: %ld\n", (long) i32); break; case XMLRPC_TYPE_STRUCT: for (j = 0; j < xmlrpc_struct_size(&ctx->xenv, arg); j++) { xmlrpc_struct_read_member(&ctx->xenv, arg, j, &key, &val); xmlrpc_read_string(&ctx->xenv, key, &s); if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d: (%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } else { skey = (char *) s; switch (xmlrpc_value_type(val)) { case XMLRPC_TYPE_BOOL: xmlrpc_read_bool(&ctx->xenv, val, &boo); printf("%s: b: %s\n", skey, boo ? "true" : "false"); break; case XMLRPC_TYPE_STRING: xmlrpc_read_string(&ctx->xenv, arg, &s); printf("%s: s: %s\n", skey, s); break; case XMLRPC_TYPE_I8: xmlrpc_read_i8(&ctx->xenv, val, &i8); printf("%s: n: %lld\n", skey, (long long) i8); break; case XMLRPC_TYPE_INT: xmlrpc_read_int(&ctx->xenv, val, &i32); printf("%s: n: %ld\n", skey, (long) i32); break; default: break; } } } break; default: break; } if (ctx->xenv.fault_occurred) { fprintf(stderr, "Fault %d: (%s).\n", ctx->xenv.fault_code, ctx->xenv.fault_string); xmlrpc_env_clean(&ctx->xenv); } } } } /* Try formatted output, specific. */ if ((cm_submit_x_has_results(ctx) == 0) && (strcmp(method, "wait_for_cert") == 0)) { if (cm_submit_x_get_bss(ctx, &i, &s1, &s2) == 0) { printf("BSS: OK\nb: %s\ns1 = \"%s\"\ns2 = \"%s\"\n", i ? "true" : "false", s1, s2); } } if ((cm_submit_x_has_results(ctx) == 0) && (strcmp(method, "cert_request") == 0)) { if (cm_submit_x_get_named_n(ctx, "status", &i) == 0) { printf("Status: %d\n", i); } if (cm_submit_x_get_named_s(ctx, "certificate", &s1) == 0) { printf("Certificate: \"%s\"\n", s1); } } return ret; } #endif certmonger-0.79.19/src/submit-x.h0000644000175000017500000000517014511314133016145 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmitx_h #define cmsubmitx_h krb5_error_code cm_submit_x_make_ccache(const char *ktname, const char *principal, char **error_msg); char *cm_submit_x_ccache_realm(char **error_msg); struct cm_submit_x_context; enum cm_submit_x_opt_negotiate { cm_submit_x_negotiate_off, cm_submit_x_negotiate_on }; enum cm_submit_x_opt_delegate { cm_submit_x_delegate_off, cm_submit_x_delegate_on }; struct cm_submit_x_context *cm_submit_x_init(void *parent, const char *uri, const char *method, const char *cainfo, const char *capath, const char *uid, const char *pwd, enum cm_submit_x_opt_negotiate neg, enum cm_submit_x_opt_delegate del); void cm_submit_x_run(struct cm_submit_x_context *ctx); int cm_submit_x_has_results(struct cm_submit_x_context *ctx); int cm_submit_x_faulted(struct cm_submit_x_context *ctx); int cm_submit_x_fault_code(struct cm_submit_x_context *ctx); const char *cm_submit_x_fault_text(struct cm_submit_x_context *ctx); void cm_submit_x_add_arg_s(struct cm_submit_x_context *ctx, const char *s); void cm_submit_x_add_arg_as(struct cm_submit_x_context *ctx, const char **s); void cm_submit_x_add_arg_b(struct cm_submit_x_context *ctx, int b); void cm_submit_x_add_named_arg_s(struct cm_submit_x_context *ctx, const char *name, const char *s); void cm_submit_x_add_named_arg_b(struct cm_submit_x_context *ctx, const char *name, int b); int cm_submit_x_get_bss(struct cm_submit_x_context *ctx, int *b, char **s1, char **s2); int cm_submit_x_get_b(struct cm_submit_x_context *ctx, int idx, int *b); int cm_submit_x_get_s(struct cm_submit_x_context *ctx, int idx, char **s); int cm_submit_x_get_named_n(struct cm_submit_x_context *ctx, const char *name, int *n); int cm_submit_x_get_named_b(struct cm_submit_x_context *ctx, const char *name, int *b); int cm_submit_x_get_named_s(struct cm_submit_x_context *ctx, const char *name, char **s); #endif certmonger-0.79.19/src/submit.c0000644000175000017500000001133614511314133015674 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include "log.h" #include "submit.h" #include "submit-int.h" #include "store-int.h" #include "subproc.h" /* Start CSR submission using parameters stored in the entry. */ struct cm_submit_state * cm_submit_start(struct cm_store_ca *ca, struct cm_store_entry *entry) { if (ca == NULL) { if (entry != NULL) { if (entry->cm_ca_nickname != NULL) { cm_log(1, "No matching CA \"%s\" for " "%s('%s').\n", entry->cm_ca_nickname, entry->cm_busname, entry->cm_nickname); } else { cm_log(1, "No matching CA for %s('%s').\n", entry->cm_busname, entry->cm_nickname); } } else { cm_log(1, "No matching CA.\n"); } return NULL; } talloc_free(entry->cm_ca_error); entry->cm_ca_error = NULL; switch (ca->cm_ca_type) { case cm_ca_internal_self: switch (entry->cm_key_storage_type) { case cm_key_storage_none: cm_log(1, "Can't self-sign %s('%s') without access to " "the private key.\n", entry->cm_busname, entry->cm_nickname); break; #ifdef HAVE_OPENSSL case cm_key_storage_file: return cm_submit_so_start(ca, entry); break; #endif #ifdef HAVE_NSS case cm_key_storage_nssdb: return cm_submit_sn_start(ca, entry); break; #endif } break; case cm_ca_external: if (ca->cm_ca_external_helper == NULL) { cm_log(1, "No helper defined for CA %s('%s').\n", entry->cm_busname, entry->cm_nickname); return NULL; } return cm_submit_e_start(ca, entry); } return NULL; } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_submit_get_fd(struct cm_submit_state *state) { return cm_subproc_get_fd(state->subproc); } /* Check if the CSR was submitted to the CA yet, or we figured out that it * wasn't possible to accomplish it. */ int cm_submit_ready(struct cm_submit_state *state) { return (*state->ready)(state); } /* Save CA-specific identifier for our submitted request. */ int cm_submit_save_ca_cookie(struct cm_submit_state *state) { return (*state->save_ca_cookie)(state); } /* Clear CA-specific identifier for our submitted request. */ int cm_submit_clear_ca_cookie(struct cm_submit_state *state) { talloc_free(state->entry->cm_ca_cookie); state->entry->cm_ca_cookie = NULL; return 0; } /* Check if the certificate was issued. */ int cm_submit_issued(struct cm_submit_state *state) { return (*state->issued)(state); } /* Check if the certificate was rejected. */ int cm_submit_rejected(struct cm_submit_state *state) { return (*state->rejected)(state); } /* Check if we need SCEP-specific data to be generated. */ int cm_submit_need_scep_messages(struct cm_submit_state *state) { return (*state->need_scep_messages)(state); } /* Check if we need to generate a new key and try again. */ int cm_submit_need_rekey(struct cm_submit_state *state) { return (*state->need_rekey)(state); } /* Check if we're unconfigured or underconfigured. */ int cm_submit_unconfigured(struct cm_submit_state *state) { return (*state->unconfigured)(state); } /* Check if we don't support requesting certificates. */ int cm_submit_unsupported(struct cm_submit_state *state) { return (*state->unsupported)(state); } /* Check if the CA was unreachable. */ int cm_submit_unreachable(struct cm_submit_state *state) { return (*state->unreachable)(state); } /* Done talking to the CA. */ void cm_submit_done(struct cm_submit_state *state) { (*state->done)(state); } /* How long should we wait before talking to the CA again? */ int cm_submit_specified_delay(struct cm_submit_state *state) { return state->delay; } /* Concatenate some strings. */ char * cm_submit_maybe_joinv(void *parent, const char *sep, char **s) { int i, l; char *ret = NULL; for (i = 0, l = 0; (s != NULL) && (s[i] != NULL); i++) { l += i ? strlen(sep) + strlen(s[i]) : strlen(s[i]); } if (l > 0) { ret = talloc_zero_size(parent, l + 1); if (ret != NULL) { for (i = 0; s[i] != NULL; i++) { if (i > 0) { strcat(ret, sep); } strcat(ret, s[i]); } } } return ret; } certmonger-0.79.19/src/submit.h0000644000175000017500000000463514511314133015705 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubmit_h #define cmsubmit_h struct cm_submit_state; struct cm_store_entry; struct cm_store_ca; /* Start CSR submission using parameters stored in the entry. If we have a * cookie in the entry, poll for its status. */ struct cm_submit_state *cm_submit_start(struct cm_store_ca *ca, struct cm_store_entry *entry); /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_submit_get_fd(struct cm_submit_state *state); /* Check if either the CSR was submitted to the CA yet, or we figured out that * we weren't going to be able to send it. */ int cm_submit_ready(struct cm_submit_state *state); /* Save CA-specific identifier for our submitted request. */ int cm_submit_save_ca_cookie(struct cm_submit_state *state); /* Clear CA-specific identifier for our submitted request. */ int cm_submit_clear_ca_cookie(struct cm_submit_state *state); /* If we need to poll again, any non-negative value is the polling interval. */ int cm_submit_specified_delay(struct cm_submit_state *state); /* Check if the certificate was issued. */ int cm_submit_issued(struct cm_submit_state *state); /* Check if the certificate request was rejected. */ int cm_submit_rejected(struct cm_submit_state *state); /* Check if the CA was unreachable. */ int cm_submit_unreachable(struct cm_submit_state *state); /* Check if we're missing some configuration. */ int cm_submit_unconfigured(struct cm_submit_state *state); /* Check if we need SCEP-specific data to be generated. */ int cm_submit_need_scep_messages(struct cm_submit_state *state); /* Check if the CA says we need a new key. */ int cm_submit_need_rekey(struct cm_submit_state *state); /* Done talking to the CA. */ void cm_submit_done(struct cm_submit_state *state); #endif certmonger-0.79.19/src/subproc.c0000644000175000017500000002646314511314133016055 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "env.h" #include "log.h" #include "subproc.h" extern char **environ; #ifndef HAVE_CLEARENV static void clear_environment(void) { environ = NULL; } #else static void clear_environment(void) { clearenv(); } #endif #define GROW_SIZE 0x2000 struct cm_subproc_state { pid_t pid; char *msg; int fd, count, bufsize, status; }; static size_t cm_subproc_propagate_environment(const char *p) { size_t equal; equal = strcspn(p, "="); if ((strlen("DBUS_SESSION_BUS_ADDRESS") == equal) && (strncmp(p, "DBUS_SESSION_BUS_ADDRESS", equal) == 0)) { return equal; } if ((strlen(CERTMONGER_PVT_ADDRESS_ENV) == equal) && (strncmp(p, CERTMONGER_PVT_ADDRESS_ENV, equal) == 0)) { return equal; } if ((strlen("LANG") == equal) && (strncmp(p, "LANG", equal) == 0)) { return equal; } if ((equal > 4) && (strncmp(p, "LC_", 3) == 0)) { return equal; } if ((equal > 6) && ((strncmp(p + equal - 6, "_PROXY", 6) == 0) || (strncmp(p + equal - 6, "_proxy", 6) == 0))) { return equal; } return 0; } /* Start the passed callback in a subprocess, with a pipe that it can use to * send data back to us. If the callback exits, it must do so by calling * _exit() or exec(), to avoid calling exit handlers registered by libraries * that we use, which will screw us up. Pretty much every bit of work that we * can't do quickly is done this way. */ struct cm_subproc_state * cm_subproc_start(int (*cb)(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *data), void *parent, struct cm_store_ca *ca, struct cm_store_entry *entry, void *data) { struct cm_subproc_state *state; int fds[2]; unsigned int i, childenvs; long flags; char *configdir, *tmpdir, *tmp, *homedir, *local; char *p, **childenv; state = talloc_ptrtype(parent, state); if (state != NULL) { memset(state, 0, sizeof(*state)); state->fd = -1; state->msg = NULL; state->status = -1; if (pipe(fds) != -1) { fflush(NULL); state->pid = fork(); switch (state->pid) { case -1: syslog(LOG_DEBUG, "fork() error: %s", strerror(errno)); close(fds[0]); close(fds[1]); talloc_free(state); state = NULL; break; case 0: state->fd = fds[1]; close(fds[0]); tmp = getenv(CM_STORE_CONFIG_DIRECTORY_ENV); configdir = (tmp != NULL) ? strdup(tmp) : NULL; tmp = getenv("TMPDIR"); tmpdir = (tmp != NULL) ? strdup(tmp) : NULL; homedir = cm_env_home_dir(); local = cm_env_local_ca_dir(); local = local ? strdup(local) : NULL; childenvs = 0; for (i = 0; (environ != NULL) && (environ[i] != NULL); i++) { if (cm_subproc_propagate_environment(environ[i]) > 0) { childenvs++; } } if (childenvs > 0) { childenv = calloc(childenvs + 1, sizeof(char *)); childenvs = 0; if (childenv != NULL) { for (i = 0; (environ != NULL) && (environ[i] != NULL); i++) { if (cm_subproc_propagate_environment(environ[i]) > 0) { childenv[childenvs++] = strdup(environ[i]); } } childenv[childenvs] = NULL; } } else { childenv = NULL; } clear_environment(); setenv("HOME", homedir, 1); setenv("PATH", _PATH_STDPATH, 1); setenv("SHELL", _PATH_BSHELL, 1); setenv("TERM", "dumb", 1); /* sane default, can be overruled by childenv */ setenv("LC_CTYPE", "C.UTF-8", 1); if (configdir != NULL) { setenv(CM_STORE_CONFIG_DIRECTORY_ENV, configdir, 1); } if (tmpdir != NULL) { setenv("TMPDIR", tmpdir, 1); } if (local != NULL) { setenv(CM_STORE_LOCAL_CA_DIRECTORY_ENV, local, 1); } for (i = 0; (childenv != NULL) && (childenv[i] != NULL); i++) { p = childenv[i] + strcspn(childenv[i], "="); if (*p != '\0') { *p++ = '\0'; setenv(childenv[i], p, 1); } } _exit((*cb)(fds[1], ca, entry, data)); break; default: state->fd = fds[0]; flags = fcntl(state->fd, F_GETFL); if (fcntl(state->fd, F_SETFL, flags | O_NONBLOCK) != 0) { syslog(LOG_DEBUG, "error marking output for " "subprocess non-blocking: %s", strerror(errno)); } close(fds[1]); fds[1] = -1; break; } } } return state; } /* Get a selectable-for-read descriptor we can poll for status changes. */ int cm_subproc_get_fd(struct cm_subproc_state *state) { return state->fd; } /* Get the output to-date. */ const char * cm_subproc_get_msg(struct cm_subproc_state *state, int *length) { if (length != NULL) { *length = state->count; } return state->msg ? state->msg : ""; } /* Get the exit status. */ int cm_subproc_get_exitstatus(struct cm_subproc_state *state) { return state->status; } /* Clean up when we're done. */ void cm_subproc_done(struct cm_subproc_state *state) { pid_t pid; if (state != NULL) { if (state->pid != -1) { do { pid = waitpid(state->pid, &state->status, 0); cm_log(4, "Waited for %ld, got %ld.\n", (long) state->pid, (long) pid); } while ((pid == -1) && (errno == EINTR)); } if (state->fd != -1) { close(state->fd); } talloc_free(state); } } /* Check if we're done (return 0), or need to be called again (-1). */ int cm_subproc_ready(struct cm_subproc_state *state) { ssize_t i, remainder; char *tmp; int status; if (state->pid == -1) { return state->status; } do { remainder = state->bufsize - state->count; if (remainder <= 0) { tmp = talloc_realloc_size(state, state->msg, state->bufsize + GROW_SIZE + 1); if (tmp != NULL) { state->msg = tmp; state->bufsize += GROW_SIZE; state->msg[state->bufsize] = '\0'; remainder = state->bufsize - state->count; } else { errno = EINTR; i = -1; break; } } i = read(state->fd, state->msg + state->count, remainder); switch (i) { case -1: case 0: break; default: state->count += i; break; } } while (i > 0); if ((i == -1) && ((errno == EAGAIN) || (errno == EINTR))) { status = -1; } else { state->msg[state->count] = '\0'; close(state->fd); state->fd = -1; waitpid(state->pid, &state->status, 0); state->pid = -1; status = 0; } return status; } /* Adapted from oddjob's parse_args(). */ char ** cm_subproc_parse_args(void *parent, const char *cmdline, const char **error) { const char *p; char *q, *bigbuf; char **argv; int sqlevel, dqlevel, escape; size_t buffersize, words; buffersize = strlen(cmdline) * 3; bigbuf = talloc_zero_size(parent, buffersize); sqlevel = dqlevel = escape = 0; p = cmdline; q = bigbuf; while (*p != '\0') { switch (*p) { case '\\': if ((dqlevel != 0) || (sqlevel != 0) || escape) { *q++ = *p++; escape = 0; } else { escape = 1; p++; } break; case '\'': switch (sqlevel) { case 0: if (escape || (dqlevel > 0)) { *q++ = *p++; escape = 0; } else { sqlevel = 1; p++; } break; case 1: sqlevel = 0; p++; break; } break; case '"': switch (dqlevel) { case 0: if (escape || (sqlevel > 0)) { *q++ = *p++; escape = 0; } else { dqlevel = 1; p++; } break; case 1: dqlevel = 0; p++; break; } break; case '\r': case '\n': case '\t': case ' ': if (escape || (dqlevel > 0) || (sqlevel > 0)) { *q++ = *p; } else { *q++ = '\0'; } p++; break; default: *q++ = *p++; break; } } if (error) { *error = NULL; } if (dqlevel > 0) { if (error) { *error = "Unmatched \""; } talloc_free(bigbuf); return NULL; } if (sqlevel > 0) { if (error) { *error = "Unmatched '"; } talloc_free(bigbuf); return NULL; } if (escape) { if (error) { *error = "Attempt to escape end-of-command"; } talloc_free(bigbuf); return NULL; } p = NULL; words = 0; for (q = bigbuf; q < bigbuf + buffersize; q++) { if (*q != '\0') { if (p == NULL) { p = q; } } else { if (p != NULL) { words++; p = NULL; } } } argv = talloc_zero_size(parent, sizeof(char*) * (words + 1)); p = NULL; words = 0; for (q = bigbuf; q < bigbuf + buffersize; q++) { if (*q != '\0') { if (p == NULL) { p = q; } } else { if (p != NULL) { argv[words++] = talloc_strdup(argv, p); p = NULL; } } } talloc_free(bigbuf); return argv; } /* Based heavily on systemd version */ static int safe_atoi(const char *s, int *ret_i) { char *x = NULL; long l; errno = 0; l = strtol(s, &x, 0); if (errno > 0) return -1; if (!x || x == s || *x != 0) return -1; if ((long) (int) l != l) return -1; *ret_i = (int) l; return 0; } /* Redirect stdio to /dev/null, and mark everything else as close-on-exec, * except for perhaps one to three of them that are passed in by number. */ void cm_subproc_mark_most_cloexec(int fd, int fd2, int fd3) { int i; long l; DIR *dir = NULL; struct dirent *de; if ((fd != STDIN_FILENO) && (fd2 != STDIN_FILENO) && (fd3 != STDIN_FILENO)) { i = open("/dev/null", O_RDONLY); if (i != -1) { if (i != STDIN_FILENO) { dup2(i, STDIN_FILENO); close(i); } } else { close(STDIN_FILENO); } } if ((fd != STDOUT_FILENO) && (fd2 != STDOUT_FILENO) && (fd3 != STDOUT_FILENO)) { i = open("/dev/null", O_WRONLY); if (i != -1) { if (i != STDOUT_FILENO) { dup2(i, STDOUT_FILENO); close(i); } } else { close(STDOUT_FILENO); } } if ((fd != STDERR_FILENO) && (fd2 != STDERR_FILENO) && (fd3 != STDERR_FILENO)) { i = open("/dev/null", O_WRONLY); if (i != -1) { if (i != STDERR_FILENO) { dup2(i, STDERR_FILENO); close(i); } } else { close(STDERR_FILENO); } } dir = opendir("/proc/self/fd"); if (!dir) { /* /proc isn't available, fall back to old way */ for (i = getdtablesize() - 1; i >= 3; i--) { if ((i == fd) || (i == fd2) || (i == fd3)) { continue; } l = fcntl(i, F_GETFD); if (l != -1) { if (fcntl(i, F_SETFD, l | FD_CLOEXEC) != 0) { cm_log(0, "Potentially leaking FD %d.\n", i); } } } } else { while ((de = readdir(dir)) != NULL) { int i = -1; if (safe_atoi(de->d_name, &i) < 0) { continue; } if ((i == fd) || (i == fd2) || (i == fd3)) { continue; } if (i == dirfd(dir)) { continue; } l = fcntl(i, F_GETFD); if (l != -1) { if (fcntl(i, F_SETFD, l | FD_CLOEXEC) != 0) { cm_log(0, "Potentially leaking FD %d.\n", i); } } } closedir(dir); } } certmonger-0.79.19/src/subproc.h0000644000175000017500000000367514511314133016062 0ustar gitgit00000000000000/* * Copyright (C) 2009,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmsubproc_h #define cmsubproc_h struct cm_store_ca; struct cm_store_entry; struct cm_subproc_state; /* Start calling the callback in a subprocess. */ struct cm_subproc_state *cm_subproc_start(int (*cb)(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, void *data), void *parent, struct cm_store_ca *ca, struct cm_store_entry *entry, void *data); /* Get a selectable-for-read descriptor we can wait on for status changes. If * we return -1, the caller must poll. */ int cm_subproc_get_fd(struct cm_subproc_state *state); /* Return 0 if the process has finished its run. */ int cm_subproc_ready(struct cm_subproc_state *state); /* Return the subprocess's output. */ const char *cm_subproc_get_msg(struct cm_subproc_state *state, int *length); /* Return the subprocess's exit status. */ int cm_subproc_get_exitstatus(struct cm_subproc_state *state); /* Clean up. */ void cm_subproc_done(struct cm_subproc_state *state); /* Parse args. */ char **cm_subproc_parse_args(void *parent, const char *cmdline, const char **error); /* Reset stdio to /dev/null and mark all but the passed-in descriptor as * close-on-exec. */ void cm_subproc_mark_most_cloexec(int fd, int fd2, int fd3); #endif certmonger-0.79.19/src/tdbus.c0000644000175000017500000006052414511314133015515 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #ifdef HAVE_OPENSSL #include #endif #ifdef HAVE_GMP #include #endif #include "cm.h" #include "log.h" #include "submit-u.h" #include "tdbus.h" #include "tdbush.h" #include "tdbusm.h" struct tdbus_connection { DBusServer *server; DBusConnection *conn; enum cm_tdbus_type conn_type; struct tdbus_watch { struct tdbus_watch *next; struct tdbus_connection *conn; int fd; struct tevent_fd *tfd; struct tdbus_dwatch { struct tdbus_dwatch *next; DBusWatch *watch; int dflags; dbus_bool_t active; } *dwatches; } *watches; struct tdbus_timer { struct tdbus_connection *conn; struct tdbus_timer *next; DBusTimeout *timeout; struct tevent_timer *tt; int d_interval; dbus_bool_t active; } *timers; void *data; }; static int cm_tdbus_setup_public_connection(struct tdbus_connection *tdb, DBusConnection *conn, const char *bus_desc, DBusError *error); static void cm_tdbus_dispatch_status(DBusConnection *conn, DBusDispatchStatus new_status, void *data) { while (new_status == DBUS_DISPATCH_DATA_REMAINS) { new_status = dbus_connection_dispatch(conn); } } static int cm_tdbus_watch_get_fd(DBusWatch *watch) { #if defined(HAVE_DBUS_WATCH_GET_UNIX_FD) return dbus_watch_get_unix_fd(watch); #elif defined(HAVE_DBUS_WATCH_GET_FD) return dbus_watch_get_fd(watch); #else #error "Don't know how to retrieve a watchable descriptor from a DBus watch!" return -1; #endif } static int cm_tdbus_tfd_flags_for_watch_flags(unsigned int watch_flags) { int tfd_flags; tfd_flags = 0; if (watch_flags & DBUS_WATCH_READABLE) { tfd_flags |= TEVENT_FD_READ; } if (watch_flags & DBUS_WATCH_WRITABLE) { tfd_flags |= TEVENT_FD_WRITE; } if (watch_flags & DBUS_WATCH_ERROR) { tfd_flags |= TEVENT_FD_READ; tfd_flags |= TEVENT_FD_WRITE; } if (watch_flags & DBUS_WATCH_HANGUP) { tfd_flags |= TEVENT_FD_READ; } return tfd_flags; } static int cm_tdbus_watch_flags_for_tfd_flags(unsigned int tfd_flags) { int watch_flags; watch_flags = 0; if (tfd_flags & TEVENT_FD_READ) { watch_flags |= DBUS_WATCH_READABLE; watch_flags |= DBUS_WATCH_HANGUP; } if (tfd_flags & TEVENT_FD_WRITE) { watch_flags |= DBUS_WATCH_WRITABLE; } return watch_flags; } static void cm_tdbus_queue_fd(struct tevent_context *ec, struct tdbus_watch *watch, tevent_fd_handler_t handler) { struct tdbus_dwatch *dwatch; int newtflags, dflags; char flags[20] = ""; newtflags = 0; dwatch = watch->dwatches; while (dwatch != NULL) { if (dwatch->active) { dwatch->dflags = dbus_watch_get_flags(dwatch->watch); dflags = dwatch->dflags; newtflags |= cm_tdbus_tfd_flags_for_watch_flags(dflags); } dwatch = dwatch->next; } if (newtflags != 0) { if (newtflags & TEVENT_FD_READ) { strcpy(flags, "Read"); } if (newtflags & TEVENT_FD_WRITE) { if (strlen(flags) > 0) { strcat(flags, "-"); } strcat(flags, "Write"); } watch->tfd = tevent_add_fd(ec, watch, watch->fd, newtflags, handler, watch); cm_log(5, "Queuing FD %d for %s for %p:%p.\n", watch->fd, flags, watch->conn, watch->tfd); } else { watch->tfd = NULL; cm_log(5, "Not queuing FD %d for %p.\n", watch->fd, watch->conn); } } static void cm_tdbus_handle_fd(struct tevent_context *ec, struct tevent_fd *tfd, uint16_t tflags, void *pvt) { struct tdbus_watch *watch; struct tdbus_dwatch *dwatch; int dflags; char flags[20] = ""; watch = pvt; dflags = cm_tdbus_watch_flags_for_tfd_flags(tflags); if (tflags & TEVENT_FD_READ) { strcpy(flags, "Read"); } if (tflags & TEVENT_FD_WRITE) { if (strlen(flags) > 0) { strcat(flags, "-"); } strcat(flags, "Write"); } cm_log(5, "Dequeuing FD %d for %s for %p:%p.\n", watch->fd, flags, watch->conn, watch->tfd); talloc_free(watch->tfd); watch->tfd = NULL; dwatch = watch->dwatches; while (dwatch != NULL) { if (dwatch->active) { cm_log(5, "Handling D-Bus traffic (%s) on FD %d for " "%p.\n", flags, watch->fd, watch->conn); if ((dflags & dwatch->dflags) != 0) { dbus_watch_handle(dwatch->watch, dflags & dwatch->dflags); break; } } else { cm_log(5, "Skipping disabled %d handler on FD %d for " "%p.\n", dwatch->dflags, watch->fd, watch->conn); } dwatch = dwatch->next; } if (dwatch == NULL) { cm_log(5, "Unexpected D-Bus traffic (%s) on FD %d for %p:%p.\n", flags, watch->fd, watch->conn, tfd); } if (watch->tfd != NULL) { cm_log(5, "Dequeuing FD %d for %s for %p:%p.\n", watch->fd, flags, watch->conn, watch->tfd); talloc_free(watch->tfd); watch->tfd = NULL; } cm_tdbus_queue_fd(ec, watch, cm_tdbus_handle_fd); } static void cm_tdbus_handle_timer(struct tevent_context *ec, struct tevent_timer *timer, struct timeval current_time, void *pvt) { struct tdbus_timer *tdb_timer; struct timeval next_time; tdb_timer = pvt; talloc_free(tdb_timer->tt); tdb_timer->tt = NULL; if (tdb_timer->active) { cm_log(5, "Handling D-Bus timeout.\n"); if (dbus_timeout_handle(tdb_timer->timeout)) { next_time = tevent_timeval_current_ofs(tdb_timer->d_interval, 0); tdb_timer->tt = tevent_add_timer(ec, tdb_timer, next_time, cm_tdbus_handle_timer, tdb_timer); } } } static dbus_bool_t cm_tdbus_watch_add(DBusWatch *watch, void *data) { struct tdbus_connection *conn; struct tdbus_watch *tdb_watch; struct tdbus_dwatch *tdb_dwatch; int fd; char flags[20] = ""; conn = data; fd = cm_tdbus_watch_get_fd(watch); if (dbus_watch_get_flags(watch) & DBUS_WATCH_READABLE) { strcpy(flags, "Read"); } if (dbus_watch_get_flags(watch) & DBUS_WATCH_WRITABLE) { if (strlen(flags) > 0) { strcat(flags, "-"); } strcat(flags, "Write"); } cm_log(5, "Adding %sabled DBus watch on FD %d (for %s) for %p.\n", dbus_watch_get_enabled(watch) ? "en" : "dis", fd, flags, data); /* Find the tevent watch for this fd. */ tdb_watch = conn->watches; while (tdb_watch != NULL) { if (tdb_watch->fd == fd) { break; } tdb_watch = tdb_watch->next; } /* If we couldn't find one, add it. */ if (tdb_watch == NULL) { cm_log(5, "Adding a watch group for FD %d for %p.\n", fd, data); tdb_watch = talloc_ptrtype(conn, tdb_watch); if (tdb_watch == NULL) { return FALSE; } memset(tdb_watch, 0, sizeof(*tdb_watch)); tdb_watch->conn = conn; tdb_watch->fd = fd; tdb_watch->tfd = NULL; tdb_watch->dwatches = NULL; tdb_watch->next = conn->watches; conn->watches = tdb_watch; } /* Add a new dwatch to the watch. */ tdb_dwatch = talloc_ptrtype(tdb_watch, tdb_dwatch); if (tdb_dwatch == NULL) { return FALSE; } memset(tdb_dwatch, 0, sizeof(*tdb_dwatch)); tdb_dwatch->watch = watch; tdb_dwatch->dflags = dbus_watch_get_flags(watch); tdb_dwatch->active = dbus_watch_get_enabled(watch); tdb_dwatch->next = tdb_watch->dwatches; tdb_watch->dwatches = tdb_dwatch; /* (Re-)queue the tfd. */ cm_log(5, "Dequeuing FD %d for %p:%p.\n", tdb_watch->fd, tdb_watch->conn, tdb_watch->tfd); talloc_free(tdb_watch->tfd); tdb_watch->tfd = NULL; cm_tdbus_queue_fd(talloc_parent(conn), tdb_watch, cm_tdbus_handle_fd); return TRUE; } static void cm_tdbus_watch_remove(DBusWatch *watch, void *data) { struct tdbus_connection *conn; struct tdbus_watch *tdb_watch; struct tdbus_dwatch *tdb_dwatch, *prev; int fd; conn = data; fd = cm_tdbus_watch_get_fd(watch); cm_log(5, "Removing a DBus watch for FD %d (for %u) for %p.\n", fd, dbus_watch_get_flags(watch), data); /* Find the tevent watch for this fd. */ tdb_watch = conn->watches; while (tdb_watch != NULL) { if (tdb_watch->fd == fd) { break; } tdb_watch = tdb_watch->next; } if (tdb_watch == NULL) { cm_log(5, "No matching watch found.\n"); return; } /* Find the watch in the list of dwatches. */ for (prev = NULL, tdb_dwatch = tdb_watch->dwatches; tdb_dwatch != NULL; tdb_dwatch = tdb_dwatch->next) { if (tdb_dwatch->watch == watch) { if (prev != NULL) { prev->next = tdb_dwatch->next; tdb_dwatch->next = NULL; talloc_free(tdb_dwatch); } else { tdb_watch->dwatches = tdb_dwatch->next; tdb_dwatch->next = NULL; talloc_free(tdb_dwatch); } break; } prev = tdb_dwatch; } /* (Re-)queue the tfd. */ cm_log(5, "Dequeuing FD %d for %p:%p.\n", tdb_watch->fd, tdb_watch->conn, tdb_watch->tfd); talloc_free(tdb_watch->tfd); tdb_watch->tfd = NULL; cm_tdbus_queue_fd(talloc_parent(conn), tdb_watch, cm_tdbus_handle_fd); } static void cm_tdbus_watch_toggle(DBusWatch *watch, void *data) { struct tdbus_connection *conn; struct tdbus_watch *tdb_watch; struct tdbus_dwatch *tdb_dwatch; int fd; conn = data; fd = cm_tdbus_watch_get_fd(watch); cm_log(5, "Toggling a DBus watch for FD %d (for %u) for " "%p.\n", fd, dbus_watch_get_flags(watch), conn); /* Find the tevent watch for this fd. */ tdb_watch = conn->watches; while (tdb_watch != NULL) { if (tdb_watch->fd == fd) { break; } tdb_watch = tdb_watch->next; } if (tdb_watch == NULL) { cm_log(5, "No matching watch found.\n"); return; } /* Find the watch in the list of dwatches. */ tdb_dwatch = tdb_watch->dwatches; while (tdb_dwatch != NULL) { if (tdb_dwatch->watch == watch) { tdb_dwatch->active = dbus_watch_get_enabled(watch); cm_log(5, "Watch %sabled.\n", tdb_dwatch->active ? "en" : "dis"); break; } tdb_dwatch = tdb_dwatch->next; } /* (Re-)queue the tfd. */ cm_log(5, "Dequeuing FD %d for %p:%p.\n", tdb_watch->fd, tdb_watch->conn, tdb_watch->tfd); talloc_free(tdb_watch->tfd); tdb_watch->tfd = NULL; cm_tdbus_queue_fd(talloc_parent(conn), tdb_watch, cm_tdbus_handle_fd); } static void cm_tdbus_watch_cleanup(void *data) { struct tdbus_connection *conn; struct tdbus_watch *watch; conn = data; watch = conn->watches; while (watch != NULL) { while (watch->dwatches != NULL) { cm_tdbus_watch_remove(watch->dwatches->watch, data); } watch = watch->next; } } static dbus_bool_t cm_tdbus_timeout_add(DBusTimeout *timeout, void *data) { struct tdbus_connection *conn; struct tdbus_timer *tdb_timer; struct timeval next_time; conn = data; tdb_timer = talloc_ptrtype(conn, tdb_timer); if (tdb_timer != NULL) { memset(tdb_timer, 0, sizeof(*tdb_timer)); tdb_timer->conn = conn; tdb_timer->timeout = timeout; tdb_timer->d_interval = dbus_timeout_get_interval(timeout); tdb_timer->active = dbus_timeout_get_enabled(timeout); if (tdb_timer->active) { next_time = tevent_timeval_current_ofs(tdb_timer->d_interval, 0); tdb_timer->tt = tevent_add_timer(talloc_parent(conn), tdb_timer, next_time, cm_tdbus_handle_timer, tdb_timer); if (tdb_timer->tt != NULL) { tdb_timer->next = conn->timers; conn->timers = tdb_timer; return TRUE; } } else { tdb_timer->next = conn->timers; conn->timers = tdb_timer; return TRUE; } } return FALSE; } static void cm_tdbus_timeout_remove(DBusTimeout *timeout, void *data) { struct tdbus_connection *conn; struct tdbus_timer *tdb_timer, *prev; conn = data; for (prev = NULL, tdb_timer = conn->timers; tdb_timer != NULL; tdb_timer = tdb_timer->next) { if (tdb_timer->timeout == timeout) { if (prev != NULL) { prev->next = tdb_timer->next; tdb_timer->next = NULL; talloc_free(tdb_timer); } else { conn->timers = tdb_timer->next; tdb_timer->next = NULL; talloc_free(tdb_timer); } break; } prev = tdb_timer; } } static void cm_tdbus_timeout_toggle(DBusTimeout *timeout, void *data) { struct tdbus_connection *conn; struct tdbus_timer *tdb_timer; struct timeval next_time; void *parent; conn = data; for (tdb_timer = conn->timers; tdb_timer != NULL; tdb_timer = tdb_timer->next) { if (tdb_timer->timeout == timeout) { tdb_timer->d_interval = dbus_timeout_get_interval(timeout); tdb_timer->active = dbus_timeout_get_enabled(timeout); talloc_free(tdb_timer->tt); if (tdb_timer->active) { next_time = tevent_timeval_current_ofs(tdb_timer->d_interval, 0); parent = talloc_parent(conn); tdb_timer->tt = tevent_add_timer(parent, tdb_timer, next_time, cm_tdbus_handle_timer, tdb_timer); } else { tdb_timer->tt = NULL; } break; } } } static void cm_tdbus_timeout_cleanup(void *data) { struct tdbus_connection *conn; conn = data; while (conn->timers != NULL) { cm_tdbus_timeout_remove(conn->timers->timeout, data); } } static void cm_tdbus_reconnect(struct tevent_context *ec, struct tevent_timer *timer, struct timeval current_time, void *pvt) { const char *bus_desc; struct tdbus_connection *tdb; struct timeval later; dbus_bool_t exit_on_disconnect = TRUE; tdb = pvt; talloc_free(timer); if ((tdb->conn == NULL) || !dbus_connection_get_is_connected(tdb->conn)) { /* Close the current connection and open a new one. */ if (tdb->conn != NULL) { dbus_connection_unref(tdb->conn); tdb->conn = NULL; } bus_desc = NULL; switch (tdb->conn_type) { case cm_tdbus_system: cm_log(1, "Attempting to reconnect to system bus.\n"); tdb->conn = dbus_bus_get(DBUS_BUS_SYSTEM, NULL); cm_set_conn_ptr(tdb->data, tdb->conn); /* Don't exit if we get disconnected. */ exit_on_disconnect = FALSE; bus_desc = "system"; break; case cm_tdbus_session: cm_log(1, "Attempting to reconnect to session bus.\n"); tdb->conn = dbus_bus_get(DBUS_BUS_SESSION, NULL); cm_set_conn_ptr(tdb->data, tdb->conn); /* Exit if we get disconnected. */ exit_on_disconnect = TRUE; bus_desc = "session"; break; case cm_tdbus_private: abort(); break; } if ((tdb->conn != NULL) && dbus_connection_get_is_connected(tdb->conn)) { /* We're reconnected; reset our handlers. */ cm_log(1, "Reconnected to %s bus.\n", bus_desc); dbus_connection_set_exit_on_disconnect(tdb->conn, exit_on_disconnect); cm_tdbus_setup_public_connection(tdb, tdb->conn, bus_desc, NULL); } else { /* Try reconnecting again later. */ later = tevent_timeval_current_ofs(CM_DBUS_RECONNECT_TIMEOUT, 0), tevent_add_timer(ec, tdb, later, cm_tdbus_reconnect, tdb); } } } static DBusHandlerResult cm_tdbus_filter(DBusConnection *conn, DBusMessage *dmessage, void *data) { struct tdbus_connection *tdb = data; const char *destination, *unique_name, *path, *interface, *member; /* If we're disconnected, queue a reconnect. */ if ((tdb->conn_type != cm_tdbus_private) && !dbus_connection_get_is_connected(conn)) { tevent_add_timer(talloc_parent(tdb), tdb, tevent_timeval_current(), cm_tdbus_reconnect, tdb); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } switch (dbus_message_get_type(dmessage)) { case DBUS_MESSAGE_TYPE_METHOD_CALL: /* Make sure it's a message we care about. */ destination = dbus_message_get_destination(dmessage); path = dbus_message_get_path(dmessage); interface = dbus_message_get_interface(dmessage); member = dbus_message_get_member(dmessage); /* Catch weird-looking messages. */ if ((destination == NULL) || (path == NULL) || (member == NULL)) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } cm_log(4, "message %p(%s)->%s:%s:%s.%s\n", tdb, dbus_message_type_to_string(dbus_message_get_type(dmessage)), destination, path, interface ? interface : "", member); return cm_tdbush_handle_method_call(conn, dmessage, tdb->conn_type, tdb->data); break; case DBUS_MESSAGE_TYPE_METHOD_RETURN: /* Check that the call or return is directed to us. */ destination = dbus_message_get_destination(dmessage); if ((strcmp(destination, CM_DBUS_NAME) != 0) && (((unique_name = dbus_bus_get_unique_name(conn)) == NULL) || (strcmp(destination, unique_name) != 0))) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } cm_log(4, "message %p(%s)->%lu->%lu\n", tdb, dbus_message_type_to_string(dbus_message_get_type(dmessage)), (unsigned long) dbus_message_get_reply_serial(dmessage), (unsigned long) dbus_message_get_serial(dmessage)); return cm_tdbush_handle_method_return(conn, dmessage, tdb->conn_type, tdb->data); break; default: break; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } static int cm_tdbus_setup_conn_loop(struct tdbus_connection *tdb, DBusConnection *conn) { /* Set the callback to be called when I/O processing has yielded a * request that we need to act on. */ dbus_connection_set_dispatch_status_function(conn, cm_tdbus_dispatch_status, tdb, NULL); /* Hook up the I/O callbacks so that D-Bus can actually do its thing. */ if (!dbus_connection_set_watch_functions(conn, &cm_tdbus_watch_add, &cm_tdbus_watch_remove, &cm_tdbus_watch_toggle, tdb, &cm_tdbus_watch_cleanup)) { cm_log(1, "Unable to add timer callbacks.\n"); return -1; } /* Hook up the (unused?) timer callbacks to be polite. */ if (!dbus_connection_set_timeout_functions(conn, cm_tdbus_timeout_add, cm_tdbus_timeout_remove, cm_tdbus_timeout_toggle, tdb, cm_tdbus_timeout_cleanup)) { cm_log(1, "Unable to add timer callbacks.\n"); return -1; } /* Handle any messages that are already pending. */ cm_tdbus_dispatch_status(conn, dbus_connection_get_dispatch_status(conn), tdb); return 0; } static int cm_tdbus_setup_server_loop(struct tdbus_connection *tdb, DBusServer *server) { /* Hook up the I/O callbacks so that D-Bus can actually do its thing. */ if (!dbus_server_set_watch_functions(server, &cm_tdbus_watch_add, &cm_tdbus_watch_remove, &cm_tdbus_watch_toggle, tdb, &cm_tdbus_watch_cleanup)) { cm_log(1, "Unable to add timer callbacks.\n"); return -1; } /* Hook up the (unused?) timer callbacks to be polite. */ if (!dbus_server_set_timeout_functions(server, cm_tdbus_timeout_add, cm_tdbus_timeout_remove, cm_tdbus_timeout_toggle, tdb, cm_tdbus_timeout_cleanup)) { cm_log(1, "Unable to add timer callbacks.\n"); return -1; } return 0; } static int cm_tdbus_setup_public_connection(struct tdbus_connection *tdb, DBusConnection *conn, const char *bus_desc, DBusError *error) { DBusError err; int ret; /* Add the event loop glue. */ if (cm_tdbus_setup_conn_loop(tdb, conn) != 0) { cm_log(0, "Error setting up connection to %s bus.\n", bus_desc); return -1; } /* Watch for method calls on this connection. */ if (!dbus_connection_add_filter(conn, cm_tdbus_filter, tdb, NULL)) { cm_log(1, "Unable to add filter.\n"); return -1; } /* Request our service name. */ memset(&err, 0, sizeof(err)); ret = dbus_bus_request_name(conn, CM_DBUS_NAME, 0, &err); if ((ret == 0) || ((ret != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) && (ret != DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER)) || dbus_error_is_set(&err)) { cm_log(0, "Unable to set well-known bus name \"%s\": %s(%d).\n", CM_DBUS_NAME, err.message ? err.message : (err.name ? err.name : ""), ret); if (error != NULL) { dbus_move_error(&err, error); } return -1; } cm_log(3, "Connected to %s message bus with name " "\"%s\", unique name \"%s\".\n", bus_desc, dbus_bus_get_unique_name(conn) ?: "(unknown)", CM_DBUS_NAME); return 0; } int cm_tdbus_setup_public(struct tevent_context *ec, enum cm_tdbus_type bus_type, void *data, DBusError *error) { DBusConnection *conn; DBusError err; const char *bus_desc; struct tdbus_connection *tdb; dbus_bool_t exit_on_disconnect; /* Build our own context. */ tdb = talloc_ptrtype(ec, tdb); if (tdb == NULL) { return ENOMEM; } memset(tdb, 0, sizeof(*tdb)); /* Connect to the right bus. */ bus_desc = NULL; conn = NULL; exit_on_disconnect = TRUE; if (error != NULL) { dbus_error_init(error); } switch (bus_type) { case cm_tdbus_system: conn = dbus_bus_get(DBUS_BUS_SYSTEM, error); cm_set_conn_ptr(data, conn); /* Don't exit if we get disconnected. */ exit_on_disconnect = FALSE; bus_desc = "system"; break; case cm_tdbus_session: conn = dbus_bus_get(DBUS_BUS_SESSION, error); cm_set_conn_ptr(data, conn); /* Exit if we get disconnected. */ exit_on_disconnect = TRUE; bus_desc = "session"; break; case cm_tdbus_private: abort(); break; } if (conn == NULL) { cm_log(0, "Error connecting to %s bus.\n", bus_desc); talloc_free(tdb); return -1; } dbus_connection_set_exit_on_disconnect(conn, exit_on_disconnect); tdb->conn = conn; tdb->conn_type = bus_type; tdb->data = data; /* Hook up the event loop, register our name, and set up the filter. */ memset(&err, 0, sizeof(err)); if (cm_tdbus_setup_public_connection(tdb, conn, bus_desc, &err) != 0) { talloc_free(tdb); return -1; } return 0; } static void cm_tdbus_new_private_client(DBusServer *server, DBusConnection *new_conn, void *data) { struct tdbus_connection *tdb = data; int sd; if (dbus_connection_get_socket(new_conn, &sd)) { cm_log(4, "New client on FD %d.\n", sd); } else { cm_log(4, "New client on unknown socket.\n"); } if (cm_tdbus_setup_conn_loop(tdb, new_conn) == 0) { /* Watch for method calls on this connection. */ if (!dbus_connection_add_filter(new_conn, cm_tdbus_filter, tdb, NULL)) { cm_log(1, "Unable to add filter, dropping.\n"); return; } dbus_connection_ref(new_conn); cm_log(3, "Accepted private connection.\n"); } else { cm_log(0, "Error setting up for client, dropping.\n"); } } static void cm_tdbus_lost_private_client(void *data) { cm_log(3, "Lost private connection.\n"); } #ifndef HAVE_OPENSSL #ifdef HAVE_GMP static void fill_uuid(unsigned char *uuid, size_t length) { gmp_randstate_t state; unsigned int i; gmp_randinit_default(state); for (i = 0; i < length; i++) { uuid[i] = gmp_urandomb_ui(state, 8); } } #endif #endif int cm_tdbus_setup_private(struct tevent_context *ec, void *data, const char *path, char **address, DBusError *error) { struct tdbus_connection *tdb; unsigned char uuid[16]; char *addr; *address = NULL; /* Build our own context. */ tdb = talloc_ptrtype(ec, tdb); if (tdb == NULL) { return ENOMEM; } memset(tdb, 0, sizeof(*tdb)); /* Start up the listener. */ if (error != NULL) { dbus_error_init(error); } if (path != NULL) { if (path[0] == '/') { addr = talloc_asprintf(ec, "unix:path=%s", path); } else { addr = talloc_asprintf(ec, "unix:%s", path); } } else { #ifdef HAVE_UUID if (cm_submit_uuid_new(uuid) == 0) { /* we're good */ } else #endif #ifdef HAVE_OPENSSL if (!RAND_bytes(uuid, sizeof(uuid))) { /* Try again sometime later. */ cm_log(1, "Error generating UUID.\n"); talloc_free(tdb); return -1; } #else #ifdef HAVE_GMP fill_uuid(uuid, sizeof(uuid)); #endif #endif addr = talloc_asprintf(ec, "unix:abstract=%s/listen-" "%02x%02x%02x%02x%02x%02x%02x%02x" "%02x%02x%02x%02x%02x%02x%02x%02x", CM_TMPDIR, uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5], uuid[6], uuid[7], uuid[8], uuid[9], uuid[10], uuid[11], uuid[12], uuid[13], uuid[14], uuid[15]); } tdb->server = dbus_server_listen(addr, error); if (dbus_error_is_set(error)) { cm_log(0, "Error setting up D-Bus server.\n"); talloc_free(tdb); return -1; } tdb->conn_type = cm_tdbus_private; tdb->data = data; /* Add the event loop glue. */ if (cm_tdbus_setup_server_loop(tdb, tdb->server) != 0) { cm_log(0, "Error setting up private listener.\n"); talloc_free(tdb); return -1; } /* Provide the callback to use when we get a new client connection. */ dbus_server_set_new_connection_function(tdb->server, cm_tdbus_new_private_client, tdb, cm_tdbus_lost_private_client); *address = dbus_server_get_address(tdb->server); return 0; } certmonger-0.79.19/src/tdbus.h0000644000175000017500000001664414511314133015526 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmtdbus_h #define cmtdbus_h #define CM_DBUS_BASE_INTERFACE CM_DBUS_NAME #define CM_DBUS_DEFAULT_BUS cm_tdbus_system #define CM_DBUS_CA_PATH CM_DBUS_BASE_PATH "/cas" #define CM_DBUS_CA_INTERFACE CM_DBUS_BASE_INTERFACE ".ca" #define CM_DBUS_REQUEST_PATH CM_DBUS_BASE_PATH "/requests" #define CM_DBUS_REQUEST_INTERFACE CM_DBUS_BASE_INTERFACE ".request" #define CM_DBUS_ERROR_BASE CM_DBUS_BASE_INTERFACE #define CM_DBUS_ERROR_CA CM_DBUS_ERROR_BASE ".ca" #define CM_DBUS_ERROR_REQUEST CM_DBUS_ERROR_BASE ".request" #define CM_DBUS_ERROR_BASE_INTERNAL CM_DBUS_ERROR_BASE ".internal" #define CM_DBUS_ERROR_BASE_MISSING_ARG CM_DBUS_ERROR_BASE ".missing_arg" #define CM_DBUS_ERROR_BASE_BAD_ARG CM_DBUS_ERROR_BASE ".bad_arg" #define CM_DBUS_ERROR_BASE_DUPLICATE CM_DBUS_ERROR_BASE ".duplicate" #define CM_DBUS_ERROR_BASE_NO_SUCH_ENTRY CM_DBUS_ERROR_BASE ".no_such_entry" #define CM_DBUS_ERROR_CA_INTERNAL CM_DBUS_ERROR_CA ".internal" #define CM_DBUS_ERROR_REQUEST_INTERNAL CM_DBUS_ERROR_REQUEST ".internal" #define CM_DBUS_ERROR_REQUEST_BAD_ARG CM_DBUS_ERROR_REQUEST ".bad_arg" #define CM_DBUS_PROP_NICKNAME "nickname" #define CM_DBUS_PROP_AUTORENEW "autorenew" #define CM_DBUS_PROP_CERT "cert" #define CM_DBUS_PROP_CERT_CHAIN "cert-chain" #define CM_DBUS_PROP_CERT_ROOTS "cert-roots" #define CM_DBUS_PROP_CERT_PRESAVE_COMMAND "cert-presave-command" #define CM_DBUS_PROP_CERT_PRESAVE_UID "cert-presave-uid" #define CM_DBUS_PROP_CERT_POSTSAVE_COMMAND "cert-postsave-command" #define CM_DBUS_PROP_CERT_POSTSAVE_UID "cert-postsave-uid" #define CM_DBUS_PROP_CERT_ISSUER "issuer" #define CM_DBUS_PROP_CERT_SERIAL "serial" #define CM_DBUS_PROP_CERT_SUBJECT "subject" #define CM_DBUS_PROP_CERT_NOT_VALID_BEFORE "not-valid-before" #define CM_DBUS_PROP_CERT_NOT_VALID_AFTER "not-valid-after" #define CM_DBUS_PROP_CERT_EMAIL "email" #define CM_DBUS_PROP_CERT_KU "ku" #define CM_DBUS_PROP_CERT_EKU "eku" #define CM_DBUS_PROP_CERT_HOSTNAME "hostname" #define CM_DBUS_PROP_CERT_PRINCIPAL "principal" #define CM_DBUS_PROP_CERT_LAST_CHECKED "last-checked" #define CM_DBUS_PROP_CERT_LOCATION_TYPE "cert-storage" #define CM_DBUS_PROP_CERT_LOCATION_FILE "cert-file" #define CM_DBUS_PROP_CERT_LOCATION_DATABASE "cert-database" #define CM_DBUS_PROP_CERT_LOCATION_NICKNAME "cert-nickname" #define CM_DBUS_PROP_CERT_LOCATION_TOKEN "cert-token" #define CM_DBUS_PROP_CERT_OWNER "cert-owner" #define CM_DBUS_PROP_CERT_PERMS "cert-perms" #define CM_DBUS_PROP_CSR "csr" #define CM_DBUS_PROP_TEMPLATE_SUBJECT "template-subject" #define CM_DBUS_PROP_TEMPLATE_EMAIL "template-email" #define CM_DBUS_PROP_TEMPLATE_KU "template-ku" #define CM_DBUS_PROP_TEMPLATE_EKU "template-eku" #define CM_DBUS_PROP_TEMPLATE_HOSTNAME "template-hostname" #define CM_DBUS_PROP_TEMPLATE_PRINCIPAL "template-principal" #define CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD "template-challenge-password" #define CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE "template-challenge-password-file" #define CM_DBUS_PROP_KEY_LOCATION_TYPE "key-storage" #define CM_DBUS_PROP_KEY_LOCATION_FILE "key-file" #define CM_DBUS_PROP_KEY_LOCATION_DATABASE "key-database" #define CM_DBUS_PROP_KEY_LOCATION_NICKNAME "key-nickname" #define CM_DBUS_PROP_KEY_LOCATION_TOKEN "key-token" #define CM_DBUS_PROP_KEY_OWNER "key-owner" #define CM_DBUS_PROP_KEY_PERMS "key-perms" #define CM_DBUS_PROP_KEY_TYPE "key-type" #define CM_DBUS_PROP_KEY_SIZE "key-size" #define CM_DBUS_PROP_NSS_USER "nss-user" #define CM_DBUS_PROP_MONITORING "monitoring" #define CM_DBUS_PROP_NOTIFICATION_TYPE "notification-type" #define CM_DBUS_PROP_NOTIFICATION_SYSLOG_PRIORITY "notification-syslog-priority" #define CM_DBUS_PROP_NOTIFICATION_EMAIL "notification-email" #define CM_DBUS_PROP_NOTIFICATION_COMMAND "notification-command" #define CM_DBUS_PROP_KEY_PIN_FILE "key-pin-file" #define CM_DBUS_PROP_KEY_PIN "key-pin" #define CM_DBUS_PROP_KEY_GEN_DATE "key-generated-date" #define CM_DBUS_PROP_KEY_ISSUED_COUNT "key-issued-count" #define CM_DBUS_PROP_STATUS "status" #define CM_DBUS_PROP_STUCK "stuck" #define CM_DBUS_PROP_CA "ca" #define CM_DBUS_PROP_CA_PROFILE "ca-profile" #define CM_DBUS_PROP_CA_COOKIE "ca-cookie" #define CM_DBUS_PROP_CA_ERROR "ca-error" #define CM_DBUS_PROP_SUBMITTED_DATE "submitted-date" #define CM_DBUS_PROP_IS_DEFAULT "is-default" #define CM_DBUS_PROP_EXTERNAL_HELPER "external-helper" #define CM_DBUS_PROP_ISSUER_NAMES "issuer-names" #define CM_DBUS_PROP_TEMPLATE_IP_ADDRESS "template-ip-address" #define CM_DBUS_PROP_TEMPLATE_IS_CA "template-is-ca" #define CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH "template-ca-path-length" #define CM_DBUS_PROP_TEMPLATE_OCSP "template-ocsp" #define CM_DBUS_PROP_TEMPLATE_CRL_DP "template-crldp" #define CM_DBUS_PROP_TEMPLATE_FRESHEST_CRL "template-freshest-crl" #define CM_DBUS_PROP_TEMPLATE_NS_COMMENT "template-ns-comment" #define CM_DBUS_PROP_TEMPLATE_PROFILE "template-profile" #define CM_DBUS_PROP_TEMPLATE_ISSUER "template-issuer" #define CM_DBUS_PROP_TEMPLATE_NS_CERTTYPE "template-ns-certtype" #define CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE "template-ms-certificate-template" #define CM_DBUS_SIGNAL_REQUEST_CERT_SAVED "SavedCertificate" #define CM_DBUS_PROP_CA_PRESAVE_COMMAND "ca-presave-command" #define CM_DBUS_PROP_CA_PRESAVE_UID "ca-presave-uid" #define CM_DBUS_PROP_CA_POSTSAVE_COMMAND "ca-postsave-command" #define CM_DBUS_PROP_CA_POSTSAVE_UID "ca-postsave-uid" #define CM_DBUS_PROP_ROOT_CERTS "root-certs" #define CM_DBUS_PROP_OTHER_ROOT_CERTS "root-other-certs" #define CM_DBUS_PROP_OTHER_CERTS "other-certs" #define CM_DBUS_PROP_SCEP_CIPHER "scep-cipher" #define CM_DBUS_PROP_SCEP_DIGEST "scep-digest" #define CM_DBUS_PROP_SCEP_CA_IDENTIFIER "scep-ca-identifier" #define CM_DBUS_PROP_SCEP_CA_CAPABILITIES "scep-ca-capabilities" #define CM_DBUS_PROP_SCEP_RA_CERT "scep-ra-cert" #define CM_DBUS_PROP_SCEP_CA_CERT "scep-ca-cert" #define CM_DBUS_PROP_SCEP_OTHER_CERTS "scep-other-certs" #define CM_DBUS_PROP_ROOT_CERT_FILES "root-cert-files" #define CM_DBUS_PROP_OTHER_ROOT_CERT_FILES "root-other-cert-files" #define CM_DBUS_PROP_OTHER_CERT_FILES "other-cert-files" #define CM_DBUS_PROP_ROOT_CERT_NSSDBS "root-cert-nssdbs" #define CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS "root-other-cert-nssdbs" #define CM_DBUS_PROP_OTHER_CERT_NSSDBS "other-cert-nssdbs" #define CM_DBUS_PROP_SUPPORTED_PROFILES "supported-profiles" #define CM_DBUS_PROP_DEFAULT_PROFILE "default-profile" #define CM_DBUS_PROP_REQUIRED_ENROLL_ATTRIBUTES "required-enroll-attributes" #define CM_DBUS_PROP_REQUIRED_RENEW_ATTRIBUTES "required-renew-attributes" #define CM_DBUS_PROP_AKA "aka" enum cm_tdbus_type { cm_tdbus_system, cm_tdbus_session, cm_tdbus_private }; int cm_tdbus_setup_public(struct tevent_context *ec, enum cm_tdbus_type bus_type, void *data, DBusError *error); int cm_tdbus_setup_private(struct tevent_context *ec, void *data, const char *socket_path, char **address, DBusError *error); #endif certmonger-0.79.19/src/tdbush.c0000644000175000017500000100333114511314133015657 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "cm.h" #include "certext.h" #include "prefs.h" #include "store.h" #include "store-int.h" #include "submit-int.h" #include "tdbus.h" #include "tdbush.h" #include "tdbusm.h" #ifdef ENABLE_NLS #include #define _(_text) dgettext(PACKAGE, _text) #else #define _(_text) (_text) #endif /* Things we know about the calling client. */ struct cm_client_info { uid_t uid; pid_t pid; }; /* Convenience functions. */ static struct cm_store_entry * get_entry_for_path(struct cm_context *ctx, const char *path) { int initial; if (path != NULL) { initial = strlen(CM_DBUS_REQUEST_PATH); if (strncmp(path, CM_DBUS_REQUEST_PATH, initial) == 0) { if (path[initial] == '/') { return cm_get_entry_by_busname(ctx, path + initial + 1); } } } return NULL; } static struct cm_store_entry * get_entry_for_request_message(DBusMessage *msg, struct cm_context *ctx) { return msg ? get_entry_for_path(ctx, dbus_message_get_path(msg)) : NULL; } static struct cm_store_ca * get_ca_for_path(struct cm_context *ctx, const char *path) { int initial; if (path != NULL) { initial = strlen(CM_DBUS_CA_PATH); if (strncmp(path, CM_DBUS_CA_PATH, initial) == 0) { if (path[initial] == '/') { return cm_get_ca_by_busname(ctx, path + initial + 1); } } } return NULL; } static struct cm_store_ca * get_ca_for_request_message(DBusMessage *msg, struct cm_context *ctx) { return msg ? get_ca_for_path(ctx, dbus_message_get_path(msg)) : NULL; } /* These used to be local functions, but we ended up using them elsewhere. * Should probably just be reworked where we use them. */ static char * maybe_strdup(void *parent, const char *s) { return cm_store_maybe_strdup(parent, s); } static char ** maybe_strdupv(void *parent, char **s) { return cm_store_maybe_strdupv(parent, s); } /* Convenience functions for returning errors from the base object to callers. */ static DBusHandlerResult send_internal_base_error(DBusConnection *conn, DBusMessage *req) { DBusMessage *msg; msg = dbus_message_new_error(req, CM_DBUS_ERROR_BASE_INTERNAL, _("An internal error has occurred.")); if (msg != NULL) { dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } static DBusHandlerResult send_internal_base_missing_arg_error(DBusConnection *conn, DBusMessage *req, const char *text, const char *arg) { DBusMessage *msg; msg = dbus_message_new_error(req, CM_DBUS_ERROR_BASE_MISSING_ARG, text); if (msg != NULL) { cm_tdbusm_set_s(msg, arg); dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } static DBusHandlerResult send_internal_base_bad_arg_error(DBusConnection *conn, DBusMessage *req, const char *text, const char *badval, const char *arg) { DBusMessage *msg; msg = dbus_message_new_error_printf(req, CM_DBUS_ERROR_BASE_BAD_ARG, text, badval); if (msg != NULL) { cm_tdbusm_set_s(msg, arg); dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } static DBusHandlerResult send_internal_base_duplicate_error(DBusConnection *conn, DBusMessage *req, const char *text, const char *dup, const char *arg1, const char *arg2) { DBusMessage *msg; const char *args[] = {arg1, arg2, NULL}; msg = dbus_message_new_error_printf(req, CM_DBUS_ERROR_BASE_DUPLICATE, text, dup); if (msg != NULL) { cm_tdbusm_set_as(msg, args); dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } static DBusHandlerResult send_internal_base_no_such_entry_error(DBusConnection *conn, DBusMessage *req) { DBusMessage *msg; msg = dbus_message_new_error(req, CM_DBUS_ERROR_BASE_NO_SUCH_ENTRY, _("No matching entry found.\n")); if (msg != NULL) { dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Some validity-testing we do for caller-supplied arguments. */ static int check_arg_is_absolute_path(const char *path) { if (path[0] == '/') { return 0; } else { errno = EINVAL; return -1; } } static int check_arg_is_absolute_nss_path(const char *path) { if (strncmp(path, "sql:", 4) == 0) { path += 4; } else if (strncmp(path, "dbm:", 4) == 0) { path += 4; } else if (strncmp(path, "rdb:", 4) == 0) { path += 4; } else if (strncmp(path, "extern:", 7) == 0) { path += 7; } if (path[0] == '/') { return 0; } else { errno = EINVAL; return -1; } } static int check_arg_is_directory(const char *path) { struct stat st; if (stat(path, &st) == 0) { if (S_ISDIR(st.st_mode)) { if (access(path, R_OK | W_OK) == 0) { return 0; } } } return -1; } static int check_arg_is_nss_directory(const char *path) { struct stat st; if (strncmp(path, "sql:", 4) == 0) { path += 4; } else if (strncmp(path, "dbm:", 4) == 0) { path += 4; } else if (strncmp(path, "rdb:", 4) == 0) { path += 4; } else if (strncmp(path, "extern:", 7) == 0) { path += 7; } if (stat(path, &st) == 0) { if (S_ISDIR(st.st_mode)) { if (access(path, R_OK | W_OK) == 0) { return 0; } } } return -1; } static int check_arg_is_reg_or_missing(const char *path) { struct stat st; if (stat(path, &st) == 0) { if (S_ISREG(st.st_mode)) { return 0; } } else { if (errno == ENOENT) { return 0; } } return -1; } static int check_arg_parent_is_directory(const char *path) { char *tmp, *p; int ret, err; if (check_arg_is_absolute_path(path) != 0) { return -1; } tmp = strdup(path); if (tmp != NULL) { p = strrchr(tmp, '/'); if (p != NULL) { if (p > tmp) { *p = '\0'; } else { *(p + 1) = '\0'; } ret = check_arg_is_directory(tmp); err = errno; free(tmp); errno = err; return ret; } else { free(tmp); errno = EINVAL; return -1; } } errno = ENOMEM; return -1; } /* org.fedorahosted.certmonger.add_known_ca */ static DBusHandlerResult base_add_known_ca(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; void *parent; char *ca_name, *ca_command, **ca_issuer_names, *path; struct cm_store_ca *ca, *new_ca; int i, n_cas; parent = talloc_new(NULL); if (cm_tdbusm_get_ssoas(msg, parent, &ca_name, &ca_command, &ca_issuer_names) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } n_cas = cm_get_n_cas(ctx); for (i = 0; i < n_cas; i++) { ca = cm_get_ca_by_index(ctx, i); if (strcasecmp(ca->cm_nickname, ca_name) == 0) { cm_log(1, "There is already a CA with " "the nickname \"%s\": %s.\n", ca->cm_nickname, ca->cm_busname); talloc_free(parent); return send_internal_base_duplicate_error(conn, msg, _("There is already a CA with the nickname \"%s\"."), ca->cm_nickname, NULL, NULL); } } /* Okay, we can go ahead and add the CA. */ new_ca = cm_store_ca_new(parent); if (new_ca == NULL) { talloc_free(parent); return send_internal_base_error(conn, msg); } memset(new_ca, 0, sizeof(*new_ca)); /* Populate it with all of the information we have. */ new_ca->cm_busname = cm_store_ca_next_busname(new_ca); new_ca->cm_nickname = talloc_strdup(new_ca, ca_name); new_ca->cm_ca_known_issuer_names = maybe_strdupv(new_ca, ca_issuer_names); new_ca->cm_ca_is_default = 0; new_ca->cm_ca_type = cm_ca_external; new_ca->cm_ca_external_helper = talloc_strdup(new_ca, ca_command); /* Hand it off to the main loop. */ if (cm_add_ca(ctx, new_ca) != 0) { cm_log(1, "Error adding CA to main context.\n"); rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_b(rep, FALSE); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); } talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { rep = dbus_message_new_method_return(msg); if (rep != NULL) { path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, new_ca->cm_busname); cm_tdbusm_set_bp(rep, TRUE, path); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { talloc_free(parent); return send_internal_base_error(conn, msg); } } } /* org.fedorahosted.certmonger.add_request */ static DBusHandlerResult base_add_request(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; DBusHandlerResult ret; void *parent; struct cm_tdbusm_dict **d; const struct cm_tdbusm_dict *param; struct cm_store_entry *e, *new_entry; struct cm_store_ca *ca; int i, n_entries; enum cm_key_storage_type key_storage; char *key_location, *key_nickname, *key_token, *key_pin, *key_pin_file; char *challenge_password, *challenge_password_file; enum cm_cert_storage_type cert_storage; char *cert_location, *cert_nickname, *cert_token; char *cert_owner, *key_owner; char *nss_user; mode_t cert_perms, key_perms; char *path, *pre_command, *post_command; char **root_cert_nssdbs, **root_cert_files; char **other_root_cert_nssdbs, **other_root_cert_files; char **other_cert_nssdbs, **other_cert_files; parent = talloc_new(NULL); if (cm_tdbusm_get_d(msg, parent, &d) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Certificate storage. */ param = cm_tdbusm_find_dict_entry(d, "CERT_STORAGE", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_LOCATION_TYPE, cm_tdbusm_dict_s); } if (param == NULL) { /* This is a required parameter. */ cm_log(1, "Certificate storage type not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Certificate storage type not specified."), "CERT_STORAGE"); } else { /* Check that it's a known/supported type. */ if (strcasecmp(param->value.s, "FILE") == 0) { cert_storage = cm_cert_storage_file; } else if (strcasecmp(param->value.s, "NSSDB") == 0) { cert_storage = cm_cert_storage_nssdb; } else { cm_log(1, "Unknown cert storage type \"%s\".\n", param->value.s); ret = send_internal_base_bad_arg_error(conn, msg, _("Certificate storage type \"%s\" not supported."), param->value.s, "CERT_STORAGE"); talloc_free(parent); return ret; } } /* Handle parameters for either a PIN or the location of a PIN. */ param = cm_tdbusm_find_dict_entry(d, "KEY_PIN", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_PIN, cm_tdbusm_dict_s); } if ((param == NULL) || (param->value.s == NULL) || (strlen(param->value.s) == 0)) { key_pin = NULL; } else { key_pin = param->value.s; key_pin_file = NULL; } param = cm_tdbusm_find_dict_entry(d, "KEY_PIN_FILE", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_PIN_FILE, cm_tdbusm_dict_s); } if ((param == NULL) || (param->value.s == NULL) || (strlen(param->value.s) == 0)) { key_pin_file = NULL; } else { if (check_arg_is_absolute_path(param->value.s) != 0) { cm_log(1, "PIN storage location is not an absolute " "path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, "KEY_PIN_FILE"); talloc_free(parent); return ret; } key_pin_file = param->value.s; key_pin = NULL; } /* Check that other required information about the * certificate's location is provided. */ cert_location = NULL; cert_nickname = NULL; cert_token = NULL; switch (cert_storage) { case cm_cert_storage_file: param = cm_tdbusm_find_dict_entry(d, "CERT_LOCATION", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_LOCATION_FILE, cm_tdbusm_dict_s); } if (param == NULL) { cm_log(1, "Certificate storage location not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Certificate storage location not specified."), "CERT_LOCATION"); } if (check_arg_is_absolute_path(param->value.s) != 0) { cm_log(1, "Certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, "CERT_LOCATION"); talloc_free(parent); return ret; } if (check_arg_parent_is_directory(param->value.s) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.s, "CERT_LOCATION"); break; default: cm_log(1, "Certificate storage location is not inside of a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" must be a valid directory."), param->value.s, "CERT_LOCATION"); break; } talloc_free(parent); return ret; } if (check_arg_is_reg_or_missing(param->value.s) != 0) { cm_log(1, "Certificate storage location is not a regular file.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a file."), param->value.s, "CERT_LOCATION"); talloc_free(parent); return ret; } cert_location = param->value.s; cert_nickname = NULL; cert_token = NULL; break; case cm_cert_storage_nssdb: param = cm_tdbusm_find_dict_entry(d, "CERT_LOCATION", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_LOCATION_DATABASE, cm_tdbusm_dict_s); } if (param == NULL) { cm_log(1, "Certificate storage location not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Certificate storage location not specified."), "CERT_LOCATION"); } if (check_arg_is_absolute_nss_path(param->value.s) != 0) { cm_log(1, "Certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, "CERT_LOCATION"); talloc_free(parent); return ret; } if (check_arg_is_nss_directory(param->value.s) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.s, "CERT_LOCATION"); break; default: cm_log(1, "Certificate storage location must be a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a directory."), param->value.s, "CERT_LOCATION"); break; } talloc_free(parent); return ret; } cert_location = cm_store_canonicalize_path(parent, param->value.s); param = cm_tdbusm_find_dict_entry(d, "CERT_NICKNAME", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_LOCATION_NICKNAME, cm_tdbusm_dict_s); } if (param == NULL || param->value.s == NULL || strlen(param->value.s) == 0) { cm_log(1, "Certificate nickname not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Certificate nickname not specified."), "CERT_NICKNAME"); } cert_nickname = param->value.s; param = cm_tdbusm_find_dict_entry(d, "CERT_TOKEN", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_LOCATION_TOKEN, cm_tdbusm_dict_s); } if (param == NULL) { cert_token = NULL; } else { cert_token = param->value.s; } break; } if (cert_location == NULL) { cm_log(1, "Certificate storage location not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Certificate storage location not specified."), "CERT_LOCATION"); } /* Check that the requested nickname will be unique. */ param = cm_tdbusm_find_dict_entry(d, "NICKNAME", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_NICKNAME, cm_tdbusm_dict_s); } if (param != NULL) { n_entries = cm_get_n_entries(ctx); for (i = 0; i < n_entries; i++) { e = cm_get_entry_by_index(ctx, i); if (strcasecmp(e->cm_nickname, param->value.s) == 0) { cm_log(1, "There is already a request with " "the nickname \"%s\": %s.\n", e->cm_nickname, e->cm_busname); talloc_free(parent); return send_internal_base_duplicate_error(conn, msg, _("There is already a request with the nickname \"%s\"."), e->cm_nickname, "NICKNAME", NULL); } } } /* Check for a duplicate of another entry's certificate storage * information. */ n_entries = cm_get_n_entries(ctx); for (i = 0; i < n_entries; i++) { e = cm_get_entry_by_index(ctx, i); if (cert_storage != e->cm_cert_storage_type) { continue; } if ((e->cm_cert_storage_location == NULL) || strcmp(cert_location, e->cm_cert_storage_location) != 0) { continue; } switch (cert_storage) { case cm_cert_storage_file: break; case cm_cert_storage_nssdb: if ((e->cm_cert_nickname == NULL) || strcmp(cert_nickname, e->cm_cert_nickname) != 0) { continue; } break; } break; } if (i < n_entries) { /* We found a match, and that's bad. */ cm_log(1, "Certificate at same location is already being " "used for request %s with nickname \"%s\".\n", e->cm_busname, e->cm_nickname); talloc_free(parent); return send_internal_base_duplicate_error(conn, msg, _("Certificate at same location is already used by request with nickname \"%s\"."), e->cm_nickname, "CERT_LOCATION", cert_storage == cm_cert_storage_nssdb ? "CERT_NICKNAME" : NULL); } /* Key storage. We can afford to be a bit more lax about this because * we don't require that we know anything about the key. */ param = cm_tdbusm_find_dict_entry(d, "KEY_STORAGE", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_LOCATION_TYPE, cm_tdbusm_dict_s); } if (param == NULL) { key_storage = cm_key_storage_none; key_location = NULL; key_token = NULL; key_nickname = NULL; } else { /* Check that it's a known/supported type. */ if (strcasecmp(param->value.s, "FILE") == 0) { key_storage = cm_key_storage_file; } else if (strcasecmp(param->value.s, "NSSDB") == 0) { key_storage = cm_key_storage_nssdb; } else if (strcasecmp(param->value.s, "NONE") == 0) { key_storage = cm_key_storage_none; } else { cm_log(1, "Unknown key storage type \"%s\".\n", param->value.s); ret = send_internal_base_bad_arg_error(conn, msg, _("Key storage type \"%s\" not supported."), param->value.s, "KEY_STORAGE"); talloc_free(parent); return ret; } /* Check that other required information about the key's * location is provided. */ switch (key_storage) { case cm_key_storage_none: key_location = NULL; key_nickname = NULL; key_token = NULL; break; case cm_key_storage_file: param = cm_tdbusm_find_dict_entry(d, "KEY_LOCATION", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_LOCATION_FILE, cm_tdbusm_dict_s); } if (param == NULL) { cm_log(1, "Key storage location not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Key storage location not specified."), "KEY_LOCATION"); } if (check_arg_is_absolute_path(param->value.s) != 0) { cm_log(1, "Key storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, "KEY_LOCATION"); talloc_free(parent); return ret; } if (check_arg_parent_is_directory(param->value.s) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access key storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.s, "KEY_LOCATION"); break; default: cm_log(1, "Key storage location is not inside of a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" must be a valid directory."), param->value.s, "KEY_LOCATION"); break; } talloc_free(parent); return ret; } if (check_arg_is_reg_or_missing(param->value.s) != 0) { cm_log(1, "Key storage location is not a regular file.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a file."), param->value.s, "KEY_LOCATION"); talloc_free(parent); return ret; } key_location = param->value.s; key_nickname = NULL; key_token = NULL; break; case cm_key_storage_nssdb: param = cm_tdbusm_find_dict_entry(d, "KEY_LOCATION", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_LOCATION_DATABASE, cm_tdbusm_dict_s); } if (param == NULL) { cm_log(1, "Key storage location not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Key storage location not specified."), "KEY_LOCATION"); } if (check_arg_is_absolute_nss_path(param->value.s) != 0) { cm_log(1, "Key storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, "KEY_LOCATION"); talloc_free(parent); return ret; } if (check_arg_is_nss_directory(param->value.s) != 0) { cm_log(1, "Key storage location must be a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a directory."), param->value.s, "KEY_LOCATION"); talloc_free(parent); return ret; } key_location = cm_store_canonicalize_path(parent, param->value.s); param = cm_tdbusm_find_dict_entry(d, "KEY_NICKNAME", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_LOCATION_NICKNAME, cm_tdbusm_dict_s); } if (param == NULL) { cm_log(1, "Key nickname not specified.\n"); talloc_free(parent); return send_internal_base_missing_arg_error(conn, msg, _("Key nickname not specified."), "KEY_NICKNAME"); } key_nickname = param->value.s; param = cm_tdbusm_find_dict_entry(d, "KEY_TOKEN", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_LOCATION_TOKEN, cm_tdbusm_dict_s); } if (param == NULL) { key_token = NULL; } else { key_token = param->value.s; } break; } /* Check for a duplicate of another entry's key storage * information. */ n_entries = cm_get_n_entries(ctx); for (i = 0; i < n_entries; i++) { e = cm_get_entry_by_index(ctx, i); if (key_storage != e->cm_key_storage_type) { continue; } switch (key_storage) { case cm_key_storage_none: continue; break; case cm_key_storage_file: if (strcmp(key_location, e->cm_key_storage_location) != 0) { continue; } break; case cm_key_storage_nssdb: if (strcmp(key_location, e->cm_key_storage_location) != 0) { continue; } if (strcmp(key_nickname, e->cm_key_nickname) != 0) { continue; } break; } break; } if (i < n_entries) { /* We found a match, and that's bad. */ cm_log(1, "Key at same location is already being " "used for request %s with nickname \"%s\".\n", e->cm_busname, e->cm_nickname); talloc_free(parent); return send_internal_base_duplicate_error(conn, msg, _("Key at same location is already used by request with nickname \"%s\"."), e->cm_nickname, "KEY_LOCATION", key_storage == cm_key_storage_nssdb ? "KEY_NICKNAME" : NULL); } } /* Find out where to save the root certificates. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_ROOT_CERT_NSSDBS, cm_tdbusm_dict_as); for (i = 0; (param != NULL) && (param->value.as != NULL) && (param->value.as[i] != NULL); i++) { if (check_arg_is_absolute_nss_path(param->value.as[i]) != 0) { cm_log(1, "Root certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.as[i], CM_DBUS_PROP_ROOT_CERT_NSSDBS); talloc_free(parent); return ret; } if (check_arg_is_nss_directory(param->value.as[i]) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access root certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.s, CM_DBUS_PROP_ROOT_CERT_NSSDBS); break; default: cm_log(1, "Certificate storage location must be a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a directory."), param->value.s, CM_DBUS_PROP_ROOT_CERT_NSSDBS); break; } talloc_free(parent); return ret; } } if (param != NULL) { root_cert_nssdbs = param->value.as; } else { root_cert_nssdbs = NULL; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_ROOT_CERT_FILES, cm_tdbusm_dict_as); for (i = 0; (param != NULL) && (param->value.as != NULL) && (param->value.as[i] != NULL); i++) { if (check_arg_is_absolute_path(param->value.as[i]) != 0) { cm_log(1, "Root certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.as[i], CM_DBUS_PROP_ROOT_CERT_FILES); talloc_free(parent); return ret; } if (check_arg_parent_is_directory(param->value.as[i]) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access root certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.as[i], CM_DBUS_PROP_ROOT_CERT_FILES); break; default: cm_log(1, "Root certificate storage location is not inside of a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" must be a valid directory."), param->value.as[i], CM_DBUS_PROP_ROOT_CERT_FILES); break; } talloc_free(parent); return ret; } if (check_arg_is_reg_or_missing(param->value.as[i]) != 0) { cm_log(1, "Root certificate storage location is not a regular file.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a file."), param->value.as[i], CM_DBUS_PROP_ROOT_CERT_FILES); talloc_free(parent); return ret; } } if (param != NULL) { root_cert_files = param->value.as; } else { root_cert_files = NULL; } /* Find out where to save the other root certificates. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS, cm_tdbusm_dict_as); for (i = 0; (param != NULL) && (param->value.as != NULL) && (param->value.as[i] != NULL); i++) { if (check_arg_is_absolute_nss_path(param->value.as[i]) != 0) { cm_log(1, "Other root certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.as[i], CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS); talloc_free(parent); return ret; } if (check_arg_is_nss_directory(param->value.as[i]) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access root certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.s, CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS); break; default: cm_log(1, "Certificate storage location must be a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a directory."), param->value.s, CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS); break; } talloc_free(parent); return ret; } } if (param != NULL) { other_root_cert_nssdbs = param->value.as; } else { other_root_cert_nssdbs = NULL; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_OTHER_ROOT_CERT_FILES, cm_tdbusm_dict_as); for (i = 0; (param != NULL) && (param->value.as != NULL) && (param->value.as[i] != NULL); i++) { if (check_arg_is_absolute_path(param->value.as[i]) != 0) { cm_log(1, "Other root certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.as[i], CM_DBUS_PROP_OTHER_ROOT_CERT_FILES); talloc_free(parent); return ret; } if (check_arg_parent_is_directory(param->value.as[i]) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access other root certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.as[i], CM_DBUS_PROP_OTHER_ROOT_CERT_FILES); break; default: cm_log(1, "Other root certificate storage location is not inside of a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" must be a valid directory."), param->value.as[i], CM_DBUS_PROP_OTHER_ROOT_CERT_FILES); break; } talloc_free(parent); return ret; } if (check_arg_is_reg_or_missing(param->value.as[i]) != 0) { cm_log(1, "Other root certificate storage location is not a regular file.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a file."), param->value.as[i], CM_DBUS_PROP_OTHER_ROOT_CERT_FILES); talloc_free(parent); return ret; } } if (param != NULL) { other_root_cert_files = param->value.as; } else { other_root_cert_files = NULL; } /* Find out where to save the other certificates supplied by the CA. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_OTHER_CERT_NSSDBS, cm_tdbusm_dict_as); for (i = 0; (param != NULL) && (param->value.as != NULL) && (param->value.as[i] != NULL); i++) { if (check_arg_is_absolute_nss_path(param->value.as[i]) != 0) { cm_log(1, "Other certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.as[i], CM_DBUS_PROP_OTHER_CERT_NSSDBS); talloc_free(parent); return ret; } if (check_arg_is_nss_directory(param->value.as[i]) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access other certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.s, CM_DBUS_PROP_OTHER_CERT_NSSDBS); break; default: cm_log(1, "Other certificate storage location must be a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a directory."), param->value.s, CM_DBUS_PROP_OTHER_CERT_NSSDBS); break; } talloc_free(parent); return ret; } } if (param != NULL) { other_cert_nssdbs = param->value.as; } else { other_cert_nssdbs = NULL; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_OTHER_CERT_FILES, cm_tdbusm_dict_as); for (i = 0; (param != NULL) && (param->value.as != NULL) && (param->value.as[i] != NULL); i++) { if (check_arg_is_absolute_path(param->value.as[i]) != 0) { cm_log(1, "Other root certificate storage location is not an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.as[i], CM_DBUS_PROP_OTHER_CERT_FILES); talloc_free(parent); return ret; } if (check_arg_parent_is_directory(param->value.as[i]) != 0) { switch (errno) { case EACCES: case EPERM: cm_log(1, "Not allowed to access other root certificate storage location.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" could not be accessed due " "to insufficient permissions."), param->value.as[i], CM_DBUS_PROP_OTHER_CERT_FILES); break; default: cm_log(1, "Other root certificate storage location is not inside of a directory.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The parent of location \"%s\" must be a valid directory."), param->value.as[i], CM_DBUS_PROP_OTHER_CERT_FILES); break; } talloc_free(parent); return ret; } if (check_arg_is_reg_or_missing(param->value.as[i]) != 0) { cm_log(1, "Other root certificate storage location is not a regular file.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be a file."), param->value.as[i], CM_DBUS_PROP_OTHER_CERT_FILES); talloc_free(parent); return ret; } } if (param != NULL) { other_cert_files = param->value.as; } else { other_cert_files = NULL; } /* What to run before we save the certificate. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_PRESAVE_COMMAND, cm_tdbusm_dict_s); if (param != NULL) { pre_command = param->value.s; } else { pre_command = NULL; } /* What to run after we save the certificate. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_POSTSAVE_COMMAND, cm_tdbusm_dict_s); if (param != NULL) { post_command = param->value.s; } else { post_command = NULL; } /* Permissions to set on the keys and certificates. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_OWNER, cm_tdbusm_dict_s); if (param != NULL) { cert_owner = param->value.s; } else { cert_owner = NULL; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CERT_PERMS, cm_tdbusm_dict_n); if (param != NULL) { cert_perms = param->value.n; } else { cert_perms = 0; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_OWNER, cm_tdbusm_dict_s); if (param != NULL) { key_owner = param->value.s; } else { key_owner = NULL; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_PERMS, cm_tdbusm_dict_n); if (param != NULL) { key_perms = param->value.n; } else { key_perms = 0; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_NSS_USER, cm_tdbusm_dict_s); if (param != NULL) { nss_user = param->value.s; cm_log(1, "Setting CM_DBUS_PROP_NSS_USER to %s\n", nss_user); } else { nss_user = NULL; } /* Okay, we can go ahead and add the entry. */ new_entry = cm_store_entry_new(parent); if (new_entry == NULL) { talloc_free(parent); return send_internal_base_error(conn, msg); } memset(new_entry, 0, sizeof(*new_entry)); /* Populate it with all of the information we have. */ new_entry->cm_busname = cm_store_entry_next_busname(new_entry); param = cm_tdbusm_find_dict_entry(d, "NICKNAME", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_NICKNAME, cm_tdbusm_dict_s); } if (param != NULL) { new_entry->cm_nickname = talloc_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, "KEY_TYPE", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_TYPE, cm_tdbusm_dict_s); } if (param != NULL) { if (strcasecmp(param->value.s, "RSA") == 0) { new_entry->cm_key_type.cm_key_gen_algorithm = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (strcasecmp(param->value.s, "DSA") == 0) { new_entry->cm_key_type.cm_key_gen_algorithm = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if ((strcasecmp(param->value.s, "ECDSA") == 0) || (strcasecmp(param->value.s, "EC") == 0)) { new_entry->cm_key_type.cm_key_gen_algorithm = cm_key_ecdsa; #endif } else { cm_log(1, "No support for generating \"%s\" keys.\n", param->value.s); ret = send_internal_base_bad_arg_error(conn, msg, _("No support for key type \"%s\"."), param->value.s, "KEY_TYPE"); talloc_free(parent); return ret; } } else { new_entry->cm_key_type.cm_key_gen_algorithm = cm_prefs_preferred_key_algorithm(); } new_entry->cm_key_next_type.cm_key_gen_algorithm = new_entry->cm_key_type.cm_key_gen_algorithm; param = cm_tdbusm_find_dict_entry(d, "KEY_SIZE", cm_tdbusm_dict_n); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_KEY_SIZE, cm_tdbusm_dict_n); } if (param != NULL) { new_entry->cm_key_type.cm_key_gen_size = param->value.n; } else { new_entry->cm_key_type.cm_key_gen_size = cm_prefs_preferred_rsa_key_size(); } switch (new_entry->cm_key_type.cm_key_gen_algorithm) { case cm_key_rsa: if (new_entry->cm_key_type.cm_key_gen_size < CM_MINIMUM_RSA_KEY_SIZE) { new_entry->cm_key_type.cm_key_gen_size = CM_MINIMUM_RSA_KEY_SIZE; } break; #ifdef CM_ENABLE_DSA case cm_key_dsa: if (new_entry->cm_key_type.cm_key_gen_size < CM_MINIMUM_DSA_KEY_SIZE) { new_entry->cm_key_type.cm_key_gen_size = CM_MINIMUM_DSA_KEY_SIZE; } break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: if (new_entry->cm_key_type.cm_key_gen_size < CM_MINIMUM_EC_KEY_SIZE) { new_entry->cm_key_type.cm_key_gen_size = CM_MINIMUM_EC_KEY_SIZE; } break; #endif case cm_key_unspecified: default: break; } new_entry->cm_key_next_type.cm_key_gen_size = new_entry->cm_key_type.cm_key_gen_size; /* Key and certificate storage. */ new_entry->cm_key_storage_type = key_storage; new_entry->cm_key_storage_location = maybe_strdup(new_entry, key_location); new_entry->cm_key_nickname = maybe_strdup(new_entry, key_nickname); new_entry->cm_key_token = maybe_strdup(new_entry, key_token); new_entry->cm_key_pin = maybe_strdup(new_entry, key_pin); new_entry->cm_key_pin_file = maybe_strdup(new_entry, key_pin_file); new_entry->cm_key_owner = maybe_strdup(new_entry, key_owner); new_entry->cm_key_perms = key_perms; new_entry->cm_cert_storage_type = cert_storage; new_entry->cm_cert_storage_location = maybe_strdup(new_entry, cert_location); new_entry->cm_cert_nickname = maybe_strdup(new_entry, cert_nickname); new_entry->cm_cert_token = maybe_strdup(new_entry, cert_token); new_entry->cm_cert_owner = maybe_strdup(new_entry, cert_owner); new_entry->cm_cert_perms = cert_perms; new_entry->cm_nss_user = maybe_strdup(new_entry, nss_user); new_entry->cm_root_cert_store_nssdbs = maybe_strdupv(new_entry, root_cert_nssdbs); new_entry->cm_root_cert_store_files = maybe_strdupv(new_entry, root_cert_files); new_entry->cm_other_root_cert_store_nssdbs = maybe_strdupv(new_entry, other_root_cert_nssdbs); new_entry->cm_other_root_cert_store_files = maybe_strdupv(new_entry, other_root_cert_files); new_entry->cm_other_cert_store_nssdbs = maybe_strdupv(new_entry, other_cert_nssdbs); new_entry->cm_other_cert_store_files = maybe_strdupv(new_entry, other_cert_files); /* Which CA to use. */ param = cm_tdbusm_find_dict_entry(d, "CA", cm_tdbusm_dict_p); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CA, cm_tdbusm_dict_p); } if (param != NULL) { ca = get_ca_for_path(ctx, param->value.s); if (ca != NULL) { new_entry->cm_ca_nickname = talloc_strdup(new_entry, ca->cm_nickname); } else { cm_log(1, "No CA with path \"%s\" known.\n", param->value.s); ret = send_internal_base_bad_arg_error(conn, msg, _("No such CA."), param->value.s, "CA"); talloc_free(parent); return ret; } } /* What to tell the CA we want. */ param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CA_PROFILE, cm_tdbusm_dict_s); if (param != NULL) { new_entry->cm_template_profile = maybe_strdup(new_entry, param->value.s); } /* Behavior settings. */ param = cm_tdbusm_find_dict_entry(d, "TRACK", cm_tdbusm_dict_b); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_MONITORING, cm_tdbusm_dict_b); } if (param != NULL) { new_entry->cm_monitor = param->value.b; } else { new_entry->cm_monitor = cm_prefs_monitor(); } param = cm_tdbusm_find_dict_entry(d, "RENEW", cm_tdbusm_dict_b); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_AUTORENEW, cm_tdbusm_dict_b); } if (param != NULL) { new_entry->cm_autorenew = param->value.b; } else { new_entry->cm_autorenew = cm_prefs_autorenew(); } if (pre_command != NULL) { new_entry->cm_pre_certsave_uid = talloc_asprintf(new_entry, "%lu", (unsigned long) ci->uid); if (new_entry->cm_pre_certsave_uid != NULL) { new_entry->cm_pre_certsave_command = maybe_strdup(new_entry, pre_command); } } if (post_command != NULL) { new_entry->cm_post_certsave_uid = talloc_asprintf(new_entry, "%lu", (unsigned long) ci->uid); if (new_entry->cm_post_certsave_uid != NULL) { new_entry->cm_post_certsave_command = maybe_strdup(new_entry, post_command); } } /* Template information. */ param = cm_tdbusm_find_dict_entry(d, "SUBJECT", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_SUBJECT, cm_tdbusm_dict_s); } if (param != NULL) { new_entry->cm_template_subject = maybe_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, "KU", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_KU, cm_tdbusm_dict_s); } if (param != NULL) { new_entry->cm_template_ku = maybe_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, "EKU", cm_tdbusm_dict_as); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_EKU, cm_tdbusm_dict_as); } if (param != NULL) { new_entry->cm_template_eku = cm_submit_maybe_joinv(new_entry, ",", param->value.as); } param = cm_tdbusm_find_dict_entry(d, "PRINCIPAL", cm_tdbusm_dict_as); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_PRINCIPAL, cm_tdbusm_dict_as); } if (param != NULL) { new_entry->cm_template_principal = maybe_strdupv(new_entry, param->value.as); } param = cm_tdbusm_find_dict_entry(d, "DNS", cm_tdbusm_dict_as); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_HOSTNAME, cm_tdbusm_dict_as); } if (param != NULL) { new_entry->cm_template_hostname = maybe_strdupv(new_entry, param->value.as); } param = cm_tdbusm_find_dict_entry(d, "EMAIL", cm_tdbusm_dict_as); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_EMAIL, cm_tdbusm_dict_as); } if (param != NULL) { new_entry->cm_template_email = maybe_strdupv(new_entry, param->value.as); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_IP_ADDRESS, cm_tdbusm_dict_as); if (param != NULL) { new_entry->cm_template_ipaddress = maybe_strdupv(new_entry, param->value.as); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_IS_CA, cm_tdbusm_dict_b); if (param != NULL) { new_entry->cm_template_is_ca = param->value.b; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH, cm_tdbusm_dict_n); if (param != NULL) { new_entry->cm_template_ca_path_length = param->value.n; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_OCSP, cm_tdbusm_dict_as); if (param != NULL) { new_entry->cm_template_ocsp_location = maybe_strdupv(new_entry, param->value.as); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_CRL_DP, cm_tdbusm_dict_as); if (param != NULL) { new_entry->cm_template_crl_distribution_point = maybe_strdupv(new_entry, param->value.as); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_NS_COMMENT, cm_tdbusm_dict_s); if (param != NULL) { new_entry->cm_template_ns_comment = maybe_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_PROFILE, cm_tdbusm_dict_s); if (param != NULL) { new_entry->cm_template_profile = maybe_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_ISSUER, cm_tdbusm_dict_s); if (param != NULL) { new_entry->cm_template_issuer = maybe_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE, cm_tdbusm_dict_s); if (param != NULL) { if (param->value.s != NULL && strlen(param->value.s) > 0 && !cm_ms_template_valid(param->value.s)) { cm_log(1, "Invalid V2 certificate template specifier: %s", param->value.s); ret = send_internal_base_bad_arg_error( conn, msg, _("Invalid V2 certificate template specifier: %s"), param->value.s, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE); talloc_free(parent); return ret; } new_entry->cm_template_certificate_template = maybe_strdup(new_entry, param->value.s); } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD, cm_tdbusm_dict_s); if ((param != NULL) && (param->value.s != NULL) && (strlen(param->value.s) != 0)) { challenge_password = param->value.s; challenge_password_file = NULL; } else { challenge_password = NULL; } param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE, cm_tdbusm_dict_s); if ((param != NULL) && (param->value.s != NULL) && (strlen(param->value.s) != 0)) { if (check_arg_is_absolute_path(param->value.s) != 0) { cm_log(1, "Challenge password storage location is not " "an absolute path.\n"); ret = send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE); talloc_free(parent); return ret; } challenge_password_file = param->value.s; challenge_password = NULL; } else { challenge_password_file = NULL; } new_entry->cm_template_challenge_password = maybe_strdup(new_entry, challenge_password); new_entry->cm_template_challenge_password_file = maybe_strdup(new_entry, challenge_password_file); /* Hand it off to the main loop. */ new_entry->cm_state = CM_NEWLY_ADDED; if (cm_add_entry(ctx, new_entry) != 0) { cm_log(1, "Error adding entry to main loop.\n"); rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_b(rep, FALSE); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); } talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { rep = dbus_message_new_method_return(msg); if (rep != NULL) { path = talloc_asprintf(parent, "%s/%s", CM_DBUS_REQUEST_PATH, new_entry->cm_busname); cm_tdbusm_set_bp(rep, TRUE, path); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { talloc_free(parent); return send_internal_base_error(conn, msg); } } } /* org.fedorahosted.certmonger.find_request_by_nickname */ static DBusHandlerResult base_find_request_by_nickname(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { struct cm_store_entry *entry; DBusMessage *rep; void *parent; char *arg, *path; int i, n_entries; parent = talloc_new(NULL); path = NULL; if (cm_tdbusm_get_s(msg, parent, &arg) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } else { n_entries = cm_get_n_entries(ctx); for (i = 0; i < n_entries; i++) { entry = cm_get_entry_by_index(ctx, i); if (strcmp(arg, entry->cm_nickname) == 0) { path = talloc_asprintf(ctx, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); break; } } } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (path != NULL) { cm_tdbusm_set_p(rep, path); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { talloc_free(parent); return send_internal_base_error(conn, msg); } } /* org.fedorahosted.certmonger.find_ca_by_nickname */ static DBusHandlerResult base_find_ca_by_nickname(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { struct cm_store_ca *ca; DBusMessage *rep; void *parent; char *arg, *path; int i, n_cas; parent = talloc_new(NULL); path = NULL; if (cm_tdbusm_get_s(msg, parent, &arg) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } else { n_cas = cm_get_n_cas(ctx); for (i = 0; i < n_cas; i++) { ca = cm_get_ca_by_index(ctx, i); if (strcmp(arg, ca->cm_nickname) == 0) { path = talloc_asprintf(ctx, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); break; } } } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (path != NULL) { cm_tdbusm_set_p(rep, path); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { talloc_free(parent); return send_internal_base_error(conn, msg); } } /* org.fedorahosted.certmonger.get_known_cas */ static DBusHandlerResult base_get_known_cas(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { int i, n_cas; struct cm_store_ca *ca; char **ret; DBusMessage *rep; n_cas = cm_get_n_cas(ctx); ret = talloc_array(ctx, char *, n_cas + 1); if (ret != NULL) { for (i = 0; i < n_cas; i++) { ca = cm_get_ca_by_index(ctx, i); if (ca == NULL) { break; } ret[i] = talloc_asprintf(ret, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); } ret[i] = NULL; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_ap(rep, (const char **) ret); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(ret); return DBUS_HANDLER_RESULT_HANDLED; } else { talloc_free(ret); return send_internal_base_error(conn, msg); } } /* org.fedorahosted.certmonger.get_requests */ static DBusHandlerResult base_get_requests(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { int i, n_entries; struct cm_store_entry *entry; char **ret; DBusMessage *rep; n_entries = cm_get_n_entries(ctx); ret = talloc_array(ctx, char *, n_entries + 1); if (ret != NULL) { for (i = 0; i < n_entries; i++) { entry = cm_get_entry_by_index(ctx, i); if (entry == NULL) { break; } ret[i] = talloc_asprintf(ret, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); } ret[i] = NULL; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_ap(rep, (const char **) ret); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(ret); return DBUS_HANDLER_RESULT_HANDLED; } else { talloc_free(ret); return send_internal_base_error(conn, msg); } } /* org.fedorahosted.certmonger.get_supported_key_types */ static DBusHandlerResult base_get_supported_key_types(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { const char *key_types[] = { "RSA", #ifdef CM_ENABLE_DSA "DSA", #endif #ifdef CM_ENABLE_EC "EC", #endif NULL }; DBusMessage *rep; rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_as(rep, key_types); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_base_error(conn, msg); } } static DBusHandlerResult base_get_supported_key_and_cert_storage(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { #ifdef HAVE_OPENSSL const char *maybe_file = "FILE"; #else const char *maybe_file = NULL; #endif const char *storage_types[] = {"NSSDB", maybe_file, NULL}; DBusMessage *rep; rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_as(rep, storage_types); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_base_error(conn, msg); } } /* org.fedorahosted.certmonger.get_supported_key_storage */ static DBusHandlerResult base_get_supported_key_storage(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { return base_get_supported_key_and_cert_storage(conn, msg, ci, ctx); } /* org.fedorahosted.certmonger.get_supported_cert_storage */ static DBusHandlerResult base_get_supported_cert_storage(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { return base_get_supported_key_and_cert_storage(conn, msg, ci, ctx); } /* org.fedorahosted.certmonger.remove_known_ca */ static DBusHandlerResult base_remove_known_ca(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; int ret; void *parent; char *path; rep = dbus_message_new_method_return(msg); if (rep == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } parent = talloc_new(NULL); if (cm_tdbusm_get_p(msg, parent, &path) == 0) { ca = get_ca_for_path(ctx, path); talloc_free(parent); if (ca != NULL) { ret = cm_remove_ca(ctx, ca->cm_nickname); cm_tdbusm_set_b(rep, (ret == 0)); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { dbus_message_unref(rep); return send_internal_base_no_such_entry_error(conn, msg); } } else { talloc_free(parent); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } } /* org.fedorahosted.certmonger.remove_request */ static DBusHandlerResult base_remove_request(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; int ret; void *parent; char *path; rep = dbus_message_new_method_return(msg); if (rep == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } parent = talloc_new(NULL); if (cm_tdbusm_get_p(msg, parent, &path) == 0) { entry = get_entry_for_path(ctx, path); talloc_free(parent); if (entry != NULL) { ret = cm_remove_entry(ctx, entry->cm_nickname); cm_tdbusm_set_b(rep, (ret == 0)); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { dbus_message_unref(rep); return send_internal_base_no_such_entry_error(conn, msg); } } else { talloc_free(parent); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } } /* Convenience functions for returning errors from a CA object to callers. */ static DBusHandlerResult send_internal_ca_error(DBusConnection *conn, DBusMessage *req) { DBusMessage *msg; msg = dbus_message_new_error(req, CM_DBUS_ERROR_CA_INTERNAL, _("An internal error has occurred.")); if (msg != NULL) { dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Functions implemented for CA objects. Most of the "get_XXX" functions * predate the properties interface being added, so they're redundant now. */ /* org.fedorahosted.certonger.ca.get_nickname */ static DBusHandlerResult ca_get_nickname(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (ca->cm_nickname != NULL) { cm_tdbusm_set_s(rep, ca->cm_nickname); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.get_is_default */ static DBusHandlerResult ca_get_is_default(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_b(rep, ca->cm_ca_is_default); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.get_issuer_names */ static DBusHandlerResult ca_get_issuer_names(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; const char **names; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { names = (const char **) ca->cm_ca_known_issuer_names; cm_tdbusm_set_as(rep, names); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.get_location */ static DBusHandlerResult ca_get_location(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_s(rep, ca->cm_ca_external_helper); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.get_type */ static DBusHandlerResult ca_get_type(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; const char *ca_type; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { ca_type = NULL; switch (ca->cm_ca_type) { case cm_ca_internal_self: ca_type = "INTERNAL:SELF"; break; case cm_ca_external: ca_type = "EXTERNAL"; break; } cm_tdbusm_set_s(rep, ca_type); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.get_serial */ static DBusHandlerResult ca_get_serial(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; const char *serial; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { switch (ca->cm_ca_type) { case cm_ca_internal_self: serial = ca->cm_ca_internal_serial; cm_tdbusm_set_s(rep, serial); break; case cm_ca_external: break; } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.get_config_file_path */ static DBusHandlerResult ca_get_config_file_path(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_s(rep, ca->cm_store_private); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* org.fedorahosted.certonger.ca.refresh */ static DBusHandlerResult ca_refresh(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_ca *ca; enum cm_ca_phase phase; dbus_bool_t result = TRUE; ca = get_ca_for_request_message(msg, ctx); if (ca == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } for (phase = 0; phase < cm_ca_phase_invalid; phase++) { if (!cm_restart_ca(ctx, ca->cm_nickname, phase)) { result = FALSE; } } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_b(rep, result); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_ca_error(conn, msg); } } /* Custom property get/set logic for CA structures. */ static dbus_bool_t ca_prop_get_is_default(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_ca *ca = record; if (strcmp(name, CM_DBUS_PROP_IS_DEFAULT) == 0) { return ca->cm_ca_is_default ? TRUE : FALSE; } return FALSE; } static void ca_prop_set_is_default(struct cm_context *ctx, void *parent, void *record, const char *name, dbus_bool_t new_value) { const char *propname[2], *path; struct cm_store_ca *ca = record, *other; int i; if (strcmp(name, CM_DBUS_PROP_IS_DEFAULT) == 0) { propname[0] = CM_DBUS_PROP_IS_DEFAULT; propname[1] = NULL; if (new_value) { i = 0; /* There can be only one... default. */ while ((other = cm_get_ca_by_index(ctx, i++)) != NULL) { if ((other != ca) && (other->cm_ca_is_default)) { other->cm_ca_is_default = FALSE; path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, other->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_CA_INTERFACE, propname); } } } if ((!ca->cm_ca_is_default && new_value) || (ca->cm_ca_is_default && !new_value)) { ca->cm_ca_is_default = new_value; path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_CA_INTERFACE, propname); } } } static const char * ca_prop_get_external_helper(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_ca *ca = record; if (strcmp(name, CM_DBUS_PROP_EXTERNAL_HELPER) == 0) { if (ca->cm_ca_type != cm_ca_external) { return ""; } if (ca->cm_ca_external_helper != NULL) { return ca->cm_ca_external_helper; } else { return ""; } } return NULL; } static void ca_prop_set_external_helper(struct cm_context *ctx, void *parent, void *record, const char *name, const char *new_value) { const char *propname[2], *path; struct cm_store_ca *ca = record; enum cm_ca_phase phase; if (strcmp(name, CM_DBUS_PROP_EXTERNAL_HELPER) == 0) { if (ca->cm_ca_type != cm_ca_external) { return; } talloc_free(ca->cm_ca_external_helper); ca->cm_ca_external_helper = new_value ? talloc_strdup(ca, new_value) : NULL; for (phase = 0; phase < cm_ca_phase_invalid; phase++) { cm_restart_ca(ctx, ca->cm_nickname, phase); } propname[0] = CM_DBUS_PROP_EXTERNAL_HELPER; propname[1] = NULL; path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_CA_INTERFACE, propname); } } static const char * ca_prop_get_scep_cipher(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_ca *ca = record; if (strcmp(name, CM_DBUS_PROP_SCEP_CIPHER) == 0) { if (ca->cm_ca_type != cm_ca_external) { return ""; } if (ca->cm_ca_scep_cipher != NULL) { return ca->cm_ca_scep_cipher; } else { return ""; } } return NULL; } static void ca_prop_set_scep_cipher(struct cm_context *ctx, void *parent, void *record, const char *name, const char *new_value) { const char *propname[2], *path; struct cm_store_ca *ca = record; enum cm_ca_phase phase; if (strcmp(name, CM_DBUS_PROP_SCEP_CIPHER) == 0) { if (ca->cm_ca_type != cm_ca_external) { return; } talloc_free(ca->cm_ca_scep_cipher); ca->cm_ca_scep_cipher = new_value ? talloc_strdup(ca, new_value) : NULL; for (phase = 0; phase < cm_ca_phase_invalid; phase++) { cm_restart_ca(ctx, ca->cm_nickname, phase); } propname[0] = CM_DBUS_PROP_SCEP_CIPHER; propname[1] = NULL; path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_CA_INTERFACE, propname); } } static const char * ca_prop_get_scep_digest(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_ca *ca = record; if (strcmp(name, CM_DBUS_PROP_SCEP_DIGEST) == 0) { if (ca->cm_ca_type != cm_ca_external) { return ""; } if (ca->cm_ca_scep_digest != NULL) { return ca->cm_ca_scep_digest; } else { return ""; } } return NULL; } static void ca_prop_set_scep_digest(struct cm_context *ctx, void *parent, void *record, const char *name, const char *new_value) { const char *propname[2], *path; struct cm_store_ca *ca = record; enum cm_ca_phase phase; if (strcmp(name, CM_DBUS_PROP_SCEP_DIGEST) == 0) { if (ca->cm_ca_type != cm_ca_external) { return; } talloc_free(ca->cm_ca_scep_digest); ca->cm_ca_scep_digest = new_value ? talloc_strdup(ca, new_value) : NULL; for (phase = 0; phase < cm_ca_phase_invalid; phase++) { cm_restart_ca(ctx, ca->cm_nickname, phase); } propname[0] = CM_DBUS_PROP_SCEP_DIGEST; propname[1] = NULL; path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_CA_INTERFACE, propname); } } static const char * ca_prop_get_scep_ca_identifier(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_ca *ca = record; if (strcmp(name, CM_DBUS_PROP_SCEP_CA_IDENTIFIER) == 0) { if (ca->cm_ca_type != cm_ca_external) { return ""; } if (ca->cm_ca_scep_ca_identifier != NULL) { return ca->cm_ca_scep_ca_identifier; } else { return ""; } } return NULL; } static void ca_prop_set_scep_ca_identifier(struct cm_context *ctx, void *parent, void *record, const char *name, const char *new_value) { const char *propname[2], *path; struct cm_store_ca *ca = record; enum cm_ca_phase phase; if (strcmp(name, CM_DBUS_PROP_SCEP_CA_IDENTIFIER) == 0) { if (ca->cm_ca_type != cm_ca_external) { return; } talloc_free(ca->cm_ca_scep_ca_identifier); ca->cm_ca_scep_ca_identifier = new_value ? talloc_strdup(ca, new_value) : NULL; for (phase = 0; phase < cm_ca_phase_invalid; phase++) { cm_restart_ca(ctx, ca->cm_nickname, phase); } propname[0] = CM_DBUS_PROP_SCEP_CA_IDENTIFIER; propname[1] = NULL; path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_CA_INTERFACE, propname); } } static const char ** ca_prop_read_nickcerts(struct cm_context *ctx, void *parent, struct cm_nickcert **nickcerts) { char **ret = NULL, **tmp; int i; for (i = 0; (nickcerts != NULL) && (nickcerts[i] != NULL); i++) { tmp = talloc_realloc(parent, ret, char *, i * 2 + 3); if (tmp == NULL) { talloc_free(ret); return NULL; } tmp[i * 2] = talloc_strdup(tmp, nickcerts[i]->cm_nickname); tmp[i * 2 + 1] = talloc_strdup(tmp, nickcerts[i]->cm_cert); tmp[i * 2 + 2] = NULL; ret = tmp; } return (const char **) ret; } static const char ** ca_prop_get_nickcerts(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; struct cm_store_ca *ca = record; if (strcmp(name, CM_DBUS_PROP_CERT_CHAIN) == 0) { return ca_prop_read_nickcerts(ctx, parent, entry->cm_cert_chain); } else if (strcmp(name, CM_DBUS_PROP_CERT_ROOTS) == 0) { return ca_prop_read_nickcerts(ctx, parent, entry->cm_cert_roots); } else if (strcmp(name, CM_DBUS_PROP_ROOT_CERTS) == 0) { return ca_prop_read_nickcerts(ctx, parent, ca->cm_ca_root_certs); } else if (strcmp(name, CM_DBUS_PROP_OTHER_ROOT_CERTS) == 0) { return ca_prop_read_nickcerts(ctx, parent, ca->cm_ca_other_root_certs); } else if (strcmp(name, CM_DBUS_PROP_OTHER_CERTS) == 0) { return ca_prop_read_nickcerts(ctx, parent, ca->cm_ca_other_certs); } return NULL; } /* Convenience functions for returning errors from a request object to callers. */ static DBusHandlerResult send_internal_request_error(DBusConnection *conn, DBusMessage *req) { DBusMessage *msg; msg = dbus_message_new_error(req, CM_DBUS_ERROR_REQUEST_INTERNAL, _("An internal error has occurred.")); if (msg != NULL) { dbus_connection_send(conn, msg, NULL); dbus_message_unref(msg); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Functions implemented for request objects. Most of the "get_XXX" functions * predate the properties interface being added, so they're redundant now. */ /* org.fedorahosted.certmonger.request.get_nickname */ static DBusHandlerResult request_get_nickname(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_nickname != NULL) { cm_tdbusm_set_s(rep, entry->cm_nickname); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_key_pin */ static DBusHandlerResult request_get_key_pin(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_s(rep, entry->cm_key_pin); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_key_pin_file */ static DBusHandlerResult request_get_key_pin_file(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_s(rep, entry->cm_key_pin_file); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_autorenew */ static DBusHandlerResult request_get_autorenew(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_b(rep, entry->cm_autorenew); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_cert_data */ static DBusHandlerResult request_get_cert_data(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_cert != NULL) { cm_tdbusm_set_s(rep, entry->cm_cert); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* convert our text bit string into a number */ static long ku_from_string(const char *ku) { long i = 0, mask = 1; while ((ku != NULL) && (*ku != '\0')) { switch (*ku++) { case '1': i |= mask; break; case '0': default: break; } mask <<= 1; } return i; } #if 0 /* convert our number into a text bit string */ static const char * ku_to_string(unsigned long ku, char *output, ssize_t len) { static char local_output[33]; char *p; if (output == NULL) { output = local_output; len = sizeof(local_output); } p = output; while (((p - output) < len) && (ku != 0)) { *p++ = (ku & 1) ? '1' : '0'; ku >>= 1; } if (p - output == len) { return NULL; } *p++ = '\0'; return output; } #endif /* split the comma-separated list into an array */ static char ** eku_splitv(void *parent, const char *eku) { char **ret = NULL; const char *p, *q; int i; if ((eku != NULL) && (strlen(eku) > 0)) { ret = talloc_array_ptrtype(parent, ret, strlen(eku) + 1); p = eku; i = 0; while (*p != '\0') { q = p + strcspn(p, ","); if (p != q) { ret[i++] = talloc_strndup(ret, p, q - p); } p = q + strspn(q, ","); } ret[i] = NULL; if (i == 0) { talloc_free(ret); ret = NULL; } } return ret; } /* org.fedorahosted.certmonger.request.get_cert_info */ static DBusHandlerResult request_get_cert_info(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; char **eku; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { eku = eku_splitv(entry, entry->cm_cert_eku); cm_tdbusm_set_sssnasasasnasn(rep, entry->cm_cert_issuer, entry->cm_cert_serial, entry->cm_cert_subject, entry->cm_cert_not_after, (const char **) entry->cm_cert_email, (const char **) entry->cm_cert_hostname, (const char **) entry->cm_cert_principal, ku_from_string(entry->cm_cert_ku), (const char **) eku, entry->cm_cert_not_before); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(eku); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_cert_last_checked */ static DBusHandlerResult request_get_cert_last_checked(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_submitted != 0) { cm_tdbusm_set_n(rep, entry->cm_submitted); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_cert_storage_info */ static DBusHandlerResult request_get_cert_storage_info(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; const char *type, *location, *nick, *token; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { location = entry->cm_cert_storage_location; switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: type = "FILE"; cm_tdbusm_set_ss(rep, type, location); dbus_connection_send(conn, rep, NULL); break; case cm_cert_storage_nssdb: type = "NSSDB"; token = entry->cm_cert_token; nick = entry->cm_cert_nickname; if (token != NULL) { cm_tdbusm_set_ssss(rep, type, location, nick, token); dbus_connection_send(conn, rep, NULL); } else if (nick != NULL) { cm_tdbusm_set_sss(rep, type, location, nick); dbus_connection_send(conn, rep, NULL); } else { cm_tdbusm_set_ss(rep, type, location); dbus_connection_send(conn, rep, NULL); } break; } dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_csr_data */ static DBusHandlerResult request_get_csr_data(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_csr != NULL) { cm_tdbusm_set_s(rep, entry->cm_csr); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_csr_info */ static DBusHandlerResult request_get_csr_info(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; char **eku; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_csr != NULL) { eku = eku_splitv(entry, entry->cm_template_eku); cm_tdbusm_set_sasasasnas(rep, entry->cm_template_subject, (const char **) entry->cm_template_email, (const char **) entry->cm_template_hostname, (const char **) entry->cm_template_principal, ku_from_string(entry->cm_template_ku), (const char **) eku); talloc_free(eku); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_key_storage_info */ static DBusHandlerResult request_get_key_storage_info(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; const char *type, *location, *nick, *token; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { location = entry->cm_key_storage_location; switch (entry->cm_key_storage_type) { case cm_key_storage_none: type = "NONE"; cm_tdbusm_set_s(rep, type); dbus_connection_send(conn, rep, NULL); break; case cm_key_storage_file: type = "FILE"; cm_tdbusm_set_ss(rep, type, location); dbus_connection_send(conn, rep, NULL); break; case cm_key_storage_nssdb: type = "NSSDB"; token = entry->cm_key_token; nick = entry->cm_key_nickname; if (token != NULL) { cm_tdbusm_set_ssss(rep, type, location, nick, token); dbus_connection_send(conn, rep, NULL); } else if (nick != NULL) { cm_tdbusm_set_sss(rep, type, location, nick); dbus_connection_send(conn, rep, NULL); } else { cm_tdbusm_set_ss(rep, type, location); dbus_connection_send(conn, rep, NULL); } break; } dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_key_type_and_size */ static DBusHandlerResult request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; const char *type; int size; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); switch (entry->cm_key_type.cm_key_algorithm) { case cm_key_unspecified: type = "UNKNOWN"; break; case cm_key_rsa: type = "RSA"; break; #ifdef CM_ENABLE_DSA case cm_key_dsa: type = "DSA"; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: type = "EC"; break; #endif default: type = "UNKNOWN"; break; } if (rep != NULL) { size = entry->cm_key_type.cm_key_size; cm_tdbusm_set_sn(rep, type, size); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_monitoring */ static DBusHandlerResult request_get_monitoring(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_b(rep, entry->cm_monitor); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_notification_info */ static DBusHandlerResult request_get_notification_info(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; enum cm_notification_method m; const char *method, *d; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } m = cm_prefs_notification_method(); d = cm_prefs_notification_destination(); method = NULL; switch (m) { case cm_notification_unspecified: abort(); break; case cm_notification_none: method = "none"; break; case cm_notification_stdout: method = "stdout"; break; case cm_notification_syslog: method = "syslog"; break; case cm_notification_email: method = "email"; break; case cm_notification_command: method = "command"; break; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_ss(rep, method, d); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } static dbus_bool_t request_prop_get_stuck(struct cm_context *ctx, void *parent, void *record, const char *name); /* org.fedorahosted.certmonger.request.get_status */ static DBusHandlerResult request_get_status(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; const char *state; dbus_bool_t stuck; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { state = cm_store_state_as_string(entry->cm_state); stuck = request_prop_get_stuck(ctx, NULL, entry, CM_DBUS_PROP_STUCK); cm_tdbusm_set_sb(rep, state, stuck); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_ca */ static DBusHandlerResult request_get_ca(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { void *parent; DBusMessage *rep; struct cm_store_entry *entry; struct cm_store_ca *ca; char *path; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { parent = talloc_new(NULL); if ((entry->cm_ca_nickname != NULL) && (strlen(entry->cm_ca_nickname) > 0)) { ca = cm_get_ca_by_nickname(ctx, entry->cm_ca_nickname); if ((ca != NULL) && (ca->cm_busname != NULL) && (strlen(ca->cm_busname) > 0)) { path = talloc_asprintf(parent, "%s/%s", CM_DBUS_CA_PATH, ca->cm_busname); cm_tdbusm_set_p(rep, path); } } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_ca_error */ static DBusHandlerResult request_get_ca_error(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { void *parent; DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { parent = talloc_new(NULL); if ((entry->cm_ca_error != NULL) && (strlen(entry->cm_ca_error) > 0)) { cm_tdbusm_set_s(rep, entry->cm_ca_error); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_submitted_cookie */ static DBusHandlerResult request_get_submitted_cookie(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_ca_cookie != NULL) { cm_tdbusm_set_s(rep, entry->cm_ca_cookie); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.get_submitted_date */ static DBusHandlerResult request_get_submitted_date(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (entry->cm_submitted != 0) { cm_tdbusm_set_n(rep, entry->cm_submitted); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.modify */ static DBusHandlerResult request_modify(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; struct cm_store_ca *ca; struct cm_tdbusm_dict **d; const struct cm_tdbusm_dict *param; char *new_request_path; void *parent; const char *propname[sizeof(*entry)]; int i; size_t n_propname = 0; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } parent = talloc_new(NULL); if (cm_tdbusm_get_d(msg, parent, &d) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { /* Check any new nickname values, because we need to reject * those outright if the new value's already being used. */ param = cm_tdbusm_find_dict_entry(d, "NICKNAME", cm_tdbusm_dict_s); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_NICKNAME, cm_tdbusm_dict_s); } if (param != NULL) { if (cm_get_entry_by_nickname(ctx, param->value.s) != NULL) { return send_internal_base_duplicate_error(conn, msg, _("There is already a request with the nickname \"%s\"."), param->value.s, "NICKNAME", NULL); } } /* If we're being asked to change the CA, check that the new CA * exists. */ param = cm_tdbusm_find_dict_entry(d, "CA", cm_tdbusm_dict_p); if (param == NULL) { param = cm_tdbusm_find_dict_entry(d, CM_DBUS_PROP_CA, cm_tdbusm_dict_p); } if (param != NULL) { ca = get_ca_for_path(ctx, param->value.s); if (ca == NULL) { return send_internal_base_bad_arg_error(conn, msg, _("Certificate authority \"%s\" not known."), param->value.s, "CA"); } } /* Now walk the list of other things the client asked us to * change. */ for (i = 0; (d != NULL) && (d[i] != NULL); i++) { param = d[i]; if ((param->value_type == cm_tdbusm_dict_s) && ((strcasecmp(param->key, "KEY_TYPE") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_KEY_TYPE) == 0))) { if (strcasecmp(param->value.s, "RSA") == 0) { entry->cm_key_type.cm_key_gen_algorithm = cm_key_rsa; #ifdef CM_ENABLE_DSA } else if (strcasecmp(param->value.s, "DSA") == 0) { entry->cm_key_type.cm_key_gen_algorithm = cm_key_dsa; #endif #ifdef CM_ENABLE_EC } else if ((strcasecmp(param->value.s, "ECDSA") == 0) || (strcasecmp(param->value.s, "EC") == 0)) { entry->cm_key_type.cm_key_gen_algorithm = cm_key_ecdsa; #endif } else { cm_log(1, "No support for generating \"%s\" keys.\n", param->value.s); return send_internal_base_bad_arg_error(conn, msg, _("No support for key type \"%s\"."), param->value.s, "KEY_TYPE"); } entry->cm_key_next_type.cm_key_gen_algorithm = entry->cm_key_type.cm_key_gen_algorithm; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_KEY_TYPE; } } else if ((param->value_type == cm_tdbusm_dict_n) && ((strcasecmp(param->key, "KEY_SIZE") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_KEY_SIZE) == 0))) { entry->cm_key_type.cm_key_gen_size = param->value.n; entry->cm_key_next_type.cm_key_gen_size = entry->cm_key_type.cm_key_gen_size; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_KEY_SIZE; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_CERT_OWNER) == 0)) { entry->cm_cert_owner = talloc_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_CERT_OWNER; } } else if ((param->value_type == cm_tdbusm_dict_n) && (strcasecmp(param->key, CM_DBUS_PROP_CERT_PERMS) == 0)) { entry->cm_cert_perms = param->value.n; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_CERT_PERMS; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_KEY_OWNER) == 0)) { entry->cm_key_owner = talloc_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_KEY_OWNER; } } else if ((param->value_type == cm_tdbusm_dict_n) && (strcasecmp(param->key, CM_DBUS_PROP_KEY_PERMS) == 0)) { entry->cm_key_perms = param->value.n; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_KEY_PERMS; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_NSS_USER) == 0)) { entry->cm_nss_user = talloc_strdup(entry, param->value.s); cm_log(1, "Param CM_DBUS_PROP_NSS_USER to %s\n", entry->cm_nss_user); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_NSS_USER; } } else if ((param->value_type == cm_tdbusm_dict_b) && ((strcasecmp(param->key, "RENEW") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_AUTORENEW) == 0))) { entry->cm_autorenew = param->value.b; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_AUTORENEW; } } else if ((param->value_type == cm_tdbusm_dict_b) && ((strcasecmp(param->key, "TRACK") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_MONITORING) == 0))) { entry->cm_monitor = param->value.b; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_MONITORING; } } else if (((param->value_type == cm_tdbusm_dict_s) || (param->value_type == cm_tdbusm_dict_p)) && ((strcasecmp(param->key, "CA") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_CA) == 0))) { ca = get_ca_for_path(ctx, param->value.s); talloc_free(entry->cm_ca_nickname); entry->cm_ca_nickname = talloc_strdup(entry, ca->cm_nickname); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_CA; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_CA_PROFILE) == 0)) { talloc_free(entry->cm_template_profile); entry->cm_template_profile = talloc_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_CA_PROFILE; } } else if ((param->value_type == cm_tdbusm_dict_s) && ((strcasecmp(param->key, "NICKNAME") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_NICKNAME) == 0))) { talloc_free(entry->cm_nickname); entry->cm_nickname = talloc_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_NICKNAME; } } else if ((param->value_type == cm_tdbusm_dict_s) && ((strcasecmp(param->key, "SUBJECT") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_SUBJECT) == 0))) { talloc_free(entry->cm_template_subject); entry->cm_template_subject = maybe_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_SUBJECT; } /* Clear the would-be-preferred DER version. */ talloc_free(entry->cm_template_subject_der); entry->cm_template_subject_der = NULL; } else if ((param->value_type == cm_tdbusm_dict_s) && ((strcasecmp(param->key, "KEY_PIN") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_KEY_PIN) == 0))) { talloc_free(entry->cm_key_pin); entry->cm_key_pin = maybe_strdup(entry, param->value.s); if (entry->cm_key_pin != NULL) { entry->cm_key_pin_file = NULL; } if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_KEY_PIN; } } else if ((param->value_type == cm_tdbusm_dict_s) && ((strcasecmp(param->key, "KEY_PIN_FILE") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_KEY_PIN_FILE) == 0))) { if ((param->value.s != NULL) && (strlen(param->value.s) != 0) && (check_arg_is_absolute_path(param->value.s) != 0)) { cm_log(1, "PIN storage location is not " "an absolute path.\n"); return send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, "KEY_PIN_FILE"); } talloc_free(entry->cm_key_pin_file); entry->cm_key_pin_file = maybe_strdup(entry, param->value.s); if (entry->cm_key_pin_file != NULL) { entry->cm_key_pin = NULL; } if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_KEY_PIN_FILE; } } else if ((param->value_type == cm_tdbusm_dict_s) && ((strcasecmp(param->key, "KU") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_KU) == 0))) { talloc_free(entry->cm_template_ku); entry->cm_template_ku = maybe_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_KU; } } else if ((param->value_type == cm_tdbusm_dict_as) && ((strcasecmp(param->key, "EKU") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_EKU) == 0))) { talloc_free(entry->cm_template_eku); entry->cm_template_eku = cm_submit_maybe_joinv(entry, ",", param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_EKU; } } else if ((param->value_type == cm_tdbusm_dict_as) && ((strcasecmp(param->key, "PRINCIPAL") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_PRINCIPAL) == 0))) { talloc_free(entry->cm_template_principal); entry->cm_template_principal = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_PRINCIPAL; } } else if ((param->value_type == cm_tdbusm_dict_as) && ((strcasecmp(param->key, "DNS") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_HOSTNAME) == 0))) { talloc_free(entry->cm_template_hostname); entry->cm_template_hostname = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_HOSTNAME; } } else if ((param->value_type == cm_tdbusm_dict_as) && ((strcasecmp(param->key, "EMAIL") == 0) || (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_EMAIL) == 0))) { talloc_free(entry->cm_template_email); entry->cm_template_email = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_EMAIL; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_IP_ADDRESS) == 0)) { entry->cm_template_ipaddress = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_IP_ADDRESS; } } else if ((param->value_type == cm_tdbusm_dict_b) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_IS_CA) == 0)) { entry->cm_template_is_ca = param->value.b; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_IS_CA; } } else if ((param->value_type == cm_tdbusm_dict_n) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH) == 0)) { entry->cm_template_ca_path_length = param->value.n; if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_OCSP) == 0)) { talloc_free(entry->cm_template_ocsp_location); entry->cm_template_ocsp_location = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_OCSP; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_CRL_DP) == 0)) { talloc_free(entry->cm_template_crl_distribution_point); entry->cm_template_crl_distribution_point = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_CRL_DP; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_NS_COMMENT) == 0)) { talloc_free(entry->cm_template_ns_comment); entry->cm_template_ns_comment = maybe_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_NS_COMMENT; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_PROFILE) == 0)) { talloc_free(entry->cm_template_profile); entry->cm_template_profile = maybe_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_PROFILE; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_ISSUER) == 0)) { talloc_free(entry->cm_template_issuer); entry->cm_template_issuer = maybe_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_ISSUER; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE) == 0)) { if (param->value.s != NULL && strlen(param->value.s) > 0 && !cm_ms_template_valid(param->value.s)) { cm_log(1, "Invalid V2 certificate template specifier: %s", param->value.s); return send_internal_base_bad_arg_error( conn, msg, _("Invalid V2 certificate template specifier: %s"), param->value.s, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE); } talloc_free(entry->cm_template_certificate_template); entry->cm_template_certificate_template = maybe_strdup(entry, param->value.s); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD) == 0)) { talloc_free(entry->cm_template_challenge_password); entry->cm_template_challenge_password = maybe_strdup(entry, param->value.s); if (entry->cm_template_challenge_password != NULL) { entry->cm_template_challenge_password_file = NULL; } if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE) == 0)) { if ((param->value.s != NULL) && (strlen(param->value.s) != 0) && (check_arg_is_absolute_path(param->value.s) != 0)) { cm_log(1, "Challenge password storage " "location is not an absolute " "path.\n"); return send_internal_base_bad_arg_error(conn, msg, _("The location \"%s\" must be an absolute path."), param->value.s, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE); } talloc_free(entry->cm_template_challenge_password_file); entry->cm_template_challenge_password_file = maybe_strdup(entry, param->value.s); if (entry->cm_template_challenge_password_file != NULL) { entry->cm_template_challenge_password = NULL; } if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_CERT_PRESAVE_COMMAND) == 0)) { talloc_free(entry->cm_pre_certsave_command); entry->cm_pre_certsave_command = maybe_strdup(entry, param->value.s); talloc_free(entry->cm_pre_certsave_uid); if (entry->cm_pre_certsave_command != NULL) { entry->cm_pre_certsave_uid = talloc_asprintf(entry, "%lu", (unsigned long) ci->uid); if (entry->cm_pre_certsave_uid == NULL) { talloc_free(entry->cm_pre_certsave_command); entry->cm_pre_certsave_command = NULL; } } else { entry->cm_pre_certsave_uid = NULL; } if (n_propname + 3 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_CERT_PRESAVE_COMMAND; propname[n_propname++] = CM_DBUS_PROP_CERT_PRESAVE_UID; } } else if ((param->value_type == cm_tdbusm_dict_s) && (strcasecmp(param->key, CM_DBUS_PROP_CERT_POSTSAVE_COMMAND) == 0)) { talloc_free(entry->cm_post_certsave_command); entry->cm_post_certsave_command = maybe_strdup(entry, param->value.s); talloc_free(entry->cm_post_certsave_uid); if (entry->cm_post_certsave_command != NULL) { entry->cm_post_certsave_uid = talloc_asprintf(entry, "%lu", (unsigned long) ci->uid); if (entry->cm_post_certsave_uid == NULL) { talloc_free(entry->cm_post_certsave_command); entry->cm_post_certsave_command = NULL; } } else { entry->cm_post_certsave_uid = NULL; } if (n_propname + 3 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_CERT_POSTSAVE_COMMAND; propname[n_propname++] = CM_DBUS_PROP_CERT_POSTSAVE_UID; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_ROOT_CERT_FILES) == 0)) { talloc_free(entry->cm_root_cert_store_files); entry->cm_root_cert_store_files = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_ROOT_CERT_FILES; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_OTHER_ROOT_CERT_FILES) == 0)) { talloc_free(entry->cm_other_root_cert_store_files); entry->cm_other_root_cert_store_files = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_OTHER_ROOT_CERT_FILES; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_OTHER_CERT_FILES) == 0)) { talloc_free(entry->cm_other_cert_store_nssdbs); entry->cm_other_cert_store_nssdbs = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_OTHER_CERT_FILES; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_ROOT_CERT_NSSDBS) == 0)) { talloc_free(entry->cm_root_cert_store_nssdbs); entry->cm_root_cert_store_nssdbs = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_ROOT_CERT_NSSDBS; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS) == 0)) { talloc_free(entry->cm_other_root_cert_store_nssdbs); entry->cm_other_root_cert_store_nssdbs = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS; } } else if ((param->value_type == cm_tdbusm_dict_as) && (strcasecmp(param->key, CM_DBUS_PROP_OTHER_CERT_NSSDBS) == 0)) { talloc_free(entry->cm_other_cert_store_nssdbs); entry->cm_other_cert_store_nssdbs = maybe_strdupv(entry, param->value.as); if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) { propname[n_propname++] = CM_DBUS_PROP_OTHER_CERT_NSSDBS; } } else { break; } } if (d != NULL) { if (d[i] == NULL) { new_request_path = talloc_asprintf(parent, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); if ((n_propname > 0) && (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) { propname[n_propname] = NULL; cm_tdbush_property_emit_changed(ctx, new_request_path, CM_DBUS_REQUEST_INTERFACE, propname); } cm_tdbusm_set_bp(rep, cm_restart_entry(ctx, entry->cm_nickname), new_request_path); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(new_request_path); return DBUS_HANDLER_RESULT_HANDLED; } else { dbus_message_unref(rep); rep = dbus_message_new_error(msg, CM_DBUS_ERROR_REQUEST_BAD_ARG, _("Unrecognized parameter or wrong value type.")); if (rep != NULL) { cm_tdbusm_set_s(rep, d[i]->key); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } } } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* org.fedorahosted.certmonger.request.resubmit */ static DBusHandlerResult request_resubmit(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; const char *propname[2]; char *path; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (cm_stop_entry(ctx, entry->cm_nickname)) { /* if we have a key of the right type and size, the * thing to do now is to generate a new CSR, otherwise * we have to generate a new key first */ if ((entry->cm_key_type.cm_key_size == 0) || (entry->cm_key_type.cm_key_algorithm != entry->cm_key_type.cm_key_gen_algorithm) || (entry->cm_key_type.cm_key_size != entry->cm_key_type.cm_key_gen_size)) { entry->cm_state = CM_NEED_KEY_PAIR; } else { entry->cm_state = CM_NEED_CSR; } /* emit a properties-changed signal for the state */ propname[0] = CM_DBUS_PROP_STATUS; propname[1] = NULL; path = talloc_asprintf(entry, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_REQUEST_INTERFACE, propname); talloc_free(path); if (cm_start_entry(ctx, entry->cm_nickname)) { cm_tdbusm_set_b(rep, TRUE); } else { cm_tdbusm_set_b(rep, FALSE); } } else { cm_tdbusm_set_b(rep, FALSE); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.refresh */ static DBusHandlerResult request_refresh(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { switch (entry->cm_state) { case CM_CA_WORKING: case CM_CA_UNREACHABLE: if (cm_stop_entry(ctx, entry->cm_nickname)) { if (cm_start_entry(ctx, entry->cm_nickname)) { cm_tdbusm_set_b(rep, TRUE); } else { cm_tdbusm_set_b(rep, FALSE); } } else { cm_tdbusm_set_b(rep, FALSE); } break; default: cm_tdbusm_set_b(rep, FALSE); break; } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* org.fedorahosted.certmonger.request.rekey */ static DBusHandlerResult request_rekey(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { DBusMessage *rep; struct cm_store_entry *entry; const char *propname[2]; char *path; entry = get_entry_for_request_message(msg, ctx); if (entry == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } rep = dbus_message_new_method_return(msg); if (rep != NULL) { if (cm_stop_entry(ctx, entry->cm_nickname)) { /* need a new key pair */ entry->cm_state = CM_NEED_KEY_PAIR; /* emit a properties-changed signal for the state */ propname[0] = CM_DBUS_PROP_STATUS; propname[1] = NULL; path = talloc_asprintf(entry, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_REQUEST_INTERFACE, propname); talloc_free(path); if (cm_start_entry(ctx, entry->cm_nickname)) { cm_tdbusm_set_b(rep, TRUE); } else { cm_tdbusm_set_b(rep, FALSE); } } else { cm_tdbusm_set_b(rep, FALSE); } dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); return DBUS_HANDLER_RESULT_HANDLED; } else { return send_internal_request_error(conn, msg); } } /* Custom property get/set logic for request structures. */ static dbus_bool_t request_prop_get_autorenew(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_autorenew ? TRUE : FALSE; } static dbus_bool_t request_prop_get_monitoring(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_monitor ? TRUE : FALSE; } static const char * request_prop_get_cert_location_type(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: return "FILE"; break; case cm_cert_storage_nssdb: return "NSSDB"; break; } return ""; } static const char * request_prop_get_cert_location_file(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_cert_storage_type) { case cm_cert_storage_nssdb: break; case cm_cert_storage_file: return entry->cm_cert_storage_location; break; } return ""; } static const char * request_prop_get_cert_location_database(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: break; case cm_cert_storage_nssdb: return entry->cm_cert_storage_location; break; } return ""; } static const char * request_prop_get_cert_location_nickname(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: break; case cm_cert_storage_nssdb: return entry->cm_cert_nickname; break; } return ""; } static const char * request_prop_get_cert_location_token(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: break; case cm_cert_storage_nssdb: return entry->cm_cert_token; break; } return ""; } static const char * request_prop_get_key_location_type(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_storage_type) { case cm_key_storage_none: return "NONE"; break; case cm_key_storage_file: return "FILE"; break; case cm_key_storage_nssdb: return "NSSDB"; break; } return ""; } static const char * request_prop_get_key_location_file(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_storage_type) { case cm_key_storage_none: case cm_key_storage_nssdb: break; case cm_key_storage_file: return entry->cm_key_storage_location; break; } return ""; } static const char * request_prop_get_key_location_database(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_storage_type) { case cm_key_storage_none: case cm_key_storage_file: break; case cm_key_storage_nssdb: return entry->cm_key_storage_location; break; } return ""; } static const char * request_prop_get_key_location_nickname(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_storage_type) { case cm_key_storage_none: case cm_key_storage_file: break; case cm_key_storage_nssdb: return entry->cm_key_nickname; break; } return ""; } static const char * request_prop_get_key_location_token(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_storage_type) { case cm_key_storage_none: case cm_key_storage_file: break; case cm_key_storage_nssdb: return entry->cm_key_token; break; } return ""; } static const char * request_prop_get_key_type(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_type.cm_key_algorithm) { case cm_key_unspecified: return ""; break; case cm_key_rsa: return "RSA"; break; #ifdef CM_ENABLE_DSA case cm_key_dsa: return "DSA"; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: return "EC"; break; #endif } return ""; } static long request_prop_get_key_size(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_key_type.cm_key_algorithm) { case cm_key_unspecified: return 0; break; case cm_key_rsa: /* fall through */ #ifdef CM_ENABLE_DSA case cm_key_dsa: /* fall through */ #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: #endif return entry->cm_key_type.cm_key_size; break; } return 0; } static const char * request_prop_get_notification_type(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_notification_method) { case cm_notification_unspecified: case cm_notification_none: return ""; break; case cm_notification_syslog: return "SYSLOG"; break; case cm_notification_email: return "EMAIL"; break; case cm_notification_stdout: return "STDOUT"; break; case cm_notification_command: return "COMMAND"; break; } return ""; } static const char * request_prop_get_notification_syslog(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_notification_method) { case cm_notification_unspecified: case cm_notification_none: case cm_notification_email: case cm_notification_stdout: case cm_notification_command: return ""; break; case cm_notification_syslog: return entry->cm_notification_destination; break; } return ""; } static const char * request_prop_get_notification_email(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_notification_method) { case cm_notification_unspecified: case cm_notification_none: case cm_notification_syslog: case cm_notification_stdout: case cm_notification_command: return ""; break; case cm_notification_email: return entry->cm_notification_destination; break; } return ""; } static const char * request_prop_get_notification_command(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; switch (entry->cm_notification_method) { case cm_notification_unspecified: case cm_notification_none: case cm_notification_email: case cm_notification_stdout: case cm_notification_syslog: return ""; break; case cm_notification_command: return entry->cm_notification_destination; break; } return ""; } static const char * request_prop_get_key_pin(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_key_pin ? entry->cm_key_pin : ""; } static void request_prop_set_key_pin(struct cm_context *ctx, void *parent, void *record, const char *name, const char *value) { struct cm_store_entry *entry = record; const char *properties[2]; char *path; entry->cm_key_pin = maybe_strdup(entry, value); if (entry->cm_key_pin != NULL) { entry->cm_key_pin_file = NULL; properties[0] = CM_DBUS_PROP_KEY_PIN_FILE; properties[1] = NULL; path = talloc_asprintf(record, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_REQUEST_INTERFACE, properties); } } static const char * request_prop_get_key_pin_file(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_key_pin_file ? entry->cm_key_pin_file : ""; } static void request_prop_set_key_pin_file(struct cm_context *ctx, void *parent, void *record, const char *name, const char *value) { struct cm_store_entry *entry = record; const char *properties[2]; char *path; entry->cm_key_pin_file = maybe_strdup(entry, value); if (entry->cm_key_pin_file != NULL) { entry->cm_key_pin = NULL; properties[0] = CM_DBUS_PROP_KEY_PIN; properties[1] = NULL; path = talloc_asprintf(record, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_REQUEST_INTERFACE, properties); } } static long request_prop_get_key_issued_count(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_key_issued_count; } static const char * request_prop_get_challenge_password(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_template_challenge_password ? entry->cm_template_challenge_password : ""; } static void request_prop_set_challenge_password(struct cm_context *ctx, void *parent, void *record, const char *name, const char *value) { struct cm_store_entry *entry = record; const char *properties[2]; char *path; entry->cm_template_challenge_password = maybe_strdup(entry, value); if (entry->cm_template_challenge_password != NULL) { entry->cm_template_challenge_password_file = NULL; properties[0] = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE, properties[1] = NULL; path = talloc_asprintf(record, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_REQUEST_INTERFACE, properties); } } static const char * request_prop_get_challenge_password_file(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_template_challenge_password_file ? entry->cm_template_challenge_password_file : ""; } static void request_prop_set_challenge_password_file(struct cm_context *ctx, void *parent, void *record, const char *name, const char *value) { struct cm_store_entry *entry = record; const char *properties[2]; char *path; entry->cm_template_challenge_password_file = maybe_strdup(entry, value); if (entry->cm_template_challenge_password_file != NULL) { entry->cm_template_challenge_password = NULL; properties[0] = CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD, properties[1] = NULL; path = talloc_asprintf(record, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); cm_tdbush_property_emit_changed(ctx, path, CM_DBUS_REQUEST_INTERFACE, properties); } } static const char * request_prop_get_status(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return cm_store_state_as_string(entry->cm_state); } static dbus_bool_t request_prop_get_stuck(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; dbus_bool_t stuck = FALSE; switch (entry->cm_state) { case CM_INVALID: case CM_NEED_KEY_PAIR: case CM_GENERATING_KEY_PAIR: case CM_HAVE_KEY_PAIR: case CM_NEED_KEYINFO: case CM_READING_KEYINFO: case CM_HAVE_KEYINFO: case CM_NEED_CSR: case CM_GENERATING_CSR: case CM_HAVE_CSR: case CM_NEED_SCEP_DATA: case CM_GENERATING_SCEP_DATA: case CM_HAVE_SCEP_DATA: case CM_NEED_TO_SUBMIT: case CM_SUBMITTING: case CM_CA_WORKING: case CM_CA_UNREACHABLE: case CM_NEED_TO_SAVE_CERT: case CM_PRE_SAVE_CERT: case CM_START_SAVING_CERT: case CM_SAVING_CERT: case CM_NEED_TO_READ_CERT: case CM_READING_CERT: case CM_SAVED_CERT: case CM_POST_SAVED_CERT: case CM_MONITORING: case CM_NEED_TO_NOTIFY_VALIDITY: case CM_NOTIFYING_VALIDITY: case CM_NEED_TO_NOTIFY_REJECTION: case CM_NOTIFYING_REJECTION: case CM_NEED_TO_NOTIFY_ISSUED_SAVE_FAILED: case CM_NOTIFYING_ISSUED_SAVE_FAILED: case CM_NEED_TO_NOTIFY_ISSUED_SAVED: case CM_NOTIFYING_ISSUED_SAVED: case CM_NEWLY_ADDED: case CM_NEWLY_ADDED_START_READING_KEYINFO: case CM_NEWLY_ADDED_READING_KEYINFO: case CM_NEWLY_ADDED_START_READING_CERT: case CM_NEWLY_ADDED_READING_CERT: case CM_NEWLY_ADDED_DECIDING: case CM_NEED_TO_SAVE_CA_CERTS: case CM_START_SAVING_CA_CERTS: case CM_SAVING_CA_CERTS: case CM_NEED_TO_SAVE_ONLY_CA_CERTS: case CM_START_SAVING_ONLY_CA_CERTS: case CM_SAVING_ONLY_CA_CERTS: case CM_NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED: case CM_NOTIFYING_ONLY_CA_SAVE_FAILED: case CM_NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED: case CM_NOTIFYING_ISSUED_CA_SAVE_FAILED: stuck = FALSE; break; case CM_NEED_KEYINFO_READ_TOKEN: case CM_NEED_KEYINFO_READ_PIN: case CM_NEED_KEY_GEN_PERMS: case CM_NEED_KEY_GEN_TOKEN: case CM_NEED_KEY_GEN_PIN: case CM_NEED_CSR_GEN_TOKEN: case CM_NEED_CSR_GEN_PIN: case CM_NEED_SCEP_GEN_TOKEN: case CM_NEED_SCEP_GEN_PIN: case CM_NEED_SCEP_ENCRYPTION_CERT: case CM_NEED_SCEP_RSA_CLIENT_KEY: case CM_NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN: case CM_NEWLY_ADDED_NEED_KEYINFO_READ_PIN: case CM_NEED_CA_CERT_SAVE_PERMS: case CM_NEED_CERTSAVE_PERMS: case CM_NEED_CERTSAVE_TOKEN: case CM_NEED_CERTSAVE_PIN: case CM_NEED_ONLY_CA_CERT_SAVE_PERMS: case CM_NEED_GUIDANCE: case CM_NEED_CA: case CM_CA_REJECTED: case CM_CA_UNCONFIGURED: stuck = TRUE; break; } return stuck; } static const char * request_prop_get_ca(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; struct cm_store_ca *ca; if (entry->cm_ca_nickname != NULL) { ca = cm_get_ca_by_nickname(ctx, entry->cm_ca_nickname); if (ca != NULL) { return talloc_asprintf(parent, "%s/%s", CM_DBUS_REQUEST_PATH, ca->cm_busname); } } return ""; } static dbus_bool_t request_prop_get_template_is_ca(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_template_is_ca != 0; } static long request_prop_get_template_ca_path_length(struct cm_context *ctx, void *parent, void *record, const char *name) { struct cm_store_entry *entry = record; return entry->cm_template_is_ca != 0 ? entry->cm_template_ca_path_length : -1; } /* the types of objects we have in our D-Bus object tree */ enum cm_tdbush_object_type { cm_tdbush_object_type_none, cm_tdbush_object_type_parent_of_base, cm_tdbush_object_type_base, cm_tdbush_object_type_parent_of_cas, cm_tdbush_object_type_group_of_cas, cm_tdbush_object_type_ca, cm_tdbush_object_type_parent_of_requests, cm_tdbush_object_type_group_of_requests, cm_tdbush_object_type_request }; /* an annotation attached to a method or data field */ struct cm_tdbush_member_annotation { const char *cm_name; const char *cm_value; struct cm_tdbush_member_annotation *cm_next; }; /* a callable method on an object */ struct cm_tdbush_method { const char *cm_name; struct cm_tdbush_method_arg { const char *cm_name; const char *cm_bus_type; enum cm_tdbush_method_arg_direction { cm_tdbush_method_arg_in, cm_tdbush_method_arg_out, } cm_direction; struct cm_tdbush_method_arg *cm_next; } *cm_args; struct cm_tdbush_member_annotation *cm_annotations; DBusHandlerResult (*cm_fn)(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx); }; /* a signal emitted by an object */ struct cm_tdbush_signal { const char *cm_name; struct cm_tdbush_signal_arg { const char *cm_name; const char *cm_bus_type; struct cm_tdbush_signal_arg *cm_next; } *cm_args; }; /* a data property of an object */ struct cm_tdbush_property { const char *cm_name; /* what it looks like on the bus */ enum cm_tdbush_property_bus_type { cm_tdbush_property_path, cm_tdbush_property_string, cm_tdbush_property_strings, cm_tdbush_property_string_pairs, cm_tdbush_property_boolean, cm_tdbush_property_number } cm_bus_type; enum cm_tdbush_property_access { cm_tdbush_property_read, cm_tdbush_property_write, cm_tdbush_property_readwrite } cm_access; /* how we represent it internally */ enum cm_tdbush_property_local_type { cm_tdbush_property_special, cm_tdbush_property_char_p, cm_tdbush_property_char_pp, cm_tdbush_property_time_t, cm_tdbush_property_long_long, cm_tdbush_property_comma_list, cm_tdbush_property_mode_t, } cm_local_type; /* for char_p, char_pp, time_t, long long, comma_list, mode_t members */ ptrdiff_t cm_offset; /* for "special" members */ const char * (*cm_read_string)(struct cm_context *ctx, void *parent, void *structure, const char *name); const char ** (*cm_read_strings)(struct cm_context *ctx, void *parent, void *structure, const char *name); const char ** (*cm_read_string_pairs)(struct cm_context *ctx, void *parent, void *structure, const char *name); dbus_bool_t (*cm_read_boolean)(struct cm_context *ctx, void *parent, void *structure, const char *name); long (*cm_read_number)(struct cm_context *ctx, void *parent, void *structure, const char *name); void (*cm_write_string)(struct cm_context *ctx, void *parent, void *structure, const char *name, const char *new_value); void (*cm_write_strings)(struct cm_context *ctx, void *parent, void *structure, const char *name, const char **new_value); void (*cm_write_string_pairs)(struct cm_context *ctx, void *parent, void *structure, const char *name, const char **new_value); void (*cm_write_boolean)(struct cm_context *ctx, void *parent, void *structure, const char *name, dbus_bool_t new_value); void (*cm_write_number)(struct cm_context *ctx, void *parent, void *structure, const char *name, long new_value); struct cm_tdbush_member_annotation *cm_annotations; }; /* methods, signals, and members are grouped by interface name */ struct cm_tdbush_interface { const char *cm_name; struct cm_tdbush_interface_item { enum cm_tdbush_interface_member_type { cm_tdbush_interface_method, cm_tdbush_interface_signal, cm_tdbush_interface_property, } cm_member_type; struct cm_tdbush_method *cm_method; struct cm_tdbush_signal *cm_signal; struct cm_tdbush_property *cm_property; struct cm_tdbush_interface_item *cm_next; } *cm_items; }; /* a mapping from an object type to an interface that applies to it */ struct cm_tdbush_interface_map { enum cm_tdbush_object_type cm_type; struct cm_tdbush_interface * (*cm_interface)(void); }; static enum cm_tdbush_object_type cm_tdbush_classify_path(struct cm_context *ctx, const char *path); static struct cm_tdbush_interface_map *cm_tdbush_object_type_map_get_n(unsigned int i); static struct cm_tdbush_method_arg * make_method_arg(const char *name, const char *bus_type, enum cm_tdbush_method_arg_direction direction, struct cm_tdbush_method_arg *next) { struct cm_tdbush_method_arg *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_bus_type = bus_type; ret->cm_direction = direction; ret->cm_next = next; return ret; } static struct cm_tdbush_member_annotation * make_member_annotation(const char *name, const char *value, struct cm_tdbush_member_annotation *next) { struct cm_tdbush_member_annotation *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_value = value; ret->cm_next = next; return ret; } static struct cm_tdbush_method * make_method(const char *name, DBusHandlerResult (*fn)(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx), struct cm_tdbush_method_arg *args, struct cm_tdbush_member_annotation *annotations) { struct cm_tdbush_method *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_fn = fn; ret->cm_args = args; ret->cm_annotations = annotations; return ret; } static struct cm_tdbush_signal_arg * make_signal_arg(const char *name, const char *bus_type, struct cm_tdbush_signal_arg *next) { struct cm_tdbush_signal_arg *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_bus_type = bus_type; ret->cm_next = next; return ret; } static struct cm_tdbush_signal * make_signal(const char *name, struct cm_tdbush_signal_arg *args) { struct cm_tdbush_signal *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_args = args; return ret; } static struct cm_tdbush_property * make_property(const char *name, enum cm_tdbush_property_bus_type bus_type, enum cm_tdbush_property_access acces, enum cm_tdbush_property_local_type local_type, ptrdiff_t offset, const char * (*read_string)(struct cm_context *ctx, void *parent, void *structure, const char *name), const char ** (*read_strings)(struct cm_context *ctx, void *parent, void *structure, const char *name), const char ** (*read_string_pairs)(struct cm_context *ctx, void *parent, void *structure, const char *name), dbus_bool_t (*read_boolean)(struct cm_context *ctx, void *parent, void *structure, const char *name), long (*read_number)(struct cm_context *ctx, void *parent, void *structure, const char *name), void (*write_string)(struct cm_context *ctx, void *parent, void *structure, const char *name, const char *new_value), void (*write_strings)(struct cm_context *ctx, void *parent, void *structure, const char *name, const char **new_values), void (*write_string_pairs)(struct cm_context *ctx, void *parent, void *structure, const char *name, const char **new_values), void (*write_boolean)(struct cm_context *ctx, void *parent, void *structure, const char *name, dbus_bool_t), void (*write_number)(struct cm_context *ctx, void *parent, void *structure, const char *name, long new_value), struct cm_tdbush_member_annotation *annotations) { struct cm_tdbush_property *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_bus_type = bus_type; ret->cm_access = acces; ret->cm_local_type = local_type; ret->cm_offset = offset; ret->cm_read_string = read_string; ret->cm_read_strings = read_strings; ret->cm_read_string_pairs = read_string_pairs; ret->cm_read_number = read_number; ret->cm_read_boolean = read_boolean; ret->cm_write_string = write_string; ret->cm_write_strings = write_strings; ret->cm_write_string_pairs = write_string_pairs; ret->cm_write_number = write_number; ret->cm_write_boolean = write_boolean; ret->cm_annotations = annotations; switch (ret->cm_local_type) { case cm_tdbush_property_char_p: case cm_tdbush_property_char_pp: case cm_tdbush_property_time_t: case cm_tdbush_property_long_long: case cm_tdbush_property_comma_list: case cm_tdbush_property_mode_t: assert(ret->cm_offset != 0); break; case cm_tdbush_property_special: assert(ret->cm_offset == 0); if ((ret->cm_access == cm_tdbush_property_read) || (ret->cm_access == cm_tdbush_property_readwrite)) { switch (ret->cm_bus_type) { case cm_tdbush_property_path: case cm_tdbush_property_string: assert(ret->cm_read_string != NULL); break; case cm_tdbush_property_strings: assert(ret->cm_read_strings != NULL); break; case cm_tdbush_property_string_pairs: assert(ret->cm_read_string_pairs != NULL); break; case cm_tdbush_property_boolean: assert(ret->cm_read_boolean != NULL); break; case cm_tdbush_property_number: assert(ret->cm_read_number != NULL); break; } } if ((ret->cm_access == cm_tdbush_property_readwrite) || (ret->cm_access == cm_tdbush_property_write)) { switch (ret->cm_bus_type) { case cm_tdbush_property_path: case cm_tdbush_property_string: assert(ret->cm_write_string != NULL); break; case cm_tdbush_property_strings: assert(ret->cm_write_strings != NULL); break; case cm_tdbush_property_string_pairs: assert(ret->cm_write_string_pairs != NULL); break; case cm_tdbush_property_boolean: assert(ret->cm_write_boolean != NULL); break; case cm_tdbush_property_number: assert(ret->cm_write_number != NULL); break; } } break; } return ret; } static struct cm_tdbush_interface_item * make_interface_item(enum cm_tdbush_interface_member_type member_type, void *ptr, struct cm_tdbush_interface_item *next) { struct cm_tdbush_interface_item *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_member_type = member_type; switch (ret->cm_member_type) { case cm_tdbush_interface_method: ret->cm_method = ptr; break; case cm_tdbush_interface_signal: ret->cm_signal = ptr; break; case cm_tdbush_interface_property: ret->cm_property = ptr; break; } ret->cm_next = next; return ret; } static struct cm_tdbush_interface * make_interface(const char *name, struct cm_tdbush_interface_item *items) { struct cm_tdbush_interface *ret; ret = malloc(sizeof(*ret)); if (ret == NULL) { return NULL; } ret->cm_name = name; ret->cm_items = items; return ret; } /* introspection callbacks for specific parts of an interface */ static char * cm_tdbush_introspect_method(void *parent, struct cm_tdbush_method *method) { char *ret = NULL; const char *direction; struct cm_tdbush_method_arg *arg; struct cm_tdbush_member_annotation *annotation; ret = talloc_asprintf(parent, " ", method->cm_name); arg = method->cm_args; while (arg != NULL) { switch (arg->cm_direction) { case cm_tdbush_method_arg_in: direction = "in"; break; case cm_tdbush_method_arg_out: direction = "out"; break; default: direction = "unknown"; break; } ret = talloc_asprintf(parent, "%s\n ", ret, arg->cm_name, arg->cm_bus_type, direction); arg = arg->cm_next; } annotation = method->cm_annotations; while (annotation != NULL) { ret = talloc_asprintf(parent, "%s\n ", ret, annotation->cm_name, annotation->cm_value); annotation = annotation->cm_next; } ret = talloc_asprintf(parent, "%s\n ", ret); return ret; } static char * cm_tdbush_introspect_signal(void *parent, struct cm_tdbush_signal *sig) { char *ret = NULL; struct cm_tdbush_signal_arg *arg; ret = talloc_asprintf(parent, " ", sig->cm_name); arg = sig->cm_args; while (arg != NULL) { ret = talloc_asprintf(parent, "%s\n ", ret, arg->cm_name, arg->cm_bus_type); arg = arg->cm_next; } ret = talloc_asprintf(parent, "%s\n ", ret); return ret; } static char * cm_tdbush_introspect_property(void *parent, struct cm_tdbush_property *prop) { char *ret = NULL; const char *bus_type = "unknown", *access_type = "unknown"; struct cm_tdbush_member_annotation *annotation; switch (prop->cm_bus_type) { case cm_tdbush_property_path: bus_type = DBUS_TYPE_OBJECT_PATH_AS_STRING; break; case cm_tdbush_property_string: bus_type = DBUS_TYPE_STRING_AS_STRING; break; case cm_tdbush_property_strings: bus_type = DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING; break; case cm_tdbush_property_string_pairs: bus_type = DBUS_TYPE_ARRAY_AS_STRING DBUS_STRUCT_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_STRUCT_END_CHAR_AS_STRING; break; case cm_tdbush_property_boolean: bus_type = DBUS_TYPE_BOOLEAN_AS_STRING; break; case cm_tdbush_property_number: bus_type = DBUS_TYPE_INT64_AS_STRING; break; } switch (prop->cm_access) { case cm_tdbush_property_read: access_type = "read"; break; case cm_tdbush_property_write: access_type = "write"; break; case cm_tdbush_property_readwrite: access_type = "readwrite"; break; } annotation = prop->cm_annotations; if (annotation == NULL) { ret = talloc_asprintf(parent, " ", prop->cm_name, bus_type, access_type); } else { ret = talloc_asprintf(parent, " ", prop->cm_name, bus_type, access_type); while (annotation != NULL) { ret = talloc_asprintf(parent, "%s\n ", ret, annotation->cm_name, annotation->cm_value); annotation = annotation->cm_next; } ret = talloc_asprintf(parent, "%s\n ", ret); } return ret; } /* when we're introspecting a node, we need to return a list of its direct * children as part of that node's data */ static char * cm_tdbush_introspect_childlist(struct cm_context *ctx, void *parent, const char *path, enum cm_tdbush_object_type type) { struct cm_store_entry *entry; struct cm_store_ca *ca; char *ret = NULL; const char *p; int i; switch (type) { case cm_tdbush_object_type_none: case cm_tdbush_object_type_request: case cm_tdbush_object_type_ca: /* these have no child nodes */ break; case cm_tdbush_object_type_parent_of_base: /* the next intermediate node in the base object's path */ p = CM_DBUS_BASE_PATH + strlen(path); p += strspn(p, "/"); i = strcspn(p, "/"); ret = talloc_asprintf(parent, "\n ", i, p); break; case cm_tdbush_object_type_base: /* the base itself is a parent of the groups of other objects, * so include the next nodes in those paths */ p = CM_DBUS_REQUEST_PATH + strlen(path); p += strspn(p, "/"); i = strcspn(p, "/"); ret = talloc_asprintf(parent, "\n ", i, p); p = CM_DBUS_CA_PATH + strlen(path); p += strspn(p, "/"); i = strcspn(p, "/"); ret = talloc_asprintf(parent, "%s\n ", ret, i, p); break; case cm_tdbush_object_type_parent_of_cas: /* a child of the base node that is not the immediate parent of * the CAs */ p = CM_DBUS_CA_PATH + strlen(path); p += strspn(p, "/"); i = strcspn(p, "/"); ret = talloc_asprintf(parent, "\n ", i, p); break; case cm_tdbush_object_type_group_of_cas: /* a child of the base node that is the immediate parent of the * CAs */ i = cm_get_n_cas(ctx) - 1; while (i >= 0) { ca = cm_get_ca_by_index(ctx, i); if (ca != NULL) { ret = talloc_asprintf(parent, "\n %s", ca->cm_busname, ret ? ret : ""); } i--; } break; case cm_tdbush_object_type_parent_of_requests: /* a child of the base node that is not the immediate parent of * the requests */ p = CM_DBUS_REQUEST_PATH + strlen(path); p += strspn(p, "/"); i = strcspn(p, "/"); ret = talloc_asprintf(parent, "\n ", i, p); break; case cm_tdbush_object_type_group_of_requests: /* a child of the base node that is the immediate parent of the * requests */ i = cm_get_n_entries(ctx) - 1; while (i >= 0) { entry = cm_get_entry_by_index(ctx, i); if (entry != NULL) { ret = talloc_asprintf(parent, "\n %s", entry->cm_busname, ret ? ret : ""); } i--; } break; } return ret; } /* org.freedesktop.DBus.Introspectable.Introspect */ static DBusHandlerResult cm_tdbush_introspect(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { const char *path; void *parent; char *xml, *member; static struct cm_tdbush_interface_map *map; struct cm_tdbush_interface *iface; struct cm_tdbush_interface_item *item; enum cm_tdbush_object_type type; unsigned int i; DBusMessage *rep; path = dbus_message_get_path(msg); type = cm_tdbush_classify_path(ctx, path); parent = talloc_new(NULL); xml = talloc_asprintf(parent, "%s\n", DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE, path); for (i = 0; (map = cm_tdbush_object_type_map_get_n(i)) != NULL; i++) { if (map->cm_type != type) { continue; } iface = (*(map->cm_interface))(); xml = talloc_asprintf(parent, "%s\n ", xml, iface->cm_name); for (item = iface->cm_items; item != NULL; item = item->cm_next) { member = NULL; switch (item->cm_member_type) { case cm_tdbush_interface_method: member = cm_tdbush_introspect_method(parent, item->cm_method); if (member != NULL) { xml = talloc_asprintf(parent, "%s\n%s", xml, member); } break; case cm_tdbush_interface_signal: member = cm_tdbush_introspect_signal(parent, item->cm_signal); if (member != NULL) { xml = talloc_asprintf(parent, "%s\n%s", xml, member); } break; case cm_tdbush_interface_property: member = cm_tdbush_introspect_property(parent, item->cm_property); if (member != NULL) { xml = talloc_asprintf(parent, "%s\n%s", xml, member); } break; } } xml = talloc_asprintf(parent, "%s\n ", xml); } member = cm_tdbush_introspect_childlist(ctx, parent, path, type); if (member != NULL) { xml = talloc_asprintf(parent, "%s%s", xml, member); } xml = talloc_asprintf(parent, "%s\n", xml); rep = dbus_message_new_method_return(msg); if (rep != NULL) { cm_tdbusm_set_s(rep, xml); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); } talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } /* Loose name matching: consider '-' and '_' equivalent, and consider either * followed by a lower-case character to be equivalent to just that character * in upper case. */ static int cm_is_lower(char c) { return (c >= 'a') && (c <= 'z'); } static int cm_is_upper(char c) { return (c >= 'A') && (c <= 'Z'); } static char cm_to_upper(char c) { return c - ('a' - 'A'); } int cm_name_cmp(const char *a, const char *b) { const char *p, *q; if (strcmp(a, b) == 0) { return 0; } p = a; q = b; while ((*p != '\0') && (*q != '\0')) { if (*p == *q) { p++; q++; continue; } if (((*p == '-') && (*q == '_')) || ((*p == '_') && (*q == '-'))) { p++; q++; continue; } if ((p == a) && (q == b)) { if (cm_is_lower(*p) && cm_is_upper(*q) && (cm_to_upper(*p) == *q)) { p++; q++; continue; } if (cm_is_lower(*q) && cm_is_upper(*p) && (cm_to_upper(*q) == *p)) { p++; q++; continue; } } if ((*p == '-') || (*p == '_')) { if (cm_is_lower(*(p + 1)) && cm_is_upper(*q) && (cm_to_upper(*(p + 1)) == *q)) { p += 2; q++; continue; } } if ((*q == '-') || (*q == '_')) { if (cm_is_lower(*(q + 1)) && cm_is_upper(*p) && (cm_to_upper(*(q + 1)) == *p)) { p++; q += 2; continue; } } return *p - *q; } return *p - *q; } /* org.freedesktop.DBus.Properties.Get */ static DBusHandlerResult cm_tdbush_property_get(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { const char *path; char *interface, *property; void *parent; static struct cm_tdbush_interface_map *map; struct cm_tdbush_interface *iface; struct cm_tdbush_interface_item *item; struct cm_tdbush_property *prop; enum cm_tdbush_object_type type; unsigned int i; struct cm_store_entry *entry; struct cm_store_ca *ca; char *record, **wpp, ***wppp; const char *p, **pp; dbus_bool_t b; long l; long long *llp; time_t *tp; mode_t *mp; enum cm_tdbusm_dict_value_type value_type; union cm_tdbusm_variant value; DBusMessage *rep; path = dbus_message_get_path(msg); type = cm_tdbush_classify_path(ctx, path); /* Get a pointer to the record. */ record = NULL; switch (type) { case cm_tdbush_object_type_none: case cm_tdbush_object_type_parent_of_base: case cm_tdbush_object_type_parent_of_requests: case cm_tdbush_object_type_parent_of_cas: case cm_tdbush_object_type_group_of_requests: case cm_tdbush_object_type_group_of_cas: cm_log(1, "No properties on (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; break; case cm_tdbush_object_type_base: /* no object */ record = NULL; break; case cm_tdbush_object_type_ca: ca = get_ca_for_path(ctx, path); if (ca == NULL) { cm_log(1, "No such CA (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record = (char *) ca; break; case cm_tdbush_object_type_request: entry = get_entry_for_path(ctx, path); if (entry == NULL) { cm_log(1, "No such request (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record = (char *) entry; break; } if ((record == NULL) && (type != cm_tdbush_object_type_base)) { cm_log(1, "No properties on (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } parent = talloc_new(NULL); if (cm_tdbusm_get_ss(msg, parent, &interface, &property) != 0) { cm_log(1, "Error parsing arguments.\n"); rep = dbus_message_new_error(msg, CM_DBUS_ERROR_REQUEST_BAD_ARG, _("Error parsing arguments.")); if (rep != NULL) { cm_tdbusm_set_s(rep, property); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Locate the property. */ item = NULL; for (i = 0; (map = cm_tdbush_object_type_map_get_n(i)) != NULL; i++) { if (map->cm_type != type) { continue; } iface = (*(map->cm_interface))(); if ((interface != NULL) && (strlen(interface) > 0) && (cm_name_cmp(interface, iface->cm_name) != 0)) { continue; } for (item = iface->cm_items; item != NULL; item = item->cm_next) { if (item->cm_member_type != cm_tdbush_interface_property) { continue; } prop = item->cm_property; if ((property != NULL) && (cm_name_cmp(property, prop->cm_name) != 0)) { continue; } switch (prop->cm_access) { case cm_tdbush_property_read: case cm_tdbush_property_readwrite: break; case cm_tdbush_property_write: /* not allowed! should we return an error? */ continue; break; } break; } if (item != NULL) { break; } } if (item == NULL) { rep = dbus_message_new_error(msg, CM_DBUS_ERROR_REQUEST_BAD_ARG, _("Unrecognized property name.")); if (rep != NULL) { cm_tdbusm_set_s(rep, property); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } prop = item->cm_property; rep = dbus_message_new_method_return(msg); if (rep == NULL) { talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Read the property data and set it as an argument. */ memset(&value, 0, sizeof(value)); switch (prop->cm_local_type) { case cm_tdbush_property_char_p: record += prop->cm_offset; wpp = (char **) record; value.s = *wpp; break; case cm_tdbush_property_char_pp: record += prop->cm_offset; wppp = (char ***) record; value.as = *wppp; value.ass = *wppp; break; case cm_tdbush_property_time_t: record += prop->cm_offset; tp = (time_t *) record; value.n = *tp; break; case cm_tdbush_property_long_long: record += prop->cm_offset; llp = (long long *) record; value.n = *llp; break; case cm_tdbush_property_comma_list: record += prop->cm_offset; pp = (const char **) record; wpp = eku_splitv(record - prop->cm_offset, *pp); if (wpp != NULL) { value.as = wpp; } break; case cm_tdbush_property_mode_t: record += prop->cm_offset; mp = (mode_t *) record; value.n = *mp; break; case cm_tdbush_property_special: switch (prop->cm_bus_type) { case cm_tdbush_property_path: p = (*(prop->cm_read_string))(ctx, parent, record, property); value.s = (char *) p; break; case cm_tdbush_property_string: p = (*(prop->cm_read_string))(ctx, parent, record, property); value.s = (char *) p; break; case cm_tdbush_property_strings: pp = (*(prop->cm_read_strings))(ctx, parent, record, property); value.as = (char **) pp; break; case cm_tdbush_property_string_pairs: pp = (*(prop->cm_read_string_pairs))(ctx, parent, record, property); value.ass = (char **) pp; break; case cm_tdbush_property_boolean: b = (*(prop->cm_read_boolean))(ctx, parent, record, property); value.b = b; break; case cm_tdbush_property_number: l = (*(prop->cm_read_number))(ctx, parent, record, property); value.n = l; break; } break; } switch (prop->cm_bus_type) { case cm_tdbush_property_path: value_type = cm_tdbusm_dict_p; if ((value.s != NULL) && (strlen(value.s) > 0)) { cm_tdbusm_set_v(rep, value_type, &value); } break; case cm_tdbush_property_string: value_type = cm_tdbusm_dict_s; if (value.s != NULL) { cm_tdbusm_set_v(rep, value_type, &value); } break; case cm_tdbush_property_strings: value_type = cm_tdbusm_dict_as; cm_tdbusm_set_v(rep, value_type, &value); break; case cm_tdbush_property_string_pairs: value_type = cm_tdbusm_dict_ass; cm_tdbusm_set_v(rep, value_type, &value); break; case cm_tdbush_property_boolean: value_type = cm_tdbusm_dict_b; cm_tdbusm_set_v(rep, value_type, &value); break; case cm_tdbush_property_number: value_type = cm_tdbusm_dict_n; cm_tdbusm_set_v(rep, value_type, &value); break; } if (rep != NULL) { dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); } talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } /* org.freedesktop.DBus.Properties.Set */ static DBusHandlerResult cm_tdbush_property_set(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { const char *path; char *interface, *property; void *parent; static struct cm_tdbush_interface_map *map; struct cm_tdbush_interface *iface; struct cm_tdbush_interface_item *item; struct cm_tdbush_property *prop; enum cm_tdbush_object_type type; unsigned int i; struct cm_store_entry *entry = NULL; struct cm_store_ca *ca = NULL; char *record, *wp, **wpp, ***wppp; time_t *tp; long long *llp; mode_t *mp; DBusMessage *rep; const char *properties[2]; enum cm_tdbusm_dict_value_type value_type; union cm_tdbusm_variant v; path = dbus_message_get_path(msg); type = cm_tdbush_classify_path(ctx, path); /* Get a pointer to the record. */ record = NULL; switch (type) { case cm_tdbush_object_type_none: case cm_tdbush_object_type_parent_of_base: case cm_tdbush_object_type_parent_of_requests: case cm_tdbush_object_type_parent_of_cas: case cm_tdbush_object_type_group_of_requests: case cm_tdbush_object_type_group_of_cas: cm_log(1, "No properties on (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; break; case cm_tdbush_object_type_base: /* no object */ record = NULL; break; case cm_tdbush_object_type_ca: ca = get_ca_for_path(ctx, path); if (ca == NULL) { cm_log(1, "No such CA (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record = (char *) ca; break; case cm_tdbush_object_type_request: entry = get_entry_for_path(ctx, path); if (entry == NULL) { cm_log(1, "No such request (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record = (char *) entry; break; } if ((record == NULL) && (type != cm_tdbush_object_type_base)) { cm_log(1, "No properties on (%s).\n", path); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } parent = talloc_new(NULL); if (cm_tdbusm_get_ssv(msg, parent, &interface, &property, &value_type, &v) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Locate the property. */ item = NULL; for (i = 0; (map = cm_tdbush_object_type_map_get_n(i)) != NULL; i++) { if (map->cm_type != type) { continue; } iface = (*(map->cm_interface))(); if ((interface != NULL) && (strlen(interface) > 0) && (cm_name_cmp(interface, iface->cm_name) != 0)) { continue; } for (item = iface->cm_items; item != NULL; item = item->cm_next) { if (item->cm_member_type != cm_tdbush_interface_property) { continue; } prop = item->cm_property; if ((property != NULL) && (cm_name_cmp(property, prop->cm_name) != 0)) { continue; } switch (prop->cm_access) { case cm_tdbush_property_read: /* not allowed! should we return an error? */ continue; break; case cm_tdbush_property_readwrite: case cm_tdbush_property_write: break; } break; } if (item != NULL) { break; } } if (item == NULL) { talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } prop = item->cm_property; rep = dbus_message_new_method_return(msg); if (rep == NULL) { talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Set the property. */ switch (prop->cm_local_type) { case cm_tdbush_property_char_p: if (value_type == cm_tdbusm_dict_invalid) { v.s = NULL; } else if ((value_type != cm_tdbusm_dict_s) && (value_type != cm_tdbusm_dict_p)) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record += prop->cm_offset; wpp = (char **) record; *wpp = maybe_strdup(record - prop->cm_offset, v.s); break; case cm_tdbush_property_char_pp: if (value_type == cm_tdbusm_dict_invalid) { wpp = NULL; } else if (value_type == cm_tdbusm_dict_as) { wpp = v.as; } else if (value_type == cm_tdbusm_dict_ass) { wpp = v.ass; } else { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record += prop->cm_offset; wppp = (char ***) record; *wppp = maybe_strdupv(record - prop->cm_offset, wpp); break; case cm_tdbush_property_time_t: if (value_type == cm_tdbusm_dict_invalid) { v.n = 0; } else if (value_type != cm_tdbusm_dict_n) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record += prop->cm_offset; tp = (time_t *) record; *tp = v.n; break; case cm_tdbush_property_long_long: if (value_type == cm_tdbusm_dict_invalid) { v.n = 0; } else if (value_type != cm_tdbusm_dict_n) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record += prop->cm_offset; llp = (long long *) record; *llp = v.n; break; case cm_tdbush_property_comma_list: if (value_type == cm_tdbusm_dict_invalid) { v.as = NULL; } else if (value_type != cm_tdbusm_dict_as) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } wp = cm_submit_maybe_joinv(record, ",", v.as); record += prop->cm_offset; wpp = (char **) record; *wpp = maybe_strdup(record - prop->cm_offset, wp); break; case cm_tdbush_property_mode_t: if (value_type == cm_tdbusm_dict_invalid) { v.n = 0; } else if (value_type != cm_tdbusm_dict_n) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record += prop->cm_offset; mp = (mode_t *) record; *mp = v.n; break; case cm_tdbush_property_special: switch (prop->cm_bus_type) { case cm_tdbush_property_path: case cm_tdbush_property_string: if (value_type == cm_tdbusm_dict_invalid) { v.s = NULL; } else if ((value_type != cm_tdbusm_dict_s) && (value_type != cm_tdbusm_dict_p)) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } (*(prop->cm_write_string))(ctx, parent, record, property, v.s); break; case cm_tdbush_property_strings: if (value_type == cm_tdbusm_dict_invalid) { v.as = NULL; } else if (value_type != cm_tdbusm_dict_as) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } (*(prop->cm_write_strings))(ctx, parent, record, property, (const char **) v.as); break; case cm_tdbush_property_string_pairs: if (value_type == cm_tdbusm_dict_invalid) { v.ass = NULL; } else if (value_type != cm_tdbusm_dict_ass) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } (*(prop->cm_write_string_pairs))(ctx, parent, record, property, (const char **) v.ass); break; case cm_tdbush_property_boolean: if (value_type == cm_tdbusm_dict_invalid) { v.b = FALSE; } else if (value_type != cm_tdbusm_dict_b) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } (*(prop->cm_write_boolean))(ctx, parent, record, property, v.b); break; case cm_tdbush_property_number: if (value_type == cm_tdbusm_dict_invalid) { v.n = 0; } else if (value_type != cm_tdbusm_dict_n) { cm_log(1, "Error: arguments type mismatch.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } (*(prop->cm_write_number))(ctx, parent, record, property, v.n); break; } break; } if (rep != NULL) { dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); } switch (type) { case cm_tdbush_object_type_none: case cm_tdbush_object_type_parent_of_base: case cm_tdbush_object_type_parent_of_requests: case cm_tdbush_object_type_parent_of_cas: case cm_tdbush_object_type_group_of_requests: case cm_tdbush_object_type_group_of_cas: /* Not reached, since we returned on these earlier. */ break; case cm_tdbush_object_type_base: break; case cm_tdbush_object_type_ca: cm_store_ca_save(ca); break; case cm_tdbush_object_type_request: cm_store_entry_save(entry); break; } properties[0] = prop->cm_name; properties[1] = NULL; cm_tdbush_property_emit_changed(ctx, path, interface, properties); talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } /* compare arrays of strings for having the same set of unique members */ static int compare_strv(const char **a, const char **b) { int m, n, i, j; if ((a == NULL) && (b == NULL)) { return 0; } for (m = 0; (a != NULL) && (a[m] != NULL); m++) { continue; } for (n = 0; (b != NULL) && (b[n] != NULL); n++) { continue; } if (m != n) { return -1; } for (i = 0; i < m; i++) { for (j = 0; j < n; j++) { if (strcmp(a[i], b[j]) == 0) { break; } } if (b[j] == NULL) { return -1; } } return 0; } /* do the heavy lifting for two cases: * org.freedesktop.DBus.Properties.GetAll method (old_record is NULL) * org.freedesktop.DBus.Properties.PropertiesChanged signal (old_record is not NULL) */ static DBusHandlerResult cm_tdbush_property_get_all_or_changed(struct cm_context *ctx, DBusConnection *conn, DBusMessage *req, const char *path, const char *interface, char *old_record, const char **properties) { void *parent; static struct cm_tdbush_interface_map *map; struct cm_tdbush_interface *iface; struct cm_tdbush_interface_item *item; struct cm_tdbush_property *prop; enum cm_tdbush_object_type type; unsigned int i, j; struct cm_store_entry *entry; struct cm_store_ca *ca; char *record, *rec, *old_rec, **wpp, *ifacetmp; const char *p, **pp, ***ppp, **old_pp, *old_p, ***old_ppp; time_t *tp, *old_tp; dbus_bool_t b, old_b; long l, old_l; long long *llp, *old_llp; mode_t *mp, *old_mp; DBusMessage *rep; const struct cm_tdbusm_dict **d; struct cm_tdbusm_dict *dict, **dtmp; int n, m, n_dictvals = 0; /* If this is the method call, pull the path and interface from it. * Either way, we need to be sure we have them. */ parent = talloc_new(NULL); if (req != NULL) { path = dbus_message_get_path(req); if (cm_tdbusm_get_s(req, parent, &ifacetmp) != 0) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } interface = ifacetmp; } if (path == NULL) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } if (interface == NULL) { cm_log(1, "Error parsing arguments.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } type = cm_tdbush_classify_path(ctx, path); /* Get a pointer to the record. */ record = NULL; switch (type) { case cm_tdbush_object_type_none: case cm_tdbush_object_type_parent_of_base: case cm_tdbush_object_type_parent_of_requests: case cm_tdbush_object_type_parent_of_cas: case cm_tdbush_object_type_group_of_requests: case cm_tdbush_object_type_group_of_cas: cm_log(1, "No properties on (%s).\n", path); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; break; case cm_tdbush_object_type_base: /* no object */ record = NULL; break; case cm_tdbush_object_type_ca: ca = get_ca_for_path(ctx, path); if (ca == NULL) { cm_log(1, "No such CA (%s).\n", path); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record = (char *) ca; break; case cm_tdbush_object_type_request: entry = get_entry_for_path(ctx, path); if (entry == NULL) { cm_log(1, "No such request (%s).\n", path); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } record = (char *) entry; break; } if ((record == NULL) && (type != cm_tdbush_object_type_base)) { cm_log(1, "No properties on (%s).\n", path); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* Create the message we're sending. */ if (req != NULL) { /* GetAll method reply. */ rep = dbus_message_new_method_return(req); if (rep == NULL) { talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } } else { /* PropertiesChanged signal. */ rep = dbus_message_new_signal(path, DBUS_INTERFACE_PROPERTIES, "PropertiesChanged"); if (rep == NULL) { talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } } /* Examine all properties. */ item = NULL; n_dictvals = 0; dict = NULL; d = NULL; for (i = 0, n = 0; (map = cm_tdbush_object_type_map_get_n(i)) != NULL; i++) { if (map->cm_type != type) { continue; } iface = (*(map->cm_interface))(); if ((interface != NULL) && (strlen(interface) > 0) && (cm_name_cmp(interface, iface->cm_name) != 0)) { continue; } for (item = iface->cm_items; item != NULL; item = item->cm_next) { if (item->cm_member_type != cm_tdbush_interface_property) { continue; } prop = item->cm_property; switch (prop->cm_access) { case cm_tdbush_property_read: case cm_tdbush_property_readwrite: break; case cm_tdbush_property_write: /* nope! */ continue; break; } if (properties != NULL) { /* skip this property if we have a list of * properties to list and this one's not * included */ for (j = 0; properties[j] != NULL; j++) { if (cm_name_cmp(properties[j], prop->cm_name) == 0) { break; } } if (properties[j] == NULL) { continue; } } /* Resize the result dictionary if we need to. */ if (n + 1 >= n_dictvals) { dict = talloc_realloc(parent, dict, struct cm_tdbusm_dict, n_dictvals + 32); if (dict == NULL) { cm_log(1, "Out of memory.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } dtmp = talloc_realloc(parent, d, struct cm_tdbusm_dict *, n_dictvals + 33); d = (const struct cm_tdbusm_dict **) dtmp; if (d == NULL) { cm_log(1, "Out of memory.\n"); talloc_free(parent); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } for (m = 0; m < n; m++) { d[m] = &dict[m]; } d[n] = NULL; n_dictvals += 32; } /* Read the property data and add it to the dict. */ dict[n].key = talloc_strdup(parent, prop->cm_name); switch (prop->cm_bus_type) { case cm_tdbush_property_path: dict[n].value_type = cm_tdbusm_dict_p; break; case cm_tdbush_property_string: dict[n].value_type = cm_tdbusm_dict_s; break; case cm_tdbush_property_strings: dict[n].value_type = cm_tdbusm_dict_as; break; case cm_tdbush_property_string_pairs: dict[n].value_type = cm_tdbusm_dict_ass; break; case cm_tdbush_property_boolean: dict[n].value_type = cm_tdbusm_dict_b; break; case cm_tdbush_property_number: dict[n].value_type = cm_tdbusm_dict_n; break; } switch (prop->cm_local_type) { case cm_tdbush_property_char_p: rec = record + prop->cm_offset; pp = (const char **) rec; if (old_record != NULL) { /* if we have an old record, compare * its value to the current one, and * skip this if they're "the same" */ old_rec = old_record + prop->cm_offset; old_pp = (const char **) old_rec; if ((*pp == NULL) && (*old_pp == NULL)) { continue; } if ((*pp != NULL) && (*old_pp != NULL) && (strcmp(*pp, *old_pp) == 0)) { continue; } } if ((pp != NULL) && (*pp != NULL)) { dict[n].value.s = (char *) *pp; if ((dict[n].value.s == NULL) || (strlen(dict[n].value.s) == 0)) { if (prop->cm_bus_type == cm_tdbush_property_path) { continue; } if (prop->cm_bus_type == cm_tdbush_property_string) { dict[n].value.s = ""; } } d[n] = &dict[n]; n++; } break; case cm_tdbush_property_char_pp: rec = record + prop->cm_offset; ppp = (const char ***) rec; if (old_record != NULL) { /* if we have an old record, compare * its value to the current one, and * skip this if they're "the same" */ old_rec = old_record + prop->cm_offset; old_ppp = (const char ***) old_rec; if (compare_strv(*old_ppp, *ppp) == 0) { continue; } } if ((ppp != NULL) && (*ppp != NULL)) { dict[n].value.as = (char **) *ppp; dict[n].value.ass = (char **) *ppp; d[n] = &dict[n]; n++; } break; case cm_tdbush_property_comma_list: rec = record + prop->cm_offset; wpp = (char **) rec; if (old_record != NULL) { /* if we have an old record, compare * its value to the current one, and * skip this if they're "the same" */ old_rec = old_record + prop->cm_offset; old_pp = (const char **) old_rec; if ((*wpp == NULL) && (*old_pp == NULL)) { continue; } if ((*wpp != NULL) && (*old_pp != NULL) && (strcmp(*wpp, *old_pp) == 0)) { continue; } } wpp = eku_splitv(record, *wpp); if (wpp != NULL) { dict[n].value.as = wpp; d[n] = &dict[n]; n++; } break; case cm_tdbush_property_time_t: rec = record + prop->cm_offset; tp = (time_t *) rec; dict[n].value.n = *tp; if (old_record != NULL) { /* if we have an old record, compare * its value to the current one, and * skip this if they're "the same" */ old_rec = old_record + prop->cm_offset; old_tp = (time_t *) old_rec; if (*tp == *old_tp) { continue; } } d[n] = &dict[n]; n++; break; case cm_tdbush_property_long_long: rec = record + prop->cm_offset; llp = (long long *) rec; dict[n].value.n = *llp; if (old_record != NULL) { /* if we have an old record, compare * its value to the current one, and * skip this if they're "the same" */ old_rec = old_record + prop->cm_offset; old_llp = (long long *) old_rec; if (*llp == *old_llp) { continue; } } d[n] = &dict[n]; n++; break; case cm_tdbush_property_mode_t: rec = record + prop->cm_offset; mp = (mode_t *) rec; dict[n].value.n = *mp; if (old_record != NULL) { /* if we have an old record, compare * its value to the current one, and * skip this if they're "the same" */ old_rec = old_record + prop->cm_offset; old_mp = (mode_t *) old_rec; if (*mp == *old_mp) { continue; } } d[n] = &dict[n]; n++; break; case cm_tdbush_property_special: switch (prop->cm_bus_type) { case cm_tdbush_property_path: case cm_tdbush_property_string: p = (*(prop->cm_read_string))(ctx, parent, record, prop->cm_name); if (old_record != NULL) { /* if we have an old record, * compare its value to the * current one, and skip this * if they're "the same" */ old_p = (*(prop->cm_read_string))(ctx, parent, old_record, prop->cm_name); if ((p == NULL) && (old_p == NULL)) { continue; } if ((p != NULL) && (old_p != NULL) && (strcmp(p, old_p) == 0)) { continue; } } if ((p == NULL) || (strlen(p) == 0)) { if (prop->cm_bus_type == cm_tdbush_property_path) { continue; } if (prop->cm_bus_type == cm_tdbush_property_string) { p = ""; } } dict[n].value.s = (char *) p; d[n] = &dict[n]; n++; break; case cm_tdbush_property_strings: pp = (*(prop->cm_read_strings))(ctx, parent, record, prop->cm_name); if (old_record != NULL) { /* if we have an old record, * compare its value to the * current one, and skip this * if they're "the same" */ old_pp = (*(prop->cm_read_strings))(ctx, parent, old_record, prop->cm_name); if (compare_strv(old_pp, pp) == 0) { continue; } } if ((pp != NULL) && (*pp != NULL)) { dict[n].value.as = (char **) pp; d[n] = &dict[n]; n++; } break; case cm_tdbush_property_string_pairs: pp = (*(prop->cm_read_string_pairs))(ctx, parent, record, prop->cm_name); if (old_record != NULL) { /* if we have an old record, * compare its value to the * current one, and skip this * if they're "the same" */ old_pp = (*(prop->cm_read_string_pairs))(ctx, parent, old_record, prop->cm_name); if (compare_strv(old_pp, pp) == 0) { continue; } } if ((pp != NULL) && (*pp != NULL)) { dict[n].value.ass = (char **) pp; d[n] = &dict[n]; n++; } break; case cm_tdbush_property_boolean: b = (*(prop->cm_read_boolean))(ctx, parent, record, prop->cm_name); if (old_record != NULL) { /* if we have an old record, * compare its value to the * current one, and skip this * if they're "the same" */ old_b = (*(prop->cm_read_boolean))(ctx, parent, old_record, prop->cm_name); if (b == old_b) { continue; } } dict[n].value.b = b; d[n] = &dict[n]; n++; break; case cm_tdbush_property_number: l = (*(prop->cm_read_number))(ctx, parent, record, prop->cm_name); if (old_record != NULL) { /* if we have an old record, * compare its value to the * current one, and skip this * if they're "the same" */ old_l = (*(prop->cm_read_number))(ctx, parent, old_record, prop->cm_name); if (l == old_l) { continue; } } dict[n].value.n = l; d[n] = &dict[n]; n++; break; } break; } } } if (d != NULL) { d[n] = NULL; } if (req != NULL) { cm_tdbusm_set_d(rep, d); } else { cm_tdbusm_set_sd(rep, interface, d); } if (rep != NULL) { if ((old_record == NULL) || ((d != NULL) && (d[0] != NULL))) { dbus_connection_send(conn, rep, NULL); } dbus_message_unref(rep); } talloc_free(parent); return DBUS_HANDLER_RESULT_HANDLED; } /* org.freedesktop.DBus.Properties.GetAll */ static DBusHandlerResult cm_tdbush_property_get_all(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx) { return cm_tdbush_property_get_all_or_changed(ctx, conn, msg, NULL, NULL, NULL, NULL); } /* emit org.freedesktop.DBus.Properties.PropertiesChanged for a specific set of * properties */ DBusHandlerResult cm_tdbush_property_emit_changed(struct cm_context *ctx, const char *path, const char *interface, const char **properties) { if (cm_get_conn_ptr(ctx) == NULL) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } else { return cm_tdbush_property_get_all_or_changed(ctx, cm_get_conn_ptr(ctx), NULL, path, interface, NULL, properties); } } /* emit org.freedesktop.DBus.Properties.PropertiesChanged for the properties * which differ between the old and new entries */ void cm_tdbush_property_emit_entry_changes(struct cm_context *ctx, struct cm_store_entry *old_entry, struct cm_store_entry *new_entry) { char *path; if (cm_get_conn_ptr(ctx) != NULL) { path = talloc_asprintf(old_entry, "%s/%s", CM_DBUS_REQUEST_PATH, old_entry->cm_busname); if (path != NULL) { cm_tdbush_property_get_all_or_changed(ctx, cm_get_conn_ptr(ctx), NULL, path, CM_DBUS_REQUEST_INTERFACE, (char *) old_entry, NULL); talloc_free(path); } } } /* emit org.fedorahosted.certmonger.request.SavedCertificate, for clients whom * filtering on PropertiesChanged isn't enough */ void cm_tdbush_property_emit_entry_saved_cert(struct cm_context *ctx, struct cm_store_entry *entry) { DBusMessage *msg; char *path; if (cm_get_conn_ptr(ctx) != NULL) { path = talloc_asprintf(entry, "%s/%s", CM_DBUS_REQUEST_PATH, entry->cm_busname); if (path != NULL) { msg = dbus_message_new_signal(path, CM_DBUS_REQUEST_INTERFACE, CM_DBUS_SIGNAL_REQUEST_CERT_SAVED); if (msg != NULL) { dbus_connection_send(cm_get_conn_ptr(ctx), msg, NULL); dbus_message_unref(msg); } talloc_free(path); } } } /* emit org.freedesktop.DBus.Properties.PropertiesChanged for the properties * which differ between the old and new CAs */ void cm_tdbush_property_emit_ca_changes(struct cm_context *ctx, struct cm_store_ca *old_ca, struct cm_store_ca *new_ca) { char *path; if (cm_get_conn_ptr(ctx) != NULL) { path = talloc_asprintf(old_ca, "%s/%s", CM_DBUS_CA_PATH, old_ca->cm_busname); if (path != NULL) { cm_tdbush_property_get_all_or_changed(ctx, cm_get_conn_ptr(ctx), NULL, path, CM_DBUS_CA_INTERFACE, (char *) old_ca, NULL); talloc_free(path); } } } /* interface for org.freedesktop.DBus.Introspectable */ static struct cm_tdbush_interface * cm_tdbush_iface_introspection(void) { static struct cm_tdbush_interface *ret; if (ret == NULL) { ret = make_interface(DBUS_INTERFACE_INTROSPECTABLE, make_interface_item(cm_tdbush_interface_method, make_method("Introspect", cm_tdbush_introspect, make_method_arg("xml_data", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), NULL)); } return ret; } /* interface for org.freedesktop.DBus.Properties */ static struct cm_tdbush_interface * cm_tdbush_iface_properties(void) { static struct cm_tdbush_interface *ret; if (ret == NULL) { ret = make_interface(DBUS_INTERFACE_PROPERTIES, make_interface_item(cm_tdbush_interface_method, make_method("Get", cm_tdbush_property_get, make_method_arg("interface_name", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("property_name", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("value", DBUS_TYPE_VARIANT_AS_STRING, cm_tdbush_method_arg_out, NULL))), NULL), make_interface_item(cm_tdbush_interface_method, make_method("Set", cm_tdbush_property_set, make_method_arg("interface_name", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("property_name", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("value", DBUS_TYPE_VARIANT_AS_STRING, cm_tdbush_method_arg_in, NULL))), NULL), make_interface_item(cm_tdbush_interface_method, make_method("GetAll", cm_tdbush_property_get_all, make_method_arg("interface_name", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("props", DBUS_TYPE_ARRAY_AS_STRING DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_VARIANT_AS_STRING DBUS_DICT_ENTRY_END_CHAR_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_signal, make_signal("PropertiesChanged", make_signal_arg("interface_name", DBUS_TYPE_STRING_AS_STRING, make_signal_arg("changed_properties", DBUS_TYPE_ARRAY_AS_STRING DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_VARIANT_AS_STRING DBUS_DICT_ENTRY_END_CHAR_AS_STRING, make_signal_arg("invalidated_properties", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, NULL)))), NULL))))); } return ret; } /* interface for org.freedesktop.certmonger.request */ static struct cm_tdbush_interface * cm_tdbush_iface_request(void) { static struct cm_tdbush_interface *ret; if (ret == NULL) { ret = make_interface(CM_DBUS_REQUEST_INTERFACE, make_interface_item(cm_tdbush_interface_method, make_method("get_nickname", request_get_nickname, make_method_arg("nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NICKNAME, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_nickname), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_autorenew", request_get_autorenew, make_method_arg("enabled", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_AUTORENEW, cm_tdbush_property_boolean, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, request_prop_get_autorenew, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_cert_data", request_get_cert_data, make_method_arg("pem", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, make_member_annotation("org.freedesktop.DBus.Property.EmitsChangedSignal", "true", NULL)), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_CHAIN, cm_tdbush_property_string_pairs, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, ca_prop_get_nickcerts, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_ROOTS, cm_tdbush_property_string_pairs, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, ca_prop_get_nickcerts, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_cert_info", request_get_cert_info, make_method_arg("issuer", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("serial_hex", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("subject", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("not_after", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("email", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("dns", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("principal_names", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("key_usage", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("extended_key_usage", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("not_before", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, NULL)))))))))), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_ISSUER, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert_issuer), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_SERIAL, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert_serial), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_SUBJECT, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert_subject), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_NOT_VALID_BEFORE, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_time_t, offsetof(struct cm_store_entry, cm_cert_not_before), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_NOT_VALID_AFTER, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_time_t, offsetof(struct cm_store_entry, cm_cert_not_after), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_EMAIL, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_cert_email), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_KU, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert_ku), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_EKU, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_comma_list, offsetof(struct cm_store_entry, cm_cert_eku), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_HOSTNAME, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_cert_hostname), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_PRINCIPAL, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_cert_principal), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_cert_last_checked", request_get_cert_last_checked, make_method_arg("date", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_LAST_CHECKED, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_time_t, offsetof(struct cm_store_entry, cm_last_need_notify_check), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_cert_storage_info", request_get_cert_storage_info, make_method_arg("type", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("location_or_nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("nss_token", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL))), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_LOCATION_TYPE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_cert_location_type, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_LOCATION_FILE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_cert_location_file, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_LOCATION_DATABASE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_cert_location_database, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_LOCATION_NICKNAME, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_cert_location_nickname, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_LOCATION_TOKEN, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_cert_location_token, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_OWNER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert_owner), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_PERMS, cm_tdbush_property_number, cm_tdbush_property_readwrite, cm_tdbush_property_mode_t, offsetof(struct cm_store_entry, cm_cert_perms), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_csr_data", request_get_csr_data, make_method_arg("pem", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CSR, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_csr), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_csr_info", request_get_csr_info, make_method_arg("subject", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("email", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("dns", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("principal_names", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("key_usage", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("extended_key_usage", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL)))))), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_PIN, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, request_prop_get_key_pin, NULL, NULL, NULL, NULL, request_prop_set_key_pin, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_PIN_FILE, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, request_prop_get_key_pin_file, NULL, NULL, NULL, NULL, request_prop_set_key_pin_file, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_GEN_DATE, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_time_t, offsetof(struct cm_store_entry, cm_key_generated_date), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_ISSUED_COUNT, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, NULL, request_prop_get_key_issued_count, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_SUBJECT, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_subject), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_EMAIL, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_email), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_KU, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_ku), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_EKU, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_comma_list, offsetof(struct cm_store_entry, cm_template_eku), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_HOSTNAME, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_hostname), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_PRINCIPAL, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_principal), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_IP_ADDRESS, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_ipaddress), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_IS_CA, cm_tdbush_property_boolean, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, request_prop_get_template_is_ca, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_CA_PATH_LENGTH, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, NULL, request_prop_get_template_ca_path_length, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_OCSP, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_ocsp_location), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_CRL_DP, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_crl_distribution_point), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_FRESHEST_CRL, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_template_freshest_crl), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_NS_COMMENT, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_ns_comment), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_PROFILE, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_profile), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_ISSUER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_issuer), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_certificate_template), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_NS_CERTTYPE, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_template_ns_certtype), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, request_prop_get_challenge_password, NULL, NULL, NULL, NULL, request_prop_set_challenge_password, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD_FILE, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, request_prop_get_challenge_password_file, NULL, NULL, NULL, NULL, request_prop_set_challenge_password_file, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_key_pin", request_get_key_pin, make_method_arg("pin", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_key_pin_file", request_get_key_pin_file, make_method_arg("pin_file", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_key_storage_info", request_get_key_storage_info, make_method_arg("type", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("location_or_nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("nss_token", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL))), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_LOCATION_TYPE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_key_location_type, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_LOCATION_FILE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_key_location_file, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_LOCATION_DATABASE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_key_location_database, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_LOCATION_NICKNAME, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_key_location_nickname, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_LOCATION_TOKEN, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_key_location_token, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_OWNER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_key_owner), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_PERMS, cm_tdbush_property_number, cm_tdbush_property_readwrite, cm_tdbush_property_mode_t, offsetof(struct cm_store_entry, cm_key_perms), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_key_type_and_size", request_get_key_type_and_size, make_method_arg("type", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("size", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_TYPE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_key_type, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_KEY_SIZE, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, NULL, request_prop_get_key_size, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_monitoring", request_get_monitoring, make_method_arg("enabled", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_MONITORING, cm_tdbush_property_boolean, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, request_prop_get_monitoring, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_notification_info", request_get_notification_info, make_method_arg("method", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("destination", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NOTIFICATION_TYPE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_notification_type, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NOTIFICATION_SYSLOG_PRIORITY, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_notification_syslog, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NOTIFICATION_EMAIL, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_notification_email, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NOTIFICATION_COMMAND, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_notification_command, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_status", request_get_status, make_method_arg("state", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("blocked", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_STATUS, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_status, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_STUCK, cm_tdbush_property_boolean, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, NULL, request_prop_get_stuck, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_ca", request_get_ca, make_method_arg("name", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA, cm_tdbush_property_path, cm_tdbush_property_read, cm_tdbush_property_special, 0, request_prop_get_ca, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_PROFILE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_cert_profile), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NSS_USER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_nss_user), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_ROOT_CERT_FILES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_root_cert_store_files), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_ROOT_CERT_FILES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_other_root_cert_store_files), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_CERT_FILES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_other_cert_store_files), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_ROOT_CERT_NSSDBS, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_root_cert_store_nssdbs), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_other_root_cert_store_nssdbs), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_CERT_NSSDBS, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_entry, cm_other_cert_store_nssdbs), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_submitted_cookie", request_get_submitted_cookie, make_method_arg("cookie", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_COOKIE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_ca_cookie), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_ca_error", request_get_ca_error, make_method_arg("text", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_ERROR, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_ca_error), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_submitted_date", request_get_submitted_date, make_method_arg("date", DBUS_TYPE_INT64_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SUBMITTED_DATE, cm_tdbush_property_number, cm_tdbush_property_read, cm_tdbush_property_time_t, offsetof(struct cm_store_entry, cm_submitted), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("modify", request_modify, make_method_arg("updates", DBUS_TYPE_ARRAY_AS_STRING DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_VARIANT_AS_STRING DBUS_DICT_ENTRY_END_CHAR_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("status", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("path", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL))), NULL), make_interface_item(cm_tdbush_interface_method, make_method("rekey", request_rekey, make_method_arg("working", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("resubmit", request_resubmit, make_method_arg("working", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("refresh", request_refresh, make_method_arg("working", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_PRESAVE_COMMAND, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_pre_certsave_command), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_PRESAVE_UID, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_pre_certsave_uid), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_POSTSAVE_COMMAND, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_post_certsave_command), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_POSTSAVE_UID, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_entry, cm_post_certsave_uid), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_signal, make_signal(CM_DBUS_SIGNAL_REQUEST_CERT_SAVED, NULL), NULL)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))); } return ret; } /* interface for org.freedesktop.certmonger.ca */ static struct cm_tdbush_interface * cm_tdbush_iface_ca(void) { static struct cm_tdbush_interface *ret; if (ret == NULL) { ret = make_interface(CM_DBUS_CA_INTERFACE, make_interface_item(cm_tdbush_interface_method, make_method("get_config_file_path", ca_get_config_file_path, make_method_arg("path", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_nickname", ca_get_nickname, make_method_arg("nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_NICKNAME, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_nickname), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_AKA, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_aka), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_is_default", ca_get_is_default, make_method_arg("default", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_IS_DEFAULT, cm_tdbush_property_boolean, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, NULL, NULL, NULL, ca_prop_get_is_default, NULL, NULL, NULL, NULL, ca_prop_set_is_default, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_type", ca_get_type, make_method_arg("type", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_serial", ca_get_serial, make_method_arg("serial_hex", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_location", ca_get_location, make_method_arg("path", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_EXTERNAL_HELPER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, ca_prop_get_external_helper, NULL, NULL, NULL, NULL, ca_prop_set_external_helper, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_issuer_names", ca_get_issuer_names, make_method_arg("names", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("refresh", ca_refresh, make_method_arg("working", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_ERROR, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_error), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_ISSUER_NAMES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_known_issuer_names), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_ROOT_CERTS, cm_tdbush_property_string_pairs, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, ca_prop_get_nickcerts, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_ROOT_CERTS, cm_tdbush_property_string_pairs, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, ca_prop_get_nickcerts, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_CERTS, cm_tdbush_property_string_pairs, cm_tdbush_property_read, cm_tdbush_property_special, 0, NULL, NULL, ca_prop_get_nickcerts, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_REQUIRED_ENROLL_ATTRIBUTES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_required_enroll_attributes), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_REQUIRED_RENEW_ATTRIBUTES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_required_renewal_attributes), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SUPPORTED_PROFILES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_profiles), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_DEFAULT_PROFILE, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_default_profile), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_ROOT_CERT_FILES, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_root_cert_store_files), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_ROOT_CERT_FILES, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_other_root_cert_store_files), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_CERT_FILES, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_other_cert_store_files), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_ROOT_CERT_NSSDBS, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_root_cert_store_nssdbs), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_ROOT_CERT_NSSDBS, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_other_root_cert_store_nssdbs), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_OTHER_CERT_NSSDBS, cm_tdbush_property_strings, cm_tdbush_property_readwrite, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_other_cert_store_nssdbs), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_PRESAVE_COMMAND, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_pre_save_command), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_PRESAVE_UID, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_pre_save_uid), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_POSTSAVE_COMMAND, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_post_save_command), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CA_POSTSAVE_UID, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_post_save_uid), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_CIPHER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, ca_prop_get_scep_cipher, NULL, NULL, NULL, NULL, ca_prop_set_scep_cipher, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_DIGEST, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, ca_prop_get_scep_digest, NULL, NULL, NULL, NULL, ca_prop_set_scep_digest, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_CA_IDENTIFIER, cm_tdbush_property_string, cm_tdbush_property_readwrite, cm_tdbush_property_special, 0, ca_prop_get_scep_ca_identifier, NULL, NULL, NULL, NULL, ca_prop_set_scep_ca_identifier, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_CA_CAPABILITIES, cm_tdbush_property_strings, cm_tdbush_property_read, cm_tdbush_property_char_pp, offsetof(struct cm_store_ca, cm_ca_capabilities), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_RA_CERT, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_encryption_cert), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_CA_CERT, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_encryption_issuer_cert), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_SCEP_OTHER_CERTS, cm_tdbush_property_string, cm_tdbush_property_read, cm_tdbush_property_char_p, offsetof(struct cm_store_ca, cm_ca_encryption_cert_pool), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), NULL))))))))))))))))))))))))))))))))))))))); } return ret; } /* interface for org.freedesktop.certmonger */ static struct cm_tdbush_interface * cm_tdbush_iface_base(void) { static struct cm_tdbush_interface *ret; if (ret == NULL) { ret = make_interface(CM_DBUS_BASE_INTERFACE, make_interface_item(cm_tdbush_interface_method, make_method("add_known_ca", base_add_known_ca, make_method_arg("nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("command", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("known_names", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("status", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("name", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL))))), NULL), make_interface_item(cm_tdbush_interface_method, make_method("add_request", base_add_request, make_method_arg("template", DBUS_TYPE_ARRAY_AS_STRING DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_VARIANT_AS_STRING DBUS_DICT_ENTRY_END_CHAR_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("status", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, make_method_arg("name", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL))), NULL), make_interface_item(cm_tdbush_interface_method, make_method("find_ca_by_nickname", base_find_ca_by_nickname, make_method_arg("nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("ca", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_method, make_method("find_request_by_nickname", base_find_request_by_nickname, make_method_arg("nickname", DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("request", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_known_cas", base_get_known_cas, make_method_arg("ca_list", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_requests", base_get_requests, make_method_arg("requests", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_supported_key_types", base_get_supported_key_types, make_method_arg("key_type_list", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_supported_key_storage", base_get_supported_key_storage, make_method_arg("key_storage_type_list", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("get_supported_cert_storage", base_get_supported_cert_storage, make_method_arg("cert_storage_type_list", DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, NULL), NULL), make_interface_item(cm_tdbush_interface_method, make_method("remove_known_ca", base_remove_known_ca, make_method_arg("ca", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("status", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), make_interface_item(cm_tdbush_interface_method, make_method("remove_request", base_remove_request, make_method_arg("request", DBUS_TYPE_OBJECT_PATH_AS_STRING, cm_tdbush_method_arg_in, make_method_arg("status", DBUS_TYPE_BOOLEAN_AS_STRING, cm_tdbush_method_arg_out, NULL)), NULL), NULL)))))))))))); } return ret; } /* map object types to an get-interface functions */ struct cm_tdbush_interface_map cm_tdbush_object_type_map[] = { {cm_tdbush_object_type_parent_of_base, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_base, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_base, &cm_tdbush_iface_properties}, {cm_tdbush_object_type_base, &cm_tdbush_iface_base}, {cm_tdbush_object_type_parent_of_cas, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_group_of_cas, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_ca, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_ca, &cm_tdbush_iface_properties}, {cm_tdbush_object_type_ca, &cm_tdbush_iface_ca}, {cm_tdbush_object_type_parent_of_requests, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_group_of_requests, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_request, &cm_tdbush_iface_introspection}, {cm_tdbush_object_type_request, &cm_tdbush_iface_properties}, {cm_tdbush_object_type_request, &cm_tdbush_iface_request}, }; static struct cm_tdbush_interface_map * cm_tdbush_object_type_map_get_n(unsigned int i) { if (i < (sizeof(cm_tdbush_object_type_map) / sizeof(cm_tdbush_object_type_map[0]))) { return cm_tdbush_object_type_map + i; } else { return NULL; } } static enum cm_tdbush_object_type cm_tdbush_classify_path(struct cm_context *ctx, const char *path) { int basepathlen = strlen(CM_DBUS_BASE_PATH); int capathlen = strlen(CM_DBUS_CA_PATH); int reqpathlen = strlen(CM_DBUS_REQUEST_PATH); int pathlen = strlen(path); /* Base is just a name, so check for it first. */ if (strcmp(path, CM_DBUS_BASE_PATH) == 0) { return cm_tdbush_object_type_base; } /* The group of requests is just a name, so check for it. */ if (strcmp(path, CM_DBUS_REQUEST_PATH) == 0) { return cm_tdbush_object_type_group_of_requests; } /* The group of CAs is just a name, so check for it. */ if (strcmp(path, CM_DBUS_CA_PATH) == 0) { return cm_tdbush_object_type_group_of_cas; } /* Check for things above the base node. */ if ((strcmp(path, "/") == 0) || ((pathlen < basepathlen) && (strncmp(path, CM_DBUS_BASE_PATH, pathlen) == 0) && (CM_DBUS_BASE_PATH[pathlen] == '/'))) { return cm_tdbush_object_type_parent_of_base; } /* Check for things above the request group node. */ if (((pathlen < reqpathlen) && (strncmp(path, CM_DBUS_REQUEST_PATH, pathlen) == 0) && (CM_DBUS_REQUEST_PATH[pathlen] == '/'))) { return cm_tdbush_object_type_parent_of_requests; } /* Check for things above the CA group node. */ if (((pathlen < capathlen) && (strncmp(path, CM_DBUS_CA_PATH, pathlen) == 0) && (CM_DBUS_CA_PATH[pathlen] == '/'))) { return cm_tdbush_object_type_parent_of_cas; } /* Check if it names a request. */ if ((pathlen > reqpathlen) && (strncmp(path, CM_DBUS_REQUEST_PATH, reqpathlen) == 0) && (path[reqpathlen] == '/') && (cm_get_entry_by_busname(ctx, path + reqpathlen + 1) != NULL)) { return cm_tdbush_object_type_request; } /* Check if it names a CA. */ if ((pathlen > capathlen) && (strncmp(path, CM_DBUS_CA_PATH, capathlen) == 0) && (path[capathlen] == '/') && (cm_get_ca_by_busname(ctx, path + capathlen + 1) != NULL)) { return cm_tdbush_object_type_ca; } /* It's not classifiable. */ return cm_tdbush_object_type_none; } /* the list of method calls that we've made that we haven't yet received * responses for, and the methods to invoke once we've gotten responses for our * outstanding requests */ struct cm_tdbush_pending_call { DBusMessage *cm_msg; const char *cm_path, *cm_interface, *cm_method; enum cm_tdbush_object_type cm_type; DBusHandlerResult (*cm_fn)(DBusConnection *conn, DBusMessage *msg, struct cm_client_info *ci, struct cm_context *ctx); dbus_bool_t cm_know_uid; /* GetConnectionUnixUser replied? */ dbus_uint32_t cm_pending_uid; /* pending GetConnectionUnixUser call */ dbus_bool_t cm_know_pid; /* GetConnectionUnixProcessID replied? */ dbus_uint32_t cm_pending_pid; /* pending GetConnectionUnixProcessID call */ uid_t cm_uid; pid_t cm_pid; struct cm_tdbush_pending_call *cm_next; } *cm_pending_calls; /* read the UID and PID of a directly-connected client */ static int cm_tdbush_read_conn_id(DBusConnection *conn, uid_t *uid, pid_t *pid) { unsigned long utmp, ptmp; if (!dbus_connection_get_unix_user(conn, &utmp) || !dbus_connection_get_unix_process_id(conn, &ptmp)) { return -1; } *uid = utmp; *pid = ptmp; return 0; } /* handle a method call by either asserting that we don't support a method, or * by asking for information about the caller */ DBusHandlerResult cm_tdbush_handle_method_call(DBusConnection *conn, DBusMessage *msg, enum cm_tdbus_type bus, struct cm_context *ctx) { struct cm_tdbush_pending_call pending, *tmp; struct cm_tdbush_interface *iface; struct cm_tdbush_interface_item *item; struct cm_tdbush_method *meth; struct cm_client_info self; unsigned int i; memset(&pending, 0, sizeof(pending)); pending.cm_msg = dbus_message_ref(msg); pending.cm_path = dbus_message_get_path(pending.cm_msg); pending.cm_interface = dbus_message_get_interface(pending.cm_msg); pending.cm_method = dbus_message_get_member(pending.cm_msg); pending.cm_type = cm_tdbush_classify_path(ctx, pending.cm_path); pending.cm_know_uid = FALSE; pending.cm_uid = (uid_t) -1; pending.cm_know_pid = FALSE; pending.cm_pid = (pid_t) -1; for (i = 0; i < sizeof(cm_tdbush_object_type_map) / sizeof(cm_tdbush_object_type_map[i]); i++) { if (cm_tdbush_object_type_map[i].cm_type != pending.cm_type) { continue; } iface = (*((cm_tdbush_object_type_map[i]).cm_interface))(); if ((pending.cm_interface != NULL) && (cm_name_cmp(iface->cm_name, pending.cm_interface) != 0)) { continue; } for (item = iface->cm_items; item != NULL; item = item->cm_next) { if (item->cm_member_type != cm_tdbush_interface_method) { continue; } meth = item->cm_method; if (cm_name_cmp(meth->cm_name, pending.cm_method) != 0) { continue; } /* found it */ pending.cm_fn = meth->cm_fn; /* "private": no bus daemon, so identify the client */ if (bus == cm_tdbus_private) { /* just run the method */ if (cm_tdbush_read_conn_id(conn, &pending.cm_uid, &pending.cm_pid) != 0) { cm_log(4, "Error reading client ID, " "ignoring.\n"); } else { pending.cm_know_uid = TRUE; pending.cm_know_pid = TRUE; if (pending.cm_uid != getuid()) { cm_log(4, "Client's UID is " "not the same as ours, " "ignoring.\n"); } else { cm_log(4, "User ID %lu PID %lu " "called %s:%s.%s.\n", (unsigned long) pending.cm_uid, (unsigned long) pending.cm_pid, pending.cm_path, pending.cm_interface, pending.cm_method); (*meth->cm_fn)(conn, pending.cm_msg, &self, ctx); } } dbus_message_unref(pending.cm_msg); cm_reset_timeout(ctx); return DBUS_HANDLER_RESULT_HANDLED; } /* "public": go ask the daemon who the client is */ tmp = talloc_ptrtype(NULL, tmp); if (tmp != NULL) { memset(tmp, 0, sizeof(*tmp)); /* we need to know who this is */ msg = dbus_message_new_method_call(DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, "GetConnectionUnixUser"); if (msg != NULL) { cm_tdbusm_set_s(msg, dbus_message_get_sender(pending.cm_msg)); if (!dbus_connection_send(conn, msg, &pending.cm_pending_uid)) { cm_log(4, "Error calling GetConnectionUnixUser\n"); talloc_free(tmp); tmp = NULL; } dbus_message_unref(msg); } msg = dbus_message_new_method_call(DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, "GetConnectionUnixProcessID"); if (msg != NULL) { cm_tdbusm_set_s(msg, dbus_message_get_sender(pending.cm_msg)); if (!dbus_connection_send(conn, msg, &pending.cm_pending_pid)) { cm_log(4, "Error calling GetConnectionUnixProcessID\n"); talloc_free(tmp); tmp = NULL; } dbus_message_unref(msg); } if (tmp != NULL) { *tmp = pending; tmp->cm_next = cm_pending_calls; cm_pending_calls = tmp; cm_log(4, "Pending GetConnectionUnixUser serial %lu\n", (unsigned long) pending.cm_pending_uid); cm_log(4, "Pending GetConnectionUnixProcessID serial %lu\n", (unsigned long) pending.cm_pending_pid); cm_reset_timeout(ctx); return DBUS_HANDLER_RESULT_HANDLED; } } dbus_message_unref(pending.cm_msg); cm_reset_timeout(ctx); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } if (item == NULL) { continue; } } dbus_message_unref(pending.cm_msg); cm_reset_timeout(ctx); return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } DBusHandlerResult cm_tdbush_handle_method_return(DBusConnection *conn, DBusMessage *msg, enum cm_tdbus_type bus, struct cm_context *ctx) { struct cm_tdbush_pending_call **p, *call = NULL, *next = NULL; dbus_uint32_t serial; struct cm_client_info client_info; long uid, pid; serial = dbus_message_get_reply_serial(msg); /* figure out which of our pending calls this goes with */ for (p = &cm_pending_calls; (p != NULL) && (*p != NULL); p = &((*p)->cm_next)) { call = *p; next = call->cm_next; if (call->cm_pending_uid == serial) { if (cm_tdbusm_get_n(msg, call, &uid) != 0) { cm_log(1, "Result error from GetConnectionUnixUser().\n"); dbus_message_unref(call->cm_msg); talloc_free(call); *p = next; return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } call->cm_uid = uid; call->cm_know_uid = TRUE; break; } if (call->cm_pending_pid == serial) { if (cm_tdbusm_get_n(msg, call, &pid) != 0) { cm_log(1, "Result error from GetConnectionUnixProcessID().\n"); dbus_message_unref(call->cm_msg); talloc_free(call); *p = next; return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } call->cm_pid = pid; call->cm_know_pid = TRUE; break; } } if ((p == NULL) || (*p == NULL)) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* do we know enough now? if not, we're done here */ if (!call->cm_know_uid || !call->cm_know_pid) { return DBUS_HANDLER_RESULT_HANDLED; } /* actually run the method */ cm_log(4, "User ID %lu PID %lu called %s:%s.%s.\n", (unsigned long) call->cm_uid, (unsigned long) call->cm_pid, call->cm_path, call->cm_interface, call->cm_method); client_info.uid = call->cm_uid; client_info.pid = call->cm_pid; (*call->cm_fn)(conn, call->cm_msg, &client_info, ctx); /* remove the pending call record */ dbus_message_unref(call->cm_msg); talloc_free(call); *p = next; cm_reset_timeout(ctx); return DBUS_HANDLER_RESULT_HANDLED; } certmonger-0.79.19/src/tdbush.h0000644000175000017500000000360514511314133015667 0ustar gitgit00000000000000/* * Copyright (C) 2009,2012,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmtdbush_h #define cmtdbush_h struct cm_context; DBusHandlerResult cm_tdbush_handle(DBusConnection *conn, DBusMessage *msg, struct cm_context *ctx); struct cm_context; DBusHandlerResult cm_tdbush_handle_method_call(DBusConnection *conn, DBusMessage *msg, enum cm_tdbus_type bus, struct cm_context *ctx); struct cm_context; DBusHandlerResult cm_tdbush_handle_method_return(DBusConnection *conn, DBusMessage *msg, enum cm_tdbus_type bus, struct cm_context *ctx); void cm_tdbush_property_emit_entry_changes(struct cm_context *ctx, struct cm_store_entry *old_entry, struct cm_store_entry *new_entry); void cm_tdbush_property_emit_ca_changes(struct cm_context *ctx, struct cm_store_ca *old_ca, struct cm_store_ca *new_ca); DBusHandlerResult cm_tdbush_property_emit_changed(struct cm_context *ctx, const char *path, const char *interface, const char **properties); void cm_tdbush_property_emit_entry_saved_cert(struct cm_context *ctx, struct cm_store_entry *entry); char *cm_tdbush_canonicalize_directory(void *parent, const char *path); int cm_name_cmp(const char *a, const char *b); #endif certmonger-0.79.19/src/tdbusm-check.c0000644000175000017500000004265214511314133016747 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include "tdbus.h" #include "tdbusm.h" static const dbus_bool_t b = TRUE; static const long n = 12345, n1 = 23456, n2 = 34567; static char s[] = "This is a string."; static char s1[] = "This is a first string."; static char s2[] = "This is a second string."; static char s3[] = "This is a third string."; static char s4[] = "This is a fourth string."; static char p[] = "/this/is/a/path/to/an/object"; static const char *as[] = {"This", "is", "a", "string", "array.", NULL}; static const char *ap[] = {"/this", "/is", "/a", "/path", "/array", NULL}; static const char *as1[] = {"This", "is", "a", "first", "string", "array.", NULL}; static const char *as2[] = {"This", "is", "a", "second", "string", "array.", NULL}; static const char *as3[] = {"This", "is", "a", "third", "string", "array.", NULL}; static const char *as4[] = {"This", "is", "a", "fourth", "string", "array.", NULL}; static const char *ass[] = {"This", "is", "a", "string", "array.", NULL}; static struct cm_tdbusm_dict d0 = { .key = "key 0", .value_type = cm_tdbusm_dict_b, .value.b = TRUE, }; static struct cm_tdbusm_dict d1 = { .key = "key 1", .value_type = cm_tdbusm_dict_n, .value.n = 12345, }; static struct cm_tdbusm_dict d2 = { .key = "key 2", .value_type = cm_tdbusm_dict_s, .value.s = "this is a string value", }; static struct cm_tdbusm_dict d3 = { .key = "key 3", .value_type = cm_tdbusm_dict_as, .value.as = (char **) as, }; static struct cm_tdbusm_dict d4 = { .key = "key 4", .value_type = cm_tdbusm_dict_ass, .value.as = (char **) ass, }; static const struct cm_tdbusm_dict *dsub[] = {&d0, &d1, NULL}; static struct cm_tdbusm_dict d5 = { .key = "key 5", .value_type = cm_tdbusm_dict_d, .value.d = dsub, }; static const struct cm_tdbusm_dict *d[] = {&d0, &d1, &d2, &d3, &d4, &d5, NULL}; static int set_b(DBusMessage *msg) { return cm_tdbusm_set_b(msg, b); } static int set_n(DBusMessage *msg) { return cm_tdbusm_set_n(msg, n); } static int set_p(DBusMessage *msg) { return cm_tdbusm_set_p(msg, p); } static int set_s(DBusMessage *msg) { return cm_tdbusm_set_s(msg, s); } static int set_bp(DBusMessage *msg) { return cm_tdbusm_set_bp(msg, b, p); } static int set_bs(DBusMessage *msg) { return cm_tdbusm_set_bs(msg, b, s); } static int set_sb(DBusMessage *msg) { return cm_tdbusm_set_sb(msg, s, b); } static int set_sn(DBusMessage *msg) { return cm_tdbusm_set_sn(msg, s, n); } static int set_ss(DBusMessage *msg) { return cm_tdbusm_set_ss(msg, s1, s2); } static int set_ssb(DBusMessage *msg) { return cm_tdbusm_set_ssb(msg, s1, s2, b); } static int set_ssn(DBusMessage *msg) { return cm_tdbusm_set_ssn(msg, s1, s2, n); } static int set_ap(DBusMessage *msg) { return cm_tdbusm_set_ap(msg, ap); } static int set_as(DBusMessage *msg) { return cm_tdbusm_set_as(msg, as); } static int set_ass(DBusMessage *msg) { return cm_tdbusm_set_ass(msg, ass); } static int set_sss(DBusMessage *msg) { return cm_tdbusm_set_sss(msg, s1, s2, s3); } static int set_ssvs(DBusMessage *msg) { return cm_tdbusm_set_ssvs(msg, s1, s2, s3); } static int set_ssas(DBusMessage *msg) { return cm_tdbusm_set_ssas(msg, s1, s2, as); } static int set_ssss(DBusMessage *msg) { return cm_tdbusm_set_ssss(msg, s1, s2, s3, s4); } static int set_ssoas(DBusMessage *msg) { return cm_tdbusm_set_ssoas(msg, s1, s2, as); } static int set_sssas(DBusMessage *msg) { return cm_tdbusm_set_sssas(msg, s1, s2, s3, as); } static int set_sssnasasasnas(DBusMessage *msg) { return cm_tdbusm_set_sssnasasasnas(msg, s1, s2, s3, n1, as1, as2, as3, n2, as4); } static int set_sasasasnas(DBusMessage *msg) { return cm_tdbusm_set_sasasasnas(msg, s, as1, as2, as3, n, as4); } static int set_d(DBusMessage *msg) { return cm_tdbusm_set_d(msg, d); } static int set_sd(DBusMessage *msg) { return cm_tdbusm_set_sd(msg, s, d); } static int set_ssass(DBusMessage *msg) { return cm_tdbusm_set_ssass(msg, s1, s2, ass); } static int get_b(DBusMessage *rep, int msgid) { int ret; dbus_bool_t b; ret = cm_tdbusm_get_b(rep, NULL, &b); if (ret == 0) { printf("Message %d - b:%s\n", msgid, b ? "TRUE" : "FALSE"); } return ret; } static int get_n(DBusMessage *rep, int msgid) { int ret; long n; ret = cm_tdbusm_get_n(rep, NULL, &n); if (ret == 0) { printf("Message %d - n:%ld\n", msgid, n); } return ret; } static int get_p(DBusMessage *rep, int msgid) { int ret; char *p; ret = cm_tdbusm_get_p(rep, NULL, &p); if (ret == 0) { printf("Message %d - p:%s\n", msgid, p); } return ret; } static int get_s(DBusMessage *rep, int msgid) { int ret; char *s; ret = cm_tdbusm_get_s(rep, NULL, &s); if (ret == 0) { printf("Message %d - s:%s\n", msgid, s); } return ret; } static int get_bp(DBusMessage *rep, int msgid) { dbus_bool_t b; int ret; char *p; ret = cm_tdbusm_get_bp(rep, NULL, &b, &p); if (ret == 0) { printf("Message %d - b:%s,p:%s\n", msgid, b ? "TRUE" : "FALSE", p); } return ret; } static int get_bs(DBusMessage *rep, int msgid) { dbus_bool_t b; int ret; char *s; ret = cm_tdbusm_get_bs(rep, NULL, &b, &s); if (ret == 0) { printf("Message %d - b:%s,s:%s\n", msgid, b ? "TRUE" : "FALSE", s); } return ret; } static int get_sb(DBusMessage *rep, int msgid) { dbus_bool_t b; int ret; char *s; ret = cm_tdbusm_get_sb(rep, NULL, &s, &b); if (ret == 0) { printf("Message %d - s:%s,b:%s\n", msgid, s, b ? "TRUE" : "FALSE"); } return ret; } static int get_sn(DBusMessage *rep, int msgid) { int ret; long n; char *s; ret = cm_tdbusm_get_sn(rep, NULL, &s, &n); if (ret == 0) { printf("Message %d - s:%s,n:%ld\n", msgid, s, n); } return ret; } static int get_ss(DBusMessage *rep, int msgid) { int ret; char *s1, *s2; ret = cm_tdbusm_get_ss(rep, NULL, &s1, &s2); if (ret == 0) { printf("Message %d - s:%s,s:%s\n", msgid, s1, s2); } return ret; } static int get_ap(DBusMessage *rep, int msgid) { int ret, i; char **ap; ret = cm_tdbusm_get_ap(rep, NULL, &ap); if (ret == 0) { printf("Message %d - [", msgid); for (i = 0; (ap != NULL) && (ap[i] != NULL); i++) { printf("%sp:%s", i > 0 ? "," : "", ap[i]); } printf("]\n"); } return ret; } static int get_as(DBusMessage *rep, int msgid) { int ret, i; char **as; ret = cm_tdbusm_get_as(rep, NULL, &as); if (ret == 0) { printf("Message %d - [", msgid); for (i = 0; (as != NULL) && (as[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as[i]); } printf("]\n"); } return ret; } static int get_ass(DBusMessage *rep, int msgid) { int ret, i; char **ass = NULL; ret = cm_tdbusm_get_ass(rep, NULL, &ass); if (ret == 0) { printf("Message %d - [", msgid); for (i = 0; (ass != NULL) && (ass[i] != NULL) && (ass[i + 1] != NULL); i += 2) { printf("%s(%s,%s)", i > 0 ? "," : "", ass[i], ass[i + 1]); } printf("]\n"); } return ret; } static int get_sss(DBusMessage *rep, int msgid) { int ret; char *s1, *s2, *s3; ret = cm_tdbusm_get_sss(rep, NULL, &s1, &s2, &s3); if (ret == 0) { printf("Message %d - s:%s,s:%s,s:%s\n", msgid, s1, s2, s3); } return ret; } static int get_ssvs(DBusMessage *rep, int msgid) { int ret; char *s1, *s2; enum cm_tdbusm_dict_value_type type; union cm_tdbusm_variant value; memset(&value, 0, sizeof(value)); ret = cm_tdbusm_get_ssv(rep, NULL, &s1, &s2, &type, &value); if (ret == 0) { if (type == cm_tdbusm_dict_s) { printf("Message %d - s:%s,s:%s,s:%s\n", msgid, s1, s2, value.s); } } return ret; } static int get_ssb(DBusMessage *rep, int msgid) { int ret; char *s1, *s2; dbus_bool_t b; ret = cm_tdbusm_get_ssb(rep, NULL, &s1, &s2, &b); if (ret == 0) { printf("Message %d - s:%s,s:%s,b:%s\n", msgid, s1, s2, b ? "TRUE" : "FALSE"); } return ret; } static int get_ssn(DBusMessage *rep, int msgid) { int ret; char *s1, *s2; long n; ret = cm_tdbusm_get_ssn(rep, NULL, &s1, &s2, &n); if (ret == 0) { printf("Message %d - s:%s,s:%s,n:%ld\n", msgid, s1, s2, n); } return ret; } static int get_ssas(DBusMessage *rep, int msgid) { int ret, i; char *s1, *s2, **as; ret = cm_tdbusm_get_ssas(rep, NULL, &s1, &s2, &as); if (ret == 0) { printf("Message %d - s:%s,s:%s,as:[", msgid, s1, s2); for (i = 0; (as != NULL) && (as[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as[i]); } printf("]\n"); } return ret; } static int get_ssss(DBusMessage *rep, int msgid) { int ret; char *s1, *s2, *s3, *s4; ret = cm_tdbusm_get_ssss(rep, NULL, &s1, &s2, &s3, &s4); if (ret == 0) { printf("Message %d - s:%s,s:%ss:%s,s:%s\n", msgid, s1, s2, s3, s4); } return ret; } static int get_ssosos(DBusMessage *rep, int msgid) { int ret; char *s1, *s2, *s3, *s4; ret = cm_tdbusm_get_ssosos(rep, NULL, &s1, &s2, &s3, &s4); if (ret == 0) { printf("Message %d - s:%s,s:%ss:%ss:%s\n", msgid, s1, s2, s3 ? s3 : "(NULL)", s4 ? s4 : "(NULL)"); } return ret; } static int get_sososos(DBusMessage *rep, int msgid) { int ret; char *s1, *s2, *s3, *s4; ret = cm_tdbusm_get_sososos(rep, NULL, &s1, &s2, &s3, &s4); if (ret == 0) { printf("Message %d - s:%s,s:%ss:%s,s:%s\n", msgid, s1, s2 ? s2 : "(NULL)", s3 ? s3 : "(NULL)", s4 ? s4 : "(NULL)"); } return ret; } static int get_ssoas(DBusMessage *rep, int msgid) { int ret, i; char *s1, *s2, **as; ret = cm_tdbusm_get_ssoas(rep, NULL, &s1, &s2, &as); if (ret == 0) { printf("Message %d - s:%s,s:%s,[", msgid, s1, s2); for (i = 0; (as != NULL) && (as[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as[i]); } printf("]\n"); } return ret; } static int get_sssas(DBusMessage *rep, int msgid) { int ret, i; char *s1, *s2, *s3, **as; ret = cm_tdbusm_get_sssas(rep, NULL, &s1, &s2, &s3, &as); if (ret == 0) { printf("Message %d - s:%s,s:%s,s:%s,[", msgid, s1, s2, s3); for (i = 0; (as != NULL) && (as[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as[i]); } printf("]\n"); } return ret; } static int get_sssnasasasnas(DBusMessage *rep, int msgid) { int ret, i; long n1, n2; char *s1, *s2, *s3, **as1, **as2, **as3, **as4; ret = cm_tdbusm_get_sssnasasasnas(rep, NULL, &s1, &s2, &s3, &n1, &as1, &as2, &as3, &n2, &as4); if (ret == 0) { printf("Message %d - s:%s,s:%s,s:%s," "n:%ld,[", msgid, s1, s2, s3, n1); for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as1[i]); } printf("],["); for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as2[i]); } printf("],["); for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as3[i]); } printf("],n:%ld,[", n2); for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as4[i]); } printf("]\n"); } return ret; } static int get_sssnasasasnasn(DBusMessage *rep, int msgid) { int ret, i; long n1, n2, n3; char *s1, *s2, *s3, **as1, **as2, **as3, **as4; ret = cm_tdbusm_get_sssnasasasnasn(rep, NULL, &s1, &s2, &s3, &n1, &as1, &as2, &as3, &n2, &as4, &n3); if (ret == 0) { printf("Message %d - s:%s,s:%s,s:%s," "n:%ld,[", msgid, s1, s2, s3, n1); for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as1[i]); } printf("],["); for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as2[i]); } printf("],["); for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as3[i]); } printf("],n:%ld,n:%ld,[", n2, n3); for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as4[i]); } printf("]\n"); } return ret; } static int get_sasasasnas(DBusMessage *rep, int msgid) { int ret, i; long n; char *s, **as1, **as2, **as3, **as4; ret = cm_tdbusm_get_sasasasnas(rep, NULL, &s, &as1, &as2, &as3, &n, &as4); if (ret == 0) { printf("Message %d - s:%s,[", msgid, s); for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as1[i]); } printf("],["); for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as2[i]); } printf("],["); for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as3[i]); } printf("],n:%ld,[", n); for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) { printf("%ss:%s", i > 0 ? "," : "", as4[i]); } printf("]\n"); } return ret; } static int print_d(DBusMessage *rep, const struct cm_tdbusm_dict **d) { int i, k; for (i = 0; (d != NULL) && (d[i] != NULL); i++) { printf("%s{%s=", i > 0 ? "," : "", d[i]->key); switch (d[i]->value_type) { case cm_tdbusm_dict_invalid: printf("(invalid)}"); break; case cm_tdbusm_dict_s: printf("s:%s}", d[i]->value.s); break; case cm_tdbusm_dict_p: printf("p:%s}", d[i]->value.s); break; case cm_tdbusm_dict_as: printf("as:["); for (k = 0; (d[i]->value.as != NULL) && (d[i]->value.as[k] != NULL); k++) { printf("%s%s", k > 0 ? "," : "", d[i]->value.as[k]); } printf("]"); break; case cm_tdbusm_dict_ass: printf("ass:["); for (k = 0; (d[i]->value.ass != NULL) && (d[i]->value.ass[k] != NULL) && (d[i]->value.ass[k + 1] != NULL); k += 2) { printf("%s(%s,%s)", k > 0 ? "," : "", d[i]->value.ass[k], d[i]->value.ass[k + 1]); } printf("]"); break; case cm_tdbusm_dict_n: printf("n:%ld}", d[i]->value.n); break; case cm_tdbusm_dict_b: printf("b:%s}", d[i]->value.b ? "TRUE" : "FALSE"); break; case cm_tdbusm_dict_d: printf("d:["); print_d(rep, d[i]->value.d); printf("]"); break; } } return i; } static int get_d(DBusMessage *rep, int msgid) { int ret; struct cm_tdbusm_dict **d; ret = cm_tdbusm_get_d(rep, NULL, &d); if (ret == 0) { printf("Message %d - [", msgid); print_d(rep, (const struct cm_tdbusm_dict **) d); printf("]\n"); } return ret; } static int get_sd(DBusMessage *rep, int msgid) { int ret; struct cm_tdbusm_dict **d; char *s; ret = cm_tdbusm_get_sd(rep, NULL, &s, &d); if (ret == 0) { printf("Message %d - s:%s,[", msgid, s); print_d(rep, (const struct cm_tdbusm_dict **) d); printf("]\n"); } return ret; } static int get_ssass(DBusMessage *rep, int msgid) { int ret, i; char *s1, *s2, **ass; ret = cm_tdbusm_get_ssass(rep, NULL, &s1, &s2, &ass); if (ret == 0) { printf("Message %d - s:%s,s:%s,", msgid, s1, s2); printf("ass:["); for (i = 0; (ass[i] != NULL) && (ass[i + 1] != NULL); i += 2) { printf("%s(%s,%s)", i > 0 ? "," : "", ass[i], ass[i + 1]); } printf("]\n"); } return ret; } int main(int argc, const char **argv) { DBusConnection *conn; DBusMessage *msg; DBusError err; DBusBusType bus = DBUS_BUS_SESSION; int c, ret; unsigned int i; const struct { int (*set)(DBusMessage *); int (*get)(DBusMessage *, int); } tests[] = { {&set_b, &get_b}, {&set_n, &get_n}, {&set_p, &get_p}, {&set_s, &get_s}, {&set_bp, &get_bp}, {&set_bs, &get_bs}, {&set_sb, &get_sb}, {&set_sn, &get_sn}, {&set_ss, &get_ss}, {&set_ap, &get_ap}, {&set_as, &get_as}, {&set_sss, &get_sss}, {&set_ssn, &get_ssn}, {&set_ssb, &get_ssb}, {&set_ssas, &get_ssas}, {&set_ssss, &get_ssss}, {&set_ss, &get_ssosos}, {&set_sss, &get_ssosos}, {&set_ssss, &get_ssosos}, {&set_s, &get_sososos}, {&set_ss, &get_sososos}, {&set_sss, &get_sososos}, {&set_ssss, &get_sososos}, {&set_ssoas, &get_ssoas}, {&set_sssas, &get_sssas}, {&set_sssnasasasnas, &get_sssnasasasnas}, {&set_sasasasnas, &get_sasasasnas}, {&set_ass, &get_ass}, {&set_d, &get_d}, {&set_sd, &get_sd}, {&set_ssass, &get_ssass}, {&set_ssvs, &get_ssvs}, }; poptContext pctx; struct poptOption popts[] = { {"session", 's', POPT_ARG_NONE, NULL, 's', NULL, NULL}, {"system", 'S', POPT_ARG_NONE, NULL, 'S', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; memset(&err, 0, sizeof(err)); pctx = poptGetContext("tdbusm-check", argc, argv, popts, 0); if (pctx == NULL) { return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 's': bus = DBUS_BUS_SESSION; break; case 'S': bus = DBUS_BUS_SYSTEM; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } conn = dbus_bus_get(bus, NULL); if (conn == NULL) { printf("Error connecting to bus!\n"); return 1; } for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { msg = dbus_message_new_method_call(CM_DBUS_NAME, CM_DBUS_BASE_PATH, CM_DBUS_BASE_INTERFACE, "echo"); if (msg == NULL) { continue; } ret = (*(tests[i].set))(msg); if (ret != 0) { printf("Error encoding parameters for message %u.\n", i); continue; } ret = (*(tests[i].get))(msg, i); if (ret != 0) { printf("Error parsing parameters in message %u.\n", i); } } return 0; } certmonger-0.79.19/src/tdbusm.c0000644000175000017500000015464014511314133015675 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include "log.h" #include "tdbusm.h" #define N_(_text) _text static char empty_string[] = ""; static const char *empty_string_array[] = {NULL}; static struct cm_tdbusm_dict **cm_tdbusm_get_d_array(DBusMessageIter *array, void *parent); static struct cm_tdbusm_dict *cm_tdbusm_get_d_item(DBusMessageIter *item, void *parent); static struct cm_tdbusm_dict *cm_tdbusm_get_d_value(DBusMessageIter *item, void *parent, struct cm_tdbusm_dict *dict); static int cm_tdbusm_append_d(DBusMessage *msg, DBusMessageIter *args, const struct cm_tdbusm_dict **d); static int cm_tdbusm_append_d_value(DBusMessage *msg, DBusMessageIter *args, enum cm_tdbusm_dict_value_type value_type, const union cm_tdbusm_variant *value); static int cm_tdbusm_array_length(const char **array) { int i; for (i = 0; (array != NULL) && (array[i] != NULL); i++) { continue; } return i; } static char ** cm_tdbusm_take_dbus_string_array(void *parent, char **array, int len) { int i; char **ret; if (len == -1) { len = cm_tdbusm_array_length((const char **) array); } if (len > 0) { ret = talloc_zero_array(parent, char *, len + 1); if (ret != NULL) { for (i = 0; (array != NULL) && (i < len) && (array[i] != NULL); i++) { ret[i] = talloc_strdup(ret, array[i]); } ret[i] = NULL; } } else { ret = NULL; } if (array != NULL) { dbus_free_string_array(array); } return ret; } int cm_tdbusm_get_b(DBusMessage *msg, void *parent, dbus_bool_t *b) { DBusError err; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_BOOLEAN, b, DBUS_TYPE_INVALID)) { return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_n(DBusMessage *msg, void *parent, long *n) { DBusError err; int64_t i64; int32_t i32; uint32_t u32; int16_t i16; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_INT64, &i64, DBUS_TYPE_INVALID)) { *n = i64; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (dbus_message_get_args(msg, &err, DBUS_TYPE_INT32, &i32, DBUS_TYPE_INVALID)) { *n = i32; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (dbus_message_get_args(msg, &err, DBUS_TYPE_UINT32, &u32, DBUS_TYPE_INVALID)) { *n = u32; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (dbus_message_get_args(msg, &err, DBUS_TYPE_INT16, &i16, DBUS_TYPE_INVALID)) { *n = i16; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } } } } int cm_tdbusm_get_p(DBusMessage *msg, void *parent, char **p) { DBusError err; *p = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_OBJECT_PATH, p, DBUS_TYPE_INVALID)) { *p = *p ? talloc_strdup(parent, *p) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_vs(DBusMessage *msg, void *parent, char **s) { DBusError err; DBusMessageIter iter, sub_iter; *s = NULL; dbus_error_init(&err); if (dbus_message_iter_init(msg, &iter) == FALSE) { if (dbus_error_is_set(&err)) { cm_log(3, "DBus error: %s", err.message); dbus_error_free(&err); } else { cm_log(3, "Unknown DBus error."); } return -1; } if (dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_VARIANT) { dbus_message_iter_recurse(&iter, &sub_iter); if (dbus_message_iter_get_arg_type(&sub_iter) == DBUS_TYPE_STRING) { dbus_message_iter_get_basic(&sub_iter, s); *s = *s ? talloc_strdup(parent, *s) : NULL; return 0; } } if (dbus_error_is_set(&err)) { cm_log(3, "Failed to extract data from DBus message: %s", err.message); dbus_error_free(&err); } else { cm_log(3, "Failed to extract data from DBus message."); } *s = NULL; return -1; } int cm_tdbusm_get_vn(DBusMessage *msg, void *parent, long *n) { DBusError err; DBusMessageIter iter, sub_iter; int64_t *i64; dbus_error_init(&err); if (dbus_message_iter_init(msg, &iter) == FALSE) { if (dbus_error_is_set(&err)) { cm_log(3, "DBus error: %s", err.message); dbus_error_free(&err); } else { cm_log(3, "Unknown DBus error."); } return -1; } if (dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_VARIANT) { dbus_message_iter_recurse(&iter, &sub_iter); if (dbus_message_iter_get_arg_type(&sub_iter) == DBUS_TYPE_INT64) { dbus_message_iter_get_basic(&sub_iter, &i64); *n = i64; return 0; } } if (dbus_error_is_set(&err)) { cm_log(3, "Failed to extract data from DBus message: %s", err.message); dbus_error_free(&err); } else { cm_log(3, "Failed to extract data from DBus message."); } *n = 0; return -1; } int cm_tdbusm_get_s(DBusMessage *msg, void *parent, char **s) { DBusError err; *s = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_INVALID)) { *s = *s ? talloc_strdup(parent, *s) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_bp(DBusMessage *msg, void *parent, dbus_bool_t *b, char **p) { DBusError err; *p = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_BOOLEAN, b, DBUS_TYPE_OBJECT_PATH, p, DBUS_TYPE_INVALID)) { *p = *p ? talloc_strdup(parent, *p) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_bs(DBusMessage *msg, void *parent, dbus_bool_t *b, char **s) { DBusError err; *s = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_BOOLEAN, b, DBUS_TYPE_STRING, s, DBUS_TYPE_INVALID)) { *s = *s ? talloc_strdup(parent, *s) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_sb(DBusMessage *msg, void *parent, char **s, dbus_bool_t *b) { DBusError err; *s = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_BOOLEAN, b, DBUS_TYPE_INVALID)) { *s = *s ? talloc_strdup(parent, *s) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_sn(DBusMessage *msg, void *parent, char **s, long *n) { DBusError err; int64_t i64; int64_t i32; int64_t i16; *s = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_INT64, &i64, DBUS_TYPE_INVALID)) { *s = *s ? talloc_strdup(parent, *s) : NULL; *n = i64; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_INT32, &i32, DBUS_TYPE_INVALID)) { *s = *s ? talloc_strdup(parent, *s) : NULL; *n = i32; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_INT16, &i16, DBUS_TYPE_INVALID)) { *s = *s ? talloc_strdup(parent, *s) : NULL; *n = i16; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } } } int cm_tdbusm_get_ss(DBusMessage *msg, void *parent, char **s1, char **s2) { DBusError err; *s1 = NULL; *s2 = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_INVALID)) { *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ap(DBusMessage *msg, void *parent, char ***ap) { DBusError err; char **tmp; int i; *ap = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_ARRAY, DBUS_TYPE_OBJECT_PATH, &tmp, &i, DBUS_TYPE_INVALID)) { *ap = cm_tdbusm_take_dbus_string_array(parent, tmp, i); return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ass(DBusMessage *msg, void *parent, char ***ass) { DBusMessageIter args, array, element; const char *p, *q; char **ret, **tmp; int i = 0; ret = NULL; if (!dbus_message_iter_init(msg, &args)) { talloc_free(ret); return -1; } if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_ARRAY) { talloc_free(ret); return -1; } memset(&array, 0, sizeof(array)); dbus_message_iter_recurse(&args, &array); for (;;) { if (dbus_message_iter_get_arg_type(&array) != DBUS_TYPE_STRUCT) { talloc_free(ret); return -1; } dbus_message_iter_recurse(&array, &element); if (dbus_message_iter_get_arg_type(&element) != DBUS_TYPE_STRING) { talloc_free(ret); return -1; } p = NULL; dbus_message_iter_get_basic(&element, &p); if (!dbus_message_iter_has_next(&element) || !dbus_message_iter_next(&element) || (dbus_message_iter_get_arg_type(&element) != DBUS_TYPE_STRING)) { talloc_free(ret); return -1; } q = NULL; dbus_message_iter_get_basic(&element, &q); tmp = talloc_realloc(parent, ret, char *, i + 3); if (tmp == NULL) { talloc_free(ret); return -1; } ret = tmp; ret[i++] = talloc_strdup(ret, p); ret[i++] = talloc_strdup(ret, q); ret[i] = NULL; if (!dbus_message_iter_has_next(&array)) { break; } if (!dbus_message_iter_next(&array)) { talloc_free(ret); return -1; } } *ass = ret; return 0; } int cm_tdbusm_get_as(DBusMessage *msg, void *parent, char ***as) { DBusError err; char **tmp; int i; *as = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp, &i, DBUS_TYPE_INVALID)) { *as = cm_tdbusm_take_dbus_string_array(parent, tmp, i); return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_sss(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3) { DBusError err; *s1 = NULL; *s2 = NULL; *s3 = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INVALID)) { *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ssv(DBusMessage *msg, void *parent, char **s1, char **s2, enum cm_tdbusm_dict_value_type *type, union cm_tdbusm_variant *value) { DBusMessageIter iter; struct cm_tdbusm_dict *d; *s1 = NULL; *s2 = NULL; if (!dbus_message_iter_init(msg, &iter)) { return -1; } if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING) { return -1; } dbus_message_iter_get_basic(&iter, s1); if (!dbus_message_iter_has_next(&iter) || !dbus_message_iter_next(&iter)) { return -1; } d = cm_tdbusm_get_d_item(&iter, parent); if (d == NULL) { return -1; } *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = talloc_strdup(parent, d->key); *type = d->value_type; *value = d->value; return 0; } int cm_tdbusm_get_ssb(DBusMessage *msg, void *parent, char **s1, char **s2, dbus_bool_t *b) { DBusError err; *s1 = NULL; *s2 = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_BOOLEAN, b, DBUS_TYPE_INVALID)) { *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ssn(DBusMessage *msg, void *parent, char **s1, char **s2, long *l) { DBusError err; int64_t i64; int32_t i32; int16_t i16; *s1 = NULL; *s2 = NULL; dbus_error_init(&err); if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_INT64, &i64, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_INT32, &i32, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_INT16, &i16, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } i32 = i16; } i64 = i32; } *l = i64; *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; return 0; } int cm_tdbusm_get_ssss(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char **s4) { DBusError err; *s1 = NULL; *s2 = NULL; *s3 = NULL; *s4 = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_STRING, s4, DBUS_TYPE_INVALID)) { *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL; *s4 = *s4 ? talloc_strdup(parent, *s4) : NULL; return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ssosos(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char **s4) { int i; i = cm_tdbusm_get_ssss(msg, parent, s1, s2, s3, s4); if (i != 0) { *s4 = NULL; i = cm_tdbusm_get_sss(msg, parent, s1, s2, s3); if (i != 0) { *s3 = NULL; i = cm_tdbusm_get_ss(msg, parent, s1, s2); } } return i; } int cm_tdbusm_get_sososos(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char **s4) { int i; i = cm_tdbusm_get_ssss(msg, parent, s1, s2, s3, s4); if (i != 0) { *s4 = NULL; i = cm_tdbusm_get_sss(msg, parent, s1, s2, s3); if (i != 0) { *s3 = NULL; i = cm_tdbusm_get_ss(msg, parent, s1, s2); if (i != 0) { *s2 = NULL; i = cm_tdbusm_get_s(msg, parent, s1); } } } return i; } int cm_tdbusm_get_ssas(DBusMessage *msg, void *parent, char **s1, char **s2, char ***as) { DBusError err; char **tmp; int i; *s1 = NULL; *s2 = NULL; *as = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp, &i, DBUS_TYPE_INVALID)) { *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; *as = cm_tdbusm_take_dbus_string_array(parent, tmp, i); return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ssass(DBusMessage *msg, void *parent, char **s1, char **s2, char ***ass) { DBusMessageIter args, array, element; const char *p, *q, *r, *s; char **ret, **tmp; int i = 0; ret = NULL; if (!dbus_message_iter_init(msg, &args)) { return -1; } if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) { return -1; } dbus_message_iter_get_basic(&args, &p); if (!dbus_message_iter_has_next(&args) || !dbus_message_iter_next(&args) || (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING)) { return -1; } dbus_message_iter_get_basic(&args, &q); if (!dbus_message_iter_has_next(&args) || !dbus_message_iter_next(&args) || (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_ARRAY)) { return -1; } memset(&array, 0, sizeof(array)); dbus_message_iter_recurse(&args, &array); for (;;) { if (dbus_message_iter_get_arg_type(&array) != DBUS_TYPE_STRUCT) { talloc_free(ret); return -1; } dbus_message_iter_recurse(&array, &element); if (dbus_message_iter_get_arg_type(&element) != DBUS_TYPE_STRING) { talloc_free(ret); return -1; } r = NULL; dbus_message_iter_get_basic(&element, &r); if (!dbus_message_iter_has_next(&element) || !dbus_message_iter_next(&element) || (dbus_message_iter_get_arg_type(&element) != DBUS_TYPE_STRING)) { talloc_free(ret); return -1; } s = NULL; dbus_message_iter_get_basic(&element, &s); tmp = talloc_realloc(parent, ret, char *, i + 3); if (tmp == NULL) { talloc_free(ret); return -1; } ret = tmp; ret[i++] = talloc_strdup(ret, r); ret[i++] = talloc_strdup(ret, s); ret[i] = NULL; if (!dbus_message_iter_has_next(&array)) { break; } if (!dbus_message_iter_next(&array)) { talloc_free(ret); return -1; } } *s1 = talloc_strdup(parent, p); *s2 = talloc_strdup(parent, q); *ass = ret; return 0; } int cm_tdbusm_get_sssas(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char ***as) { DBusError err; char **tmp; int i; *s1 = NULL; *s2 = NULL; *s3 = NULL; *as = NULL; dbus_error_init(&err); if (dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp, &i, DBUS_TYPE_INVALID)) { *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL; *as = cm_tdbusm_take_dbus_string_array(parent, tmp, i); return 0; } else { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } } int cm_tdbusm_get_ssoas(DBusMessage *msg, void *parent, char **s1, char **s2, char ***as) { int i; i = cm_tdbusm_get_ssas(msg, parent, s1, s2, as); if (i != 0) { *as = NULL; i = cm_tdbusm_get_ss(msg, parent, s1, s2); if (i != 0) { *s2 = NULL; i = cm_tdbusm_get_s(msg, parent, s1); } } return i; } int cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, long *n1, char ***as1, char ***as2, char ***as3, long *n2, char ***as4) { DBusError err; char **tmp1, **tmp2, **tmp3, **tmp4; int64_t i641, i642; int32_t i321, i322; int16_t i161, i162; int i, j, k, l; *s1 = NULL; *s2 = NULL; *s3 = NULL; *as1 = NULL; *as2 = NULL; *as3 = NULL; *as4 = NULL; dbus_error_init(&err); if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INT64, &i641, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT64, &i642, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INT32, &i321, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT32, &i322, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INT16, &i161, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT16, &i162, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } i321 = i161; i322 = i162; } i641 = i321; i642 = i322; } *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL; *n1 = i641; *n2 = i642; *as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i); *as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j); *as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k); *as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l); return 0; } int cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, long *n1, char ***as1, char ***as2, char ***as3, long *n2, char ***as4, long *n3) { DBusError err; char **tmp1, **tmp2, **tmp3, **tmp4; int64_t i641, i642, i643; int32_t i321, i322, i323; int16_t i161, i162, i163; int i, j, k, l; *s1 = NULL; *s2 = NULL; *s3 = NULL; *as1 = NULL; *as2 = NULL; *as3 = NULL; *as4 = NULL; dbus_error_init(&err); if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INT64, &i641, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT64, &i642, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INT64, &i643, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INT32, &i321, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT32, &i322, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INT32, &i323, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s1, DBUS_TYPE_STRING, s2, DBUS_TYPE_STRING, s3, DBUS_TYPE_INT16, &i161, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT16, &i162, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INT16, &i163, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } i321 = i161; i322 = i162; i323 = i163; } i641 = i321; i642 = i322; i643 = i323; } *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL; *n1 = i641; *n2 = i642; *n3 = i643; *as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i); *as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j); *as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k); *as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l); return 0; } int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s, char ***as1, char ***as2, char ***as3, long *n, char ***as4) { DBusError err; char **tmp1, **tmp2, **tmp3, **tmp4; int64_t i64; int32_t i32; int16_t i16; int i, j, k, l; *s = NULL; *as1 = NULL; *as2 = NULL; *as3 = NULL; *as4 = NULL; dbus_error_init(&err); if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT64, &i64, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT32, &i32, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } if (!dbus_message_get_args(msg, &err, DBUS_TYPE_STRING, s, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, DBUS_TYPE_INT16, &i16, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, DBUS_TYPE_INVALID)) { if (dbus_error_is_set(&err)) { dbus_error_free(&err); dbus_error_init(&err); } return -1; } i32 = i16; } i64 = i32; } *s = *s ? talloc_strdup(parent, *s) : NULL; *as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i); *as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j); *as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k); *n = i64; *as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l); return 0; } static struct cm_tdbusm_dict * cm_tdbusm_get_d_value(DBusMessageIter *item, void *parent, struct cm_tdbusm_dict *dict) { struct cm_tdbusm_dict **dicts; char *s, **as, **ass; int64_t i64; int32_t i32; int16_t i16; int n_values; DBusMessageIter value, sval, fields; /* Pull out a variant. */ switch (dbus_message_iter_get_arg_type(item)) { case DBUS_TYPE_VARIANT: memset(&value, 0, sizeof(value)); dbus_message_iter_recurse(item, &value); switch (dbus_message_iter_get_arg_type(&value)) { /* The variant value can be a boolean. */ case DBUS_TYPE_BOOLEAN: dict->value_type = cm_tdbusm_dict_b; dbus_message_iter_get_basic(&value, &dict->value.b); break; /* It can be a path. */ case DBUS_TYPE_OBJECT_PATH: dict->value_type = cm_tdbusm_dict_p; dbus_message_iter_get_basic(&value, &s); dict->value.s = talloc_strdup(dict, s); break; /* It can be a string. */ case DBUS_TYPE_STRING: dict->value_type = cm_tdbusm_dict_s; dbus_message_iter_get_basic(&value, &s); dict->value.s = talloc_strdup(dict, s); break; /* It can be an integer type. */ case DBUS_TYPE_INT16: dict->value_type = cm_tdbusm_dict_n; dbus_message_iter_get_basic(&value, &i16); dict->value.n = i16; break; case DBUS_TYPE_INT32: dict->value_type = cm_tdbusm_dict_n; dbus_message_iter_get_basic(&value, &i32); dict->value.n = i32; break; case DBUS_TYPE_INT64: dict->value_type = cm_tdbusm_dict_n; dbus_message_iter_get_basic(&value, &i64); dict->value.n = i64; break; /* It can be an array of strings. */ case DBUS_TYPE_ARRAY: memset(&sval, 0, sizeof(sval)); dbus_message_iter_recurse(&value, &sval); as = NULL; ass = NULL; n_values = 0; for (;;) { /* This had better be a string or a struct * containing two strings. */ switch (dbus_message_iter_get_arg_type(&sval)) { case DBUS_TYPE_STRING: dict->value_type = cm_tdbusm_dict_as; dbus_message_iter_get_basic(&sval, &s); as = talloc_realloc(dict, as, char *, n_values + 2); if (as == NULL) { talloc_free(dict); return NULL; } as[n_values] = talloc_strdup(as, s); if (as[n_values] == NULL) { talloc_free(dict); return NULL; } n_values++; as[n_values] = NULL; dict->value.as = as; break; case DBUS_TYPE_STRUCT: dict->value_type = cm_tdbusm_dict_ass; dbus_message_iter_recurse(&sval, &fields); if (dbus_message_iter_get_arg_type(&fields) != DBUS_TYPE_STRING) { talloc_free(dict); return NULL; } ass = talloc_realloc(dict, ass, char *, n_values + 3); if (ass == NULL) { talloc_free(dict); return NULL; } dbus_message_iter_get_basic(&fields, &s); ass[n_values] = talloc_strdup(ass, s); if (!dbus_message_iter_has_next(&fields) || (dbus_message_iter_get_arg_type(&fields) != DBUS_TYPE_STRING) || !dbus_message_iter_next(&fields)) { talloc_free(dict); return NULL; } dbus_message_iter_get_basic(&fields, &s); ass[n_values + 1] = talloc_strdup(ass, s); n_values += 2; ass[n_values] = NULL; dict->value.ass = ass; break; case DBUS_TYPE_DICT_ENTRY: dict->value_type = cm_tdbusm_dict_d; dicts = cm_tdbusm_get_d_array(&sval, dict); dict->value.d = (const struct cm_tdbusm_dict **) dicts; break; case DBUS_TYPE_INVALID: dict->value_type = cm_tdbusm_dict_invalid; memset(&dict->value, 0, sizeof(dict->value)); break; default: cm_log(6, "Unexpected array member type %c (%d)\n", dbus_message_iter_get_arg_type(&sval), dbus_message_iter_get_arg_type(&sval)); talloc_free(dict); return NULL; break; } /* Move on to the next element. */ if (dbus_message_iter_has_next(&sval)) { if (!dbus_message_iter_next(&sval)) { talloc_free(dict); return NULL; } } else { /* Out of elements. */ break; } } break; default: /* It had better not be something else. */ talloc_free(dict); return NULL; break; } break; default: talloc_free(dict); return NULL; break; } return dict; } static struct cm_tdbusm_dict * cm_tdbusm_get_d_item(DBusMessageIter *item, void *parent) { struct cm_tdbusm_dict *dict; char *s; dict = talloc_ptrtype(parent, dict); if (dict == NULL) { return NULL; } memset(dict, 0, sizeof(*dict)); /* Pull out a string. */ switch (dbus_message_iter_get_arg_type(item)) { case DBUS_TYPE_STRING: dbus_message_iter_get_basic(item, &s); dict->key = talloc_strdup(dict, s); break; default: talloc_free(dict); return NULL; break; } if (!dbus_message_iter_has_next(item) || !dbus_message_iter_next(item)) { talloc_free(dict); return NULL; } /* Pull out the corresponding value, whatever it is. */ return cm_tdbusm_get_d_value(item, parent, dict); } static struct cm_tdbusm_dict ** cm_tdbusm_get_d_array(DBusMessageIter *array, void *parent) { struct cm_tdbusm_dict *ditem, **dict, **tmp; int n_items; DBusMessageIter item; dict = NULL; n_items = 0; for (;;) { /* We'd better be walking a list of dictionary entries. */ switch (dbus_message_iter_get_arg_type(array)) { case DBUS_TYPE_DICT_ENTRY: /* Found a dictionary entry. */ memset(&item, 0, sizeof(item)); dbus_message_iter_recurse(array, &item); ditem = cm_tdbusm_get_d_item(&item, parent); if (ditem == NULL) { talloc_free(dict); return NULL; } tmp = talloc_realloc(parent, dict, struct cm_tdbusm_dict *, n_items + 2); if (tmp != NULL) { tmp[n_items] = ditem; n_items++; tmp[n_items] = NULL; dict = tmp; } break; default: /* Found... something else. */ talloc_free(dict); return NULL; break; } if (dbus_message_iter_has_next(array)) { if (!dbus_message_iter_next(array)) { talloc_free(dict); return NULL; } } else { break; } } return dict; } int cm_tdbusm_get_d(DBusMessage *msg, void *parent, struct cm_tdbusm_dict ***d) { struct cm_tdbusm_dict **tdicts, **dicts, **tmp; DBusMessageIter args, array; int i, n_dicts; *d = NULL; dicts = NULL; n_dicts = 0; memset(&args, 0, sizeof(args)); if (dbus_message_iter_init(msg, &args)) { for (;;) { switch (dbus_message_iter_get_arg_type(&args)) { case DBUS_TYPE_ARRAY: memset(&array, 0, sizeof(array)); dbus_message_iter_recurse(&args, &array); tdicts = cm_tdbusm_get_d_array(&array, parent); if (tdicts == NULL) { talloc_free(dicts); return -1; } for (i = 0; tdicts[i] != NULL; i++) { continue; } tmp = talloc_realloc(parent, dicts, struct cm_tdbusm_dict *, n_dicts + i + 1); if (tmp != NULL) { memcpy(tmp + n_dicts, tdicts, i * sizeof(tdicts[0])); n_dicts += i; tmp[n_dicts] = NULL; dicts = tmp; } else { talloc_free(tdicts); talloc_free(dicts); return -1; } break; default: talloc_free(dicts); return -1; break; } if (dbus_message_iter_has_next(&args)) { if (!dbus_message_iter_next(&args)) { talloc_free(dicts); return -1; } } else { break; } } *d = dicts; return 0; } return -1; } int cm_tdbusm_get_sd(DBusMessage *msg, void *parent, char **s, struct cm_tdbusm_dict ***d) { struct cm_tdbusm_dict **tdicts, **dicts, **tmp; DBusMessageIter args, array; int i, n_dicts; *d = NULL; dicts = NULL; n_dicts = 0; memset(&args, 0, sizeof(args)); if (dbus_message_iter_init(msg, &args)) { if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) { return -1; } dbus_message_iter_get_basic(&args, s); if (*s == NULL) { return -1; } *s = talloc_strdup(parent, *s); if (!dbus_message_iter_has_next(&args) || !dbus_message_iter_next(&args)) { return -1; } if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_ARRAY) { return -1; } memset(&array, 0, sizeof(array)); dbus_message_iter_recurse(&args, &array); tdicts = cm_tdbusm_get_d_array(&array, parent); if (tdicts != NULL) { for (i = 0; tdicts[i] != NULL; i++) { continue; } tmp = talloc_realloc(parent, dicts, struct cm_tdbusm_dict *, n_dicts + i + 1); if (tmp != NULL) { memcpy(tmp + n_dicts, tdicts, i * sizeof(tdicts[0])); n_dicts += i; tmp[n_dicts] = NULL; dicts = tmp; } else { talloc_free(tdicts); talloc_free(dicts); return -1; } } if (dbus_message_iter_has_next(&args)) { if (!dbus_message_iter_next(&args)) { talloc_free(dicts); return -1; } } *d = dicts; return 0; } return -1; } int cm_tdbusm_set_b(DBusMessage *msg, dbus_bool_t b) { if (dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &b, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_n(DBusMessage *msg, long n) { int64_t i = n; if (dbus_message_append_args(msg, DBUS_TYPE_INT64, &i, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_p(DBusMessage *msg, const char *p) { if (dbus_message_append_args(msg, DBUS_TYPE_OBJECT_PATH, &p, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_s(DBusMessage *msg, const char *s) { if (s == NULL) { s = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_bs(DBusMessage *msg, dbus_bool_t b, const char *s) { if (s == NULL) { s = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &b, DBUS_TYPE_STRING, &s, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_bp(DBusMessage *msg, dbus_bool_t b, const char *p) { if (dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &b, DBUS_TYPE_OBJECT_PATH, &p, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_sb(DBusMessage *msg, const char *s, dbus_bool_t b) { if (s == NULL) { s = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s, DBUS_TYPE_BOOLEAN, &b, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_sn(DBusMessage *msg, const char *s, long n) { int64_t i = n; if (s == NULL) { s = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s, DBUS_TYPE_INT64, &i, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ss(DBusMessage *msg, const char *s1, const char *s2) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ssb(DBusMessage *msg, const char *s1, const char *s2, dbus_bool_t b) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_BOOLEAN, &b, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ssn(DBusMessage *msg, const char *s1, const char *s2, long n) { int64_t i = n; if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_INT64, &i, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ap(DBusMessage *msg, const char **ap) { if (dbus_message_append_args(msg, DBUS_TYPE_ARRAY, DBUS_TYPE_OBJECT_PATH, &ap, cm_tdbusm_array_length(ap), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_as(DBusMessage *msg, const char **as) { if (as == NULL) { as = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as, cm_tdbusm_array_length(as), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ass(DBusMessage *msg, const char **ss) { DBusMessageIter args, array, entry; const char *p; int i; memset(&args, 0, sizeof(args)); dbus_message_iter_init_append(msg, &args); memset(&array, 0, sizeof(array)); dbus_message_iter_open_container(&args, DBUS_TYPE_ARRAY, DBUS_STRUCT_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_STRUCT_END_CHAR_AS_STRING, &array); for (i = 0; (ss != NULL) && (ss[i] != NULL) && (ss[i + 1] != NULL); i += 2) { memset(&entry, 0, sizeof(entry)); dbus_message_iter_open_container(&array, DBUS_TYPE_STRUCT, NULL, &entry); p = ss[i]; dbus_message_iter_append_basic(&entry, DBUS_TYPE_STRING, &p); p = ss[i + 1]; dbus_message_iter_append_basic(&entry, DBUS_TYPE_STRING, &p); dbus_message_iter_close_container(&array, &entry); } dbus_message_iter_close_container(&args, &array); return (i > 0) ? 0 : -1; } int cm_tdbusm_set_sss(DBusMessage *msg, const char *s1, const char *s2, const char *s3) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (s3 == NULL) { s3 = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_STRING, &s3, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ssvs(DBusMessage *msg, const char *s1, const char *s2, const char *s3) { DBusMessageIter args; union cm_tdbusm_variant v; char *p; memset(&args, 0, sizeof(args)); dbus_message_iter_init_append(msg, &args); dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &s1); dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &s2); p = strdup(s3); memset(&v, 0, sizeof(v)); v.s = p; cm_tdbusm_append_d_value(msg, &args, cm_tdbusm_dict_s, &v); free(p); return 0; } int cm_tdbusm_set_ssss(DBusMessage *msg, const char *s1, const char *s2, const char *s3, const char *s4) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (s3 == NULL) { s3 = empty_string; } if (s4 == NULL) { s4 = empty_string; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_STRING, &s3, DBUS_TYPE_STRING, &s4, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ssas(DBusMessage *msg, const char *s1, const char *s2, const char **as) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (as == NULL) { as = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as, cm_tdbusm_array_length(as), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_ssass(DBusMessage *msg, const char *s1, const char *s2, const char **ass) { DBusMessageIter args, elt, fields; int i; memset(&args, 0, sizeof(args)); if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (ass == NULL) { ass = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_INVALID)) { dbus_message_iter_init_append(msg, &args); dbus_message_iter_open_container(&args, DBUS_TYPE_ARRAY, DBUS_STRUCT_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_STRUCT_END_CHAR_AS_STRING, &elt); for (i = 0; (ass != NULL) && (ass[i] != NULL) && (ass[i + 1] != NULL); i += 2) { dbus_message_iter_open_container(&elt, DBUS_TYPE_STRUCT, NULL, &fields); dbus_message_iter_append_basic(&fields, DBUS_TYPE_STRING, &ass[i]); dbus_message_iter_append_basic(&fields, DBUS_TYPE_STRING, &ass[i + 1]); dbus_message_iter_close_container(&elt, &fields); } dbus_message_iter_close_container(&args, &elt); return 0; } else { return -1; } } int cm_tdbusm_set_ssoas(DBusMessage *msg, const char *s1, const char *s2, const char **as) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (as == NULL) { as = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as, cm_tdbusm_array_length(as), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_sssas(DBusMessage *msg, const char *s1, const char *s2, const char *s3, const char **as) { if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (s3 == NULL) { s3 = empty_string; } if (as == NULL) { as = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_STRING, &s3, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as, cm_tdbusm_array_length(as), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_sssnasasasnas(DBusMessage *msg, const char *s1, const char *s2, const char *s3, long n1, const char **as1, const char **as2, const char **as3, long n2, const char **as4) { int64_t i1 = n1, i2 = n2; if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (s3 == NULL) { s3 = empty_string; } if (as1 == NULL) { as1 = empty_string_array; } if (as2 == NULL) { as2 = empty_string_array; } if (as3 == NULL) { as3 = empty_string_array; } if (as4 == NULL) { as4 = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_STRING, &s3, DBUS_TYPE_INT64, &i1, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as1, cm_tdbusm_array_length(as1), DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as2, cm_tdbusm_array_length(as2), DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as3, cm_tdbusm_array_length(as3), DBUS_TYPE_INT64, &i2, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as4, cm_tdbusm_array_length(as4), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg, const char *s1, const char *s2, const char *s3, long n1, const char **as1, const char **as2, const char **as3, long n2, const char **as4, long n3) { int64_t i1 = n1, i2 = n2, i3 = n3; if (s1 == NULL) { s1 = empty_string; } if (s2 == NULL) { s2 = empty_string; } if (s3 == NULL) { s3 = empty_string; } if (as1 == NULL) { as1 = empty_string_array; } if (as2 == NULL) { as2 = empty_string_array; } if (as3 == NULL) { as3 = empty_string_array; } if (as4 == NULL) { as4 = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s1, DBUS_TYPE_STRING, &s2, DBUS_TYPE_STRING, &s3, DBUS_TYPE_INT64, &i1, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as1, cm_tdbusm_array_length(as1), DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as2, cm_tdbusm_array_length(as2), DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as3, cm_tdbusm_array_length(as3), DBUS_TYPE_INT64, &i2, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as4, cm_tdbusm_array_length(as4), DBUS_TYPE_INT64, &i3, DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } int cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s, const char **as1, const char **as2, const char **as3, long n, const char **as4) { int64_t i = n; if (s == NULL) { s = empty_string; } if (as1 == NULL) { as1 = empty_string_array; } if (as2 == NULL) { as2 = empty_string_array; } if (as3 == NULL) { as3 = empty_string_array; } if (as4 == NULL) { as4 = empty_string_array; } if (dbus_message_append_args(msg, DBUS_TYPE_STRING, &s, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as1, cm_tdbusm_array_length(as1), DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as2, cm_tdbusm_array_length(as2), DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as3, cm_tdbusm_array_length(as3), DBUS_TYPE_INT64, &i, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &as4, cm_tdbusm_array_length(as4), DBUS_TYPE_INVALID)) { return 0; } else { return -1; } } static int cm_tdbusm_append_d_value(DBusMessage *msg, DBusMessageIter *args, enum cm_tdbusm_dict_value_type value_type, const union cm_tdbusm_variant *value) { DBusMessageIter val, elt, fields; int subs = 0; int64_t l; memset(&val, 0, sizeof(val)); switch (value_type) { case cm_tdbusm_dict_invalid: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_INVALID_AS_STRING, &val); dbus_message_iter_append_basic(&val, DBUS_TYPE_INVALID, NULL); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_b: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_BOOLEAN_AS_STRING, &val); dbus_message_iter_append_basic(&val, DBUS_TYPE_BOOLEAN, &value->b); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_n: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_INT64_AS_STRING, &val); l = value->n; dbus_message_iter_append_basic(&val, DBUS_TYPE_INT64, &l); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_p: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_OBJECT_PATH_AS_STRING, &val); dbus_message_iter_append_basic(&val, DBUS_TYPE_OBJECT_PATH, &value->s); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_s: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_STRING_AS_STRING, &val); dbus_message_iter_append_basic(&val, DBUS_TYPE_STRING, &value->s); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_as: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, &val); memset(&elt, 0, sizeof(elt)); dbus_message_iter_open_container(&val, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING_AS_STRING, &elt); for (l = 0; (value->as != NULL) && (value->as[l] != NULL); l++) { dbus_message_iter_append_basic(&elt, DBUS_TYPE_STRING, &value->as[l]); } dbus_message_iter_close_container(&val, &elt); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_ass: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_ARRAY_AS_STRING DBUS_STRUCT_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_STRUCT_END_CHAR_AS_STRING, &val); memset(&elt, 0, sizeof(elt)); dbus_message_iter_open_container(&val, DBUS_TYPE_ARRAY, DBUS_STRUCT_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_STRUCT_END_CHAR_AS_STRING, &elt); for (l = 0; (value->ass != NULL) && (value->ass[l] != NULL) && (value->ass[l + 1] != NULL); l += 2) { memset(&fields, 0, sizeof(fields)); dbus_message_iter_open_container(&elt, DBUS_TYPE_STRUCT, NULL, &fields); dbus_message_iter_append_basic(&fields, DBUS_TYPE_STRING, &value->ass[l]); dbus_message_iter_append_basic(&fields, DBUS_TYPE_STRING, &value->ass[l + 1]); dbus_message_iter_close_container(&elt, &fields); } dbus_message_iter_close_container(&val, &elt); dbus_message_iter_close_container(args, &val); break; case cm_tdbusm_dict_d: dbus_message_iter_open_container(args, DBUS_TYPE_VARIANT, DBUS_TYPE_ARRAY_AS_STRING DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_VARIANT_AS_STRING DBUS_DICT_ENTRY_END_CHAR_AS_STRING, &val); subs += cm_tdbusm_append_d(msg, &val, (const struct cm_tdbusm_dict **) value->d); dbus_message_iter_close_container(args, &val); break; } return subs; } static int cm_tdbusm_append_d_item(DBusMessage *msg, DBusMessageIter *args, const struct cm_tdbusm_dict *d) { DBusMessageIter entry; int subs = 0; memset(&entry, 0, sizeof(entry)); dbus_message_iter_open_container(args, DBUS_TYPE_DICT_ENTRY, NULL, &entry); dbus_message_iter_append_basic(&entry, DBUS_TYPE_STRING, &d->key); subs = cm_tdbusm_append_d_value(msg, &entry, d->value_type, &d->value); dbus_message_iter_close_container(args, &entry); return subs; } static int cm_tdbusm_append_d(DBusMessage *msg, DBusMessageIter *args, const struct cm_tdbusm_dict **d) { DBusMessageIter array; int i, subs = 0; memset(&array, 0, sizeof(array)); dbus_message_iter_open_container(args, DBUS_TYPE_ARRAY, DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_VARIANT_AS_STRING DBUS_DICT_ENTRY_END_CHAR_AS_STRING, &array); for (i = 0; (d != NULL) && (d[i] != NULL); i++) { subs += cm_tdbusm_append_d_item(msg, &array, d[i]); } dbus_message_iter_close_container(args, &array); return i + subs; } static int cm_tdbusm_set_osd(DBusMessage *msg, const char *s, const struct cm_tdbusm_dict **d) { DBusMessageIter args; int i; memset(&args, 0, sizeof(args)); dbus_message_iter_init_append(msg, &args); if (s != NULL) { dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &s); } i = cm_tdbusm_append_d(msg, &args, d); return (i > 0) ? 0 : -1; } int cm_tdbusm_set_d(DBusMessage *msg, const struct cm_tdbusm_dict **d) { return cm_tdbusm_set_osd(msg, NULL, d); } int cm_tdbusm_set_v(DBusMessage *msg, enum cm_tdbusm_dict_value_type value_type, const union cm_tdbusm_variant *value) { DBusMessageIter args; int i = 0; memset(&args, 0, sizeof(args)); dbus_message_iter_init_append(msg, &args); if (value != NULL) { i = cm_tdbusm_append_d_value(msg, &args, value_type, value); } return (i > 0) ? 0 : -1; } int cm_tdbusm_set_sd(DBusMessage *msg, const char *s, const struct cm_tdbusm_dict **d) { if (s == NULL) { return -1; } return cm_tdbusm_set_osd(msg, s, d); } struct cm_tdbusm_dict * cm_tdbusm_find_dict_entry(struct cm_tdbusm_dict **d, const char *key, enum cm_tdbusm_dict_value_type value_type) { int i; struct cm_tdbusm_dict *ret; ret = NULL; for (i = 0; (d != NULL) && (d[i] != NULL); i++) { if ((value_type == d[i]->value_type) && (strcasecmp(key, d[i]->key) == 0)) { ret = d[i]; } if ((value_type == cm_tdbusm_dict_p) && (d[i]->value_type == cm_tdbusm_dict_s) && (strcasecmp(key, d[i]->key) == 0)) { ret = d[i]; } if ((value_type == cm_tdbusm_dict_s) && (d[i]->value_type == cm_tdbusm_dict_p) && (strcasecmp(key, d[i]->key) == 0)) { ret = d[i]; } } return ret; } char * cm_tdbusm_hint(void *parent, const char *error, const char *message) { char *text = NULL; if (error == NULL) { return NULL; } if (strcmp(error, DBUS_ERROR_ACCESS_DENIED) == 0) { text = N_("Insufficient access. Please retry operation as root.\n"); } else if ((strcmp(error, DBUS_ERROR_NAME_HAS_NO_OWNER) == 0) || (strcmp(error, DBUS_ERROR_SERVICE_UNKNOWN) == 0)) { text = N_("Please verify that the certmonger service has been started.\n"); } else if (strcmp(error, DBUS_ERROR_NO_REPLY) == 0) { text = N_("Please verify that the certmonger service is still running.\n"); } else if (strcmp(error, DBUS_ERROR_NO_SERVER) == 0) { text = N_("Please verify that the message bus (D-Bus) service is running.\n"); } return text; } certmonger-0.79.19/src/tdbusm.h0000644000175000017500000001527414511314133015701 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmtdbusm_h #define cmtdbusm_h int cm_tdbusm_get_b(DBusMessage *msg, void *parent, dbus_bool_t *b); int cm_tdbusm_get_n(DBusMessage *msg, void *parent, long *n); int cm_tdbusm_get_p(DBusMessage *msg, void *parent, char **p); int cm_tdbusm_get_s(DBusMessage *msg, void *parent, char **s); int cm_tdbusm_get_vs(DBusMessage *msg, void *parent, char **s); int cm_tdbusm_get_vn(DBusMessage *msg, void *parent, long *n); int cm_tdbusm_get_bp(DBusMessage *msg, void *parent, dbus_bool_t *b, char **p); int cm_tdbusm_get_bs(DBusMessage *msg, void *parent, dbus_bool_t *b, char **s); int cm_tdbusm_get_sb(DBusMessage *msg, void *parent, char **s, dbus_bool_t *b); int cm_tdbusm_get_sn(DBusMessage *msg, void *parent, char **s, long *n); int cm_tdbusm_get_ss(DBusMessage *msg, void *parent, char **s1, char **s2); int cm_tdbusm_get_ap(DBusMessage *msg, void *parent, char ***ap); int cm_tdbusm_get_as(DBusMessage *msg, void *parent, char ***as); int cm_tdbusm_get_ass(DBusMessage *msg, void *parent, char ***ass); int cm_tdbusm_get_sss(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3); int cm_tdbusm_get_ssb(DBusMessage *msg, void *parent, char **s1, char **s2, dbus_bool_t *b); int cm_tdbusm_get_ssn(DBusMessage *msg, void *parent, char **s1, char **s2, long *n); int cm_tdbusm_get_ssas(DBusMessage *msg, void *parent, char **s1, char **s2, char ***as); int cm_tdbusm_get_ssass(DBusMessage *msg, void *parent, char **s1, char **s2, char ***ass); int cm_tdbusm_get_ssss(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char **s4); int cm_tdbusm_get_ssosos(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char **s4); int cm_tdbusm_get_sososos(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char **s4); int cm_tdbusm_get_ssoas(DBusMessage *msg, void *parent, char **s1, char **s2, char ***as); int cm_tdbusm_get_sssas(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, char ***as); int cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, long *n1, char ***as1, char ***as2, char ***as3, long *n2, char ***as4); int cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, long *n1, char ***as1, char ***as2, char ***as3, long *n2, char ***as4, long *n3); int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s, char ***as1, char ***as2, char ***as3, long *n, char ***as4); struct cm_tdbusm_dict { char *key; enum cm_tdbusm_dict_value_type { cm_tdbusm_dict_invalid, cm_tdbusm_dict_s, cm_tdbusm_dict_p, cm_tdbusm_dict_as, cm_tdbusm_dict_ass, cm_tdbusm_dict_n, cm_tdbusm_dict_b, cm_tdbusm_dict_d, } value_type; union cm_tdbusm_variant { char *s; char **as; char **ass; long n; dbus_bool_t b; const struct cm_tdbusm_dict **d; } value; }; int cm_tdbusm_get_d(DBusMessage *msg, void *parent, struct cm_tdbusm_dict ***d); int cm_tdbusm_get_sd(DBusMessage *msg, void *parent, char **s, struct cm_tdbusm_dict ***d); int cm_tdbusm_set_b(DBusMessage *msg, dbus_bool_t b); int cm_tdbusm_set_n(DBusMessage *msg, long n); int cm_tdbusm_set_p(DBusMessage *msg, const char *p); int cm_tdbusm_set_s(DBusMessage *msg, const char *s); int cm_tdbusm_set_bp(DBusMessage *msg, dbus_bool_t b, const char *p); int cm_tdbusm_set_bs(DBusMessage *msg, dbus_bool_t b, const char *s); int cm_tdbusm_set_sb(DBusMessage *msg, const char *s, dbus_bool_t b); int cm_tdbusm_set_sn(DBusMessage *msg, const char *s, long n); int cm_tdbusm_set_ss(DBusMessage *msg, const char *s1, const char *s2); int cm_tdbusm_set_ap(DBusMessage *msg, const char **p); int cm_tdbusm_set_as(DBusMessage *msg, const char **s); int cm_tdbusm_set_ass(DBusMessage *msg, const char **ss); int cm_tdbusm_set_sss(DBusMessage *msg, const char *s1, const char *s2, const char *s3); int cm_tdbusm_get_ssv(DBusMessage *msg, void *parent, char **s1, char **s2, enum cm_tdbusm_dict_value_type *type, union cm_tdbusm_variant *value); int cm_tdbusm_set_ssb(DBusMessage *msg, const char *s1, const char *s2, dbus_bool_t b); int cm_tdbusm_set_ssn(DBusMessage *msg, const char *s1, const char *s2, long n); int cm_tdbusm_set_ssas(DBusMessage *msg, const char *s1, const char *s2, const char **as); int cm_tdbusm_set_ssass(DBusMessage *msg, const char *s1, const char *s2, const char **ass); int cm_tdbusm_set_ssss(DBusMessage *msg, const char *s1, const char *s2, const char *s3, const char *s4); int cm_tdbusm_set_ssvs(DBusMessage *msg, const char *s1, const char *s2, const char *s3); int cm_tdbusm_set_ssoas(DBusMessage *msg, const char *s1, const char *s2, const char **as); int cm_tdbusm_set_sssas(DBusMessage *msg, const char *s1, const char *s2, const char *s3, const char **as); int cm_tdbusm_set_sssnasasasnas(DBusMessage *msg, const char *s1, const char *s2, const char *s3, long n1, const char **as1, const char **as2, const char **as3, long n2, const char **as4); int cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg, const char *s1, const char *s2, const char *s3, long n1, const char **as1, const char **as2, const char **as3, long n2, const char **as4, long n3); int cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s, const char **as1, const char **as2, const char **as3, long n, const char **as4); int cm_tdbusm_set_d(DBusMessage *msg, const struct cm_tdbusm_dict **d); int cm_tdbusm_set_v(DBusMessage *msg, enum cm_tdbusm_dict_value_type value_type, const union cm_tdbusm_variant *value); int cm_tdbusm_set_sd(DBusMessage *msg, const char *s, const struct cm_tdbusm_dict **d); struct cm_tdbusm_dict *cm_tdbusm_find_dict_entry(struct cm_tdbusm_dict **d, const char *key, enum cm_tdbusm_dict_value_type value_type); char *cm_tdbusm_hint(void *parent, const char *error, const char *message); #endif certmonger-0.79.19/src/tm.c0000644000175000017500000000144414511314133015010 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include "tm.h" time_t cm_time(time_t *dest) { return time(dest); } certmonger-0.79.19/src/tm.h0000644000175000017500000000137314511314133015016 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef cmtm_h #define cmtm_h time_t cm_time(time_t *dest); #endif certmonger-0.79.19/src/toklist.c0000644000175000017500000000725314511314133016065 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" int main(int argc, const char **argv) { NSSInitContext *ctx; PLArenaPool *arena; PK11SlotList *slotlist; PK11SlotListElement *sle; CK_MECHANISM_TYPE mech; int imech = 0; CK_TOKEN_INFO info; char *dbdir = "/etc/pki/nssdb", *token; int c; poptContext pctx; struct poptOption popts[] = { {"dbdir", 'd', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &dbdir, 0, "NSS database", "DIRECTORY"}, {"mech", 'm', POPT_ARG_INT, &imech, 0, NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("toklist", argc, argv, popts, 0); if (pctx == NULL) { return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { continue; } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } if (dbdir == NULL) { poptPrintUsage(pctx, stdout, 0); return 1; } mech = imech; printf("Mechanism %ld:\n", (long) mech); /* Open the database. */ ctx = NSS_InitContext(dbdir, NULL, NULL, NULL, NULL, NSS_INIT_NOROOTINIT); if (ctx == NULL) { printf("Unable to open NSS database '%s'.\n", dbdir); _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } /* Allocate a memory pool. */ arena = PORT_NewArena(sizeof(double)); if (arena == NULL) { printf("Out of memory opening database '%s'.\n", dbdir); if (NSS_ShutdownContext(ctx) != SECSuccess) { printf("Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_INITIALIZING); } /* Find the tokens that we might use for key storage. */ slotlist = PK11_GetAllTokens(mech, PR_FALSE, PR_FALSE, NULL); if (slotlist == NULL) { if (NSS_ShutdownContext(ctx) != SECSuccess) { printf("Error shutting down NSS.\n"); } _exit(CM_SUB_STATUS_ERROR_NO_TOKEN); } for (sle = slotlist->head; ((sle != NULL) && (sle->slot != NULL)); sle = sle->next) { /* Read the token's name. */ token = PK11_GetTokenName(sle->slot); if (token != NULL) { printf("Found token '%s'.\n", token); } else { printf("Found unnamed token.\n"); } if (sle->slot == PK11_GetInternalSlot()) { printf("\tIs internal slot.\n"); } if (sle->slot == PK11_GetInternalKeySlot()) { printf("\tIs internal key slot.\n"); } memset(&info, 0, sizeof(info)); if (PK11_GetTokenInfo(sle->slot, &info) == SECSuccess) { printf("\tFlags = %08lx\n", info.flags); printf("\tPIN Length = %lu..%lu\n", info.ulMinPinLen, info.ulMaxPinLen); } /* Now log in, if we have to. */ if (PK11_NeedLogin(sle->slot)) { printf("\tToken requires login.\n"); } else { printf("\tToken does not require login.\n"); } /* If this was the last token, stop walking. */ if (sle == slotlist->tail) { break; } } PK11_FreeSlotList(slotlist); PORT_FreeArena(arena, PR_TRUE); return 0; } certmonger-0.79.19/src/util-m.c0000644000175000017500000000317514511314133015602 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #ifdef HAVE_GMP_H #include #endif #ifdef HAVE_OPENSSL #include #include #endif #ifdef HAVE_GMP char * util_dec_from_hex(const char *hex) { mpz_t m; char *ret; mpz_init(m); if (mpz_set_str(m, hex, 16) != 0) { return NULL; } ret = mpz_get_str(NULL, 10, m); mpz_clear(m); return ret; } #else #ifdef HAVE_OPENSSL #if defined(HAVE_DECL_OPENSSL_FREE) && HAVE_DECL_OPENSSL_FREE static void free_bn_bn2dec_result(void *p) { OPENSSL_free(p); } #else static void free_bn_bn2dec_result(void *p) { free(p); } #endif char * util_dec_from_hex(const char *hex) { BIGNUM *bn = NULL; char *tmp, *ret = NULL; if (strlen(hex) > 0) { if (BN_hex2bn(&bn, hex) == 0) { return NULL; } tmp = BN_bn2dec(bn); BN_free(bn); if (tmp != NULL) { ret = strdup(tmp); free_bn_bn2dec_result(tmp); } } else { ret = strdup(""); } return ret; } #endif #endif certmonger-0.79.19/src/util-m.h0000644000175000017500000000141114511314133015576 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef utilm_h #define utilm_h char *util_dec_from_hex(const char *hex); #endif certmonger-0.79.19/src/util-n.c0000644000175000017500000001520414511314133015577 0ustar gitgit00000000000000/* * Copyright (C) 2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "store-int.h" #include "util-n.h" #include #define NODE "/proc/sys/crypto/fips_enabled" static PRBool force_fips = PR_FALSE; void util_n_set_fips(enum force_fips_mode force) { if (force == do_not_force_fips) { force_fips = PR_FALSE; } else { force_fips = PR_TRUE; } } const char * util_n_fips_hook(void) { SECMODModule *module; PRBool fips_detected; const char *name; FILE *fp; char buf[LINE_MAX]; if (!force_fips) { fips_detected = PR_FALSE; fp = fopen(NODE, "r"); if (fp != NULL) { if (fgets(buf, sizeof(buf), fp) != NULL) { buf[strcspn(buf, "\r\n")] = '\0'; cm_log(4, "Read value \"%s\" from \"%s\".\n", buf, NODE); if (strlen(buf) > 0) { if (atoi(buf) == 1) { fips_detected = PR_TRUE; } } } fclose(fp); } else { cm_log(4, "Error opening \"%s\": %s, assuming 0.\n", NODE, strerror(errno)); } if (!fips_detected) { cm_log(4, "Not attempting to set NSS FIPS mode.\n"); return NULL; } } if (!PK11_IsFIPS()) { cm_log(4, "Attempting to set NSS FIPS mode.\n"); module = SECMOD_GetInternalModule(); if (module == NULL) { return "error obtaining handle to internal " "cryptographic token's module"; } name = module->commonName; if (SECMOD_DeleteInternalModule(name) != SECSuccess) { return "error unloading (reloading) NSS's internal " "cryptographic module"; } if (!PK11_IsFIPS()) { return "unloading (reloading) the internal " "cryptographic module wasn't sufficient to " "enable FIPS mode"; } cm_log(4, "Successfully set NSS FIPS mode.\n"); } return NULL; } char * util_build_next_nickname(const char *prefix, const char *marker) { size_t len; char *ret; len = strlen(prefix) + strlen(marker) + sizeof("%s (candidate %s)"); ret = malloc(len + 1); if (ret != NULL) { snprintf(ret, len, "%s (candidate %s)", prefix, marker); } return ret; } char * util_build_old_nickname(const char *prefix, const char *serial) { size_t len; char *ret; len = strlen(prefix) + strlen(serial) + sizeof("%s (serial %s)"); ret = malloc(len + 1); if (ret != NULL) { snprintf(ret, len, "%s (serial %s)", prefix, serial); } return ret; } static void util_set_db_owner_perms(const char *dbdir, const char *filename, const char *owner, mode_t perms) { char *user, *group, *pathname = NULL; struct passwd *pwd; struct group *grp; uid_t uid; gid_t gid; struct stat st, before; int fd; if (filename == NULL) { return; } pathname = malloc(strlen(dbdir) + strlen(filename) + 2); if (pathname == NULL) { return; } sprintf(pathname, "%s/%s", dbdir, filename); fd = open(pathname, O_RDWR); if (fd == -1) { free(pathname); return; } if ((lstat(pathname, &before) == -1) || !S_ISREG(before.st_mode)) { close(fd); free(pathname); return; } if ((fstat(fd, &st) == -1) || !S_ISREG(st.st_mode)) { close(fd); free(pathname); return; } if ((st.st_dev != before.st_dev) || (st.st_ino != before.st_ino)) { close(fd); free(pathname); return; } if (owner != NULL) { user = strdup(owner); group = strchr(user, ':'); if (group != NULL) { *group++ = '\0'; if (strlen(group) == 0) { group = NULL; } } pwd = getpwnam(user); if (pwd == NULL) { cm_log(1, "Error looking up user \"%s\", " "not setting ownership of \"%s\".\n", user, pathname); } else { uid = pwd->pw_uid; gid = pwd->pw_gid; if (group != NULL) { grp = getgrnam(group); if (grp != NULL) { gid = grp->gr_gid; } else { cm_log(1, "Error looking up group " "\"%s\", setting group of \"%s\"" " to primary group of \"%s\".\n", group, pathname, user); } } if (fchown(fd, uid, gid) == -1) { cm_log(1, "Error setting ownership on " "file \"%s\": %s. Continuing\n", pathname, strerror(errno)); } } free(user); } if (perms != 0) { if (fchmod(fd, perms) == -1) { cm_log(1, "Error setting permissions on " "file \"%s\": %s. Continuing\n", pathname, strerror(errno)); } } close(fd); free(pathname); } void util_set_db_entry_key_owner(const char *dbdir, struct cm_store_entry *entry) { const char *keydb = NULL; if (dbdir == NULL) { return; } if (strncmp(dbdir, "sql:", 4) == 0) { keydb = "key4.db"; dbdir += 4; } else if (strncmp(dbdir, "dbm:", 4) == 0) { keydb = "key3.db"; dbdir += 4; } else if (strncmp(dbdir, "rdb:", 4) == 0) { keydb = "key3.db"; dbdir += 4; } else if (strncmp(dbdir, "extern:", 7) == 0) { keydb = "key4.db"; dbdir += 7; } else { keydb = "key3.db"; } util_set_db_owner_perms(dbdir, keydb, entry->cm_key_owner, entry->cm_key_perms); } void util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry) { const char *certdb = NULL, *secmoddb = NULL; if (dbdir == NULL) { return; } if (strncmp(dbdir, "sql:", 4) == 0) { certdb = "cert9.db"; secmoddb = "pkcs11.txt"; dbdir += 4; } else if (strncmp(dbdir, "dbm:", 4) == 0) { certdb = "cert8.db"; secmoddb = "secmod.db"; dbdir += 4; } else if (strncmp(dbdir, "rdb:", 4) == 0) { certdb = "cert8.db"; secmoddb = "secmod.db"; dbdir += 4; } else if (strncmp(dbdir, "extern:", 7) == 0) { certdb = "cert9.db"; secmoddb = "pkcs11.txt"; dbdir += 7; } else { certdb = "cert8.db"; secmoddb = "secmod.db"; } util_set_db_owner_perms(dbdir, certdb, entry->cm_cert_owner, entry->cm_cert_perms); util_set_db_owner_perms(dbdir, secmoddb, entry->cm_cert_owner, entry->cm_cert_perms); } char * util_internal_token_name(void *ctx) { PK11SlotInfo *slot = NULL; char *name = NULL; slot = PK11_GetInternalKeySlot(); name = talloc_strdup(ctx, PK11_GetTokenName(slot)); PK11_FreeSlot(slot); return name; } certmonger-0.79.19/src/util-n.h0000644000175000017500000000237214511314133015606 0ustar gitgit00000000000000/* * Copyright (C) 2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef utiln_h #define utiln_h struct cm_store_entry; enum force_fips_mode { do_not_force_fips, do_force_fips }; void util_n_set_fips(enum force_fips_mode force); const char *util_n_fips_hook(void); char *util_build_next_nickname(const char *prefix, const char *marker); char *util_build_old_nickname(const char *prefix, const char *serial); void util_set_db_entry_key_owner(const char *dbdir, struct cm_store_entry *entry); void util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry); char * util_internal_token_name(void *ctx); #endif certmonger-0.79.19/src/util-o.c0000644000175000017500000003411514511314133015602 0ustar gitgit00000000000000/* * Copyright (C) 2010,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include "cm.h" #include "log.h" #include "store-int.h" #include "util-o.h" void util_o_init(void) { #if OPENSSL_VERSION_MAJOR < 3 #if defined(HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS) && HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS OpenSSL_add_all_algorithms(); #elif defined(HAVE_DECL_OPENSSL_ADD_SSL_ALGORITHMS) && HAVE_DECL_OPENSSL_ADD_SSL_ALGORITHMS OpenSSL_add_ssl_algorithms(); #else SSL_library_init(); #endif #endif } char * util_build_next_filename(const char *prefix, const char *marker) { size_t len; char *ret; len = strlen(prefix) + strlen(marker) + sizeof("%s.%s.key"); ret = malloc(len + 1); if (ret != NULL) { snprintf(ret, len, "%s.%s.key", prefix, marker); } return ret; } char * util_build_old_filename(const char *prefix, const char *serial) { size_t len; char *ret; len = strlen(prefix) + strlen(serial) + sizeof("%s.%s.key"); ret = malloc(len + 1); if (ret != NULL) { snprintf(ret, len, "%s.%s.key", prefix, serial); } return ret; } void util_set_fd_owner_perms(int fd, const char *filename, const char *owner, mode_t perms) { char *user, *group; struct passwd *pwd; struct group *grp; uid_t uid; gid_t gid; if (filename == NULL) { return; } if (owner != NULL) { user = strdup(owner); group = strchr(user, ':'); if (group != NULL) { *group++ = '\0'; if (strlen(group) == 0) { group = NULL; } } pwd = getpwnam(user); if (pwd == NULL) { cm_log(1, "Error looking up user \"%s\", " "not setting ownership of \"%s\".\n", user, filename); } else { uid = pwd->pw_uid; gid = pwd->pw_gid; if (group != NULL) { grp = getgrnam(group); if (grp != NULL) { gid = grp->gr_gid; } else { cm_log(1, "Error looking up group " "\"%s\", setting group of \"%s\"" " to primary group of \"%s\".\n", group, filename, user); } } if (fchown(fd, uid, gid) == -1) { cm_log(1, "Error setting ownership on " "file \"%s\": %s. Continuing\n", filename, strerror(errno)); } } free(user); } if (perms != 0) { if (fchmod(fd, perms) == -1) { cm_log(1, "Error setting permissions on " "file \"%s\": %s. Continuing\n", filename, strerror(errno)); } } } void util_set_fd_entry_key_owner(int keyfd, const char *filename, struct cm_store_entry *entry) { util_set_fd_owner_perms(keyfd, filename, entry->cm_key_owner, entry->cm_key_perms); } void util_set_fd_entry_cert_owner(int certfd, const char *filename, struct cm_store_entry *entry) { util_set_fd_owner_perms(certfd, filename, entry->cm_cert_owner, entry->cm_cert_perms); } #if OPENSSL_VERSION_NUMBER >= 0x10100000L int util_o_cert_cmp(const X509 *const *a, const X509 *const *b) { return X509_cmp(*a, *b); } #else int util_o_cert_cmp(const void *a, const void *b) { X509 * const *x, * const *y; x = a; y = b; return X509_cmp(*x, *y); } #endif ASN1_BIT_STRING * util_ASN1_BIT_STRING_new(void) { #ifdef HAVE_ASN1_BIT_STRING_NEW return ASN1_BIT_STRING_new(); #else return M_ASN1_BIT_STRING_new(); #endif } ASN1_GENERALIZEDTIME * util_ASN1_GENERALIZEDTIME_new(void) { #ifdef HAVE_ASN1_GENERALIZEDTIME_NEW return ASN1_GENERALIZEDTIME_new(); #else return M_ASN1_GENERALIZEDTIME_new(); #endif } ASN1_IA5STRING * util_ASN1_IA5STRING_new(void) { #ifdef HAVE_ASN1_IA5STRING_NEW return ASN1_IA5STRING_new(); #else return M_ASN1_IA5STRING_new(); #endif } ASN1_INTEGER * util_ASN1_INTEGER_new(void) { #ifdef HAVE_ASN1_INTEGER_NEW return ASN1_INTEGER_new(); #else return M_ASN1_INTEGER_new(); #endif } ASN1_OCTET_STRING * util_ASN1_OCTET_STRING_new(void) { #ifdef HAVE_ASN1_OCTET_STRING_NEW return ASN1_OCTET_STRING_new(); #else return M_ASN1_OCTET_STRING_new(); #endif } int util_ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len) { #ifdef HAVE_ASN1_OCTET_STRING_SET return ASN1_OCTET_STRING_set(str, data, len); #else return M_ASN1_OCTET_STRING_set(str, data, len); #endif } ASN1_PRINTABLESTRING * util_ASN1_PRINTABLESTRING_new(void) { #ifdef HAVE_ASN1_PRINTABLESTRING_NEW return ASN1_PRINTABLESTRING_new(); #else return M_ASN1_PRINTABLESTRING_new(); #endif } const unsigned char * util_ASN1_STRING_get0_data(const ASN1_STRING *x) { #ifdef HAVE_ASN1_STRING_GET0_DATA return ASN1_STRING_get0_data(x); #elif defined(HAVE_ASN1_STRING_GET_DATA) return ASN1_STRING_get_data(x); #else return M_ASN1_STRING_data(x); #endif } int util_ASN1_STRING_length(const ASN1_STRING *x) { #ifdef HAVE_ASN1_STRING_LENGTH return ASN1_STRING_length(x); #else return M_ASN1_STRING_length(x); #endif } ASN1_STRING * util_ASN1_STRING_new(void) { #ifdef HAVE_ASN1_STRING_NEW return ASN1_STRING_new(); #else return M_ASN1_STRING_new(); #endif } ASN1_TIME * util_ASN1_TIME_dup(ASN1_TIME *t) { unsigned char *p, *pp; const unsigned char *cp; long len; len = i2d_ASN1_TIME(t, NULL); p = malloc(len); if (p != NULL) { pp = p; if (i2d_ASN1_TIME(t, &pp) < 0) { free(p); return NULL; } cp = p; t = d2i_ASN1_TIME(NULL, &cp, len); if (cp - p != len) { t = NULL; } free(p); return t; } return NULL; } ASN1_TIME * util_ASN1_TIME_new(void) { #ifdef HAVE_ASN1_TIME_NEW return ASN1_TIME_new(); #else return M_ASN1_TIME_new(); #endif } ASN1_TIME * util_ASN1_TIME_set(ASN1_TIME *str, time_t t) { #ifdef HAVE_ASN1_TIME_SET return ASN1_TIME_set(str, t); #else return M_ASN1_TIME_set(str, t); #endif } int util_EVP_PKEY_id(const EVP_PKEY *pkey) { #if defined(HAVE_EVP_PKEY_ID) || defined(HAVE_EVP_PKEY_GET_ID) return EVP_PKEY_id(pkey); #else return pkey->type; #endif } int util_EVP_PKEY_base_id(const EVP_PKEY *pkey) { #ifdef HAVE_EVP_PKEY_BASE_ID return EVP_PKEY_base_id(pkey); #else return EVP_PKEY_type(util_EVP_PKEY_id(pkey)); #endif } const unsigned char * util_OBJ_get0_data(const ASN1_OBJECT *obj) { #ifdef HAVE_OBJ_GET0_DATA return OBJ_get0_data(obj); #else return obj->data; #endif } size_t util_OBJ_length(const ASN1_OBJECT *obj) { #ifdef HAVE_OBJ_LENGTH return OBJ_length(obj); #else return obj->length; #endif } ASN1_OBJECT * util_X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *a) { #ifdef HAVE_X509_ATTRIBUTE_GET0_OBJECT return X509_ATTRIBUTE_get0_object(a); #else return a->object; #endif } const ASN1_TIME * util_X509_get0_notAfter(X509 *x) { #ifdef HAVE_X509_GET0_NOTAFTER return X509_get0_notAfter(x); #else return x->cert_info->validity->notAfter; #endif } EVP_PKEY * util_X509_get0_pubkey(X509 *cert) { #ifdef HAVE_X509_GET0_PUBKEY return X509_get0_pubkey(cert); #else return X509_PUBKEY_get(cert->cert_info->key); #endif } const ASN1_INTEGER * util_X509_get0_serialNumber(X509 *cert) { #ifdef HAVE_X509_GET0_SERIALNUMBER return X509_get0_serialNumber(cert); #else return cert->cert_info->serialNumber; #endif } X509_NAME * util_X509_get0_issuer_name(X509 *x) { #ifdef HAVE_X509_GET_ISSUER_NAME return X509_get_issuer_name(x); #else return x->cert_info->issuer; #endif } uint32_t util_X509_get_key_usage(X509 *x) { #ifdef HAVE_X509_GET_KEY_USAGE return X509_get_key_usage(x); #else /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); return x->ex_kusage; #endif } X509_NAME * util_X509_get0_subject_name(X509 *x) { #ifdef HAVE_X509_GET_SUBJECT_NAME return X509_get_subject_name(x); #else return x->cert_info->subject; #endif } EVP_PKEY * util_X509_REQ_get0_pubkey(X509_REQ *req) { #ifdef HAVE_X509_REQ_GET0_PUBKEY return X509_REQ_get0_pubkey(req); #else return X509_PUBKEY_get(req->req_info->pubkey); #endif } void util_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg) { #ifdef HAVE_X509_REQ_GET0_SIGNATURE X509_REQ_get0_signature(req, psig, palg); #else if (psig != NULL) { *psig = req->signature; } if (palg != NULL) { *palg = req->sig_alg; } #endif } int util_X509_set_pubkey(X509 *cert, EVP_PKEY *pkey) { return X509_set_pubkey(cert, pkey); } int util_X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name) { #ifdef HAVE_X509_REQ_SET_SUBJECT_NAME return X509_REQ_set_subject_name(req, name); #else return X509_NAME_set(&req->req_info->subject, name); #endif } int util_X509_set1_notAfter(X509 *x, ASN1_TIME *tm) { #ifdef HAVE_X509_SET1_NOTAFTER return X509_set1_notAfter(x, tm); #else if (x != NULL) { x->cert_info->validity->notAfter = tm; return 1; } return 0; #endif } int util_X509_set1_notBefore(X509 *x, ASN1_TIME *tm) { #ifdef HAVE_X509_SET1_NOTBEFORE return X509_set1_notBefore(x, tm); #else if (x != NULL) { x->cert_info->validity->notBefore = tm; return 1; } return 0; #endif } int util_X509_set_issuer_name(X509 *x, X509_NAME *name) { #ifdef HAVE_X509_SET_ISSUER_NAME return X509_set_issuer_name(x, name); #else return X509_NAME_set(&x->cert_info->issuer, name); #endif } int util_X509_set_subject_name(X509 *x, X509_NAME *name) { #ifdef HAVE_X509_SET_SUBJECT_NAME return X509_set_subject_name(x, name); #else return X509_NAME_set(&x->cert_info->subject, name); #endif } int util_X509_set1_version(X509 *x, ASN1_INTEGER *version) { #ifdef HAVE_X509_CERT_INFO x->cert_info->version = ASN1_INTEGER_dup(version); return x->cert_info->version != NULL; #else return X509_set_version(x, ASN1_INTEGER_get(version)); #endif } void util_NETSCAPE_SPKI_set_sig_alg(NETSCAPE_SPKI *spki, const X509_ALGOR *sig_alg) { #ifdef CM_NETSCAPE_SPKI_SIG_ALGOR_IS_POINTER spki->sig_algor = X509_ALGOR_dup((X509_ALGOR *)sig_alg); #else spki->sig_algor = *X509_ALGOR_dup((X509_ALGOR *)sig_alg); #endif } static EVP_PKEY * util_EVP_PKEY_dup(EVP_PKEY *pkey, int (*i2d)(EVP_PKEY *, unsigned char **), EVP_PKEY *(*d2i)(int, EVP_PKEY **, const unsigned char **, long)) { EVP_PKEY *k; unsigned char *p, *q; const unsigned char *d; int l, len; l = i2d(pkey, NULL); if (l < 0) { cm_log(1, "Error determining size of key."); return NULL; } p = q = malloc(l); if (p == NULL) { cm_log(1, "Out of memory copying key."); return NULL; } len = i2d(pkey, &q); if (len != l) { cm_log(1, "Unexpected error copying key."); memset(p, 0, l); free(p); return NULL; } d = p; k = d2i(util_EVP_PKEY_base_id(pkey), NULL, &d, len); memset(p, 0, l); free(p); if (k == NULL) { cm_log(1, "Unexpected error decoding copy of key."); return NULL; } return k; } EVP_PKEY * util_public_EVP_PKEY_dup(EVP_PKEY *pkey) { return util_EVP_PKEY_dup(pkey, i2d_PublicKey, d2i_PublicKey); } EVP_PKEY * util_private_EVP_PKEY_dup(EVP_PKEY *pkey) { return util_EVP_PKEY_dup(pkey, i2d_PrivateKey, d2i_PrivateKey); } static unsigned char * decode_base64(const unsigned char *input, int length, int *outlength) { int expected_len; unsigned char *output; int output_len; expected_len = 3 * length / 4; output = calloc(expected_len + 1, 1); output_len = EVP_DecodeBlock(output, input, length); if (output_len < 0) { *outlength = -1; free(output); return NULL; } if (output_len % 3 != 0) { *outlength = -1; free(output); return NULL; } if (expected_len != output_len) { *outlength = -1; free(output); return NULL; } *outlength = output_len; return output; } int validate_pem(void *parent, const char *path) { char *p; char *s = NULL, *sp, *sq; int ret = 0; FILE *fp; struct stat st; char *tmp1 = NULL; unsigned char *tmp2 = NULL; char *buffer; int n, i, length; int found = 0; fp = fopen(path, "r"); if (fp == NULL) { printf("Unable to open %s for reading: %s\n", path, strerror(errno)); return -1; } if (fstat(fileno(fp), &st) == -1) { printf("Error opening %s for reading: %s\n", path, strerror(errno)); fclose(fp); return -1; } if (st.st_size == 0) { printf("%s is an empty file.\n", path); fclose(fp); return -1; } buffer = malloc(st.st_size + 1); if (buffer == NULL) { printf("Error allocating memory.\n"); fclose(fp); return -1; } n = 0; while (n < st.st_size) { i = fread(buffer + n, 1, st.st_size - n, fp); if (i <= 0) { printf("Error reading %s: %s.\n", path, strerror(errno)); fclose(fp); ret = -1; goto done; } n += i; } fclose(fp); buffer[st.st_size] = '\0'; length = st.st_size; s = malloc(length + 1); if (s == NULL) { printf("Error allocating memory.\n"); ret = -1; goto done; } memcpy(s, buffer, length); s[length] = '\0'; sp = s; tmp1 = NULL; tmp2 = NULL; while ((sp = strstr(sp, "-----BEGIN")) != NULL) { sq = strstr(sp, "-----END"); if (sq != NULL) { found++; sq += strcspn(sq, "\r\n"); sq += strspn(sq, "\r\n"); /* Strip down to pure base64 so no headers, new lines or cr */ tmp1 = strndup(sp, sq - sp); p = strstr(tmp1, "-----BEGIN"); if (p != NULL) { p += strcspn(p, "\n"); if (*p == '\n') { p++; } memmove(tmp1, p, strlen(p) + 1); } p = strstr(tmp1, "\n-----END"); if (p != NULL) { *p = '\0'; } while ((p = strchr(tmp1, '\r')) != NULL) { memmove(p, p + 1, strlen(p)); } while ((p = strchr(tmp1, '\n')) != NULL) { memmove(p, p + 1, strlen(p)); } length = 0; tmp2 = decode_base64((unsigned char *)tmp1, strlen(tmp1), &length); if (length < 0) { ret = -1; goto done; } sp = sq; } } if (found == 0) { ret = -1; } done: free(buffer); free(s); free(tmp1); free(tmp2); return ret; } certmonger-0.79.19/src/util-o.h0000644000175000017500000000706214511314133015610 0ustar gitgit00000000000000/* * Copyright (C) 2010,2012,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef utilo_h #include #include #include #include #include #define utilo_h struct cm_store_entry; void util_o_init(void); char *util_build_next_filename(const char *prefix, const char *marker); char *util_build_old_filename(const char *prefix, const char *serial); void util_set_fd_owner_perms(int fd, const char *filename, const char *owner, mode_t perms); void util_set_fd_entry_key_owner(int keyfd, const char *filename, struct cm_store_entry *entry); void util_set_fd_entry_cert_owner(int certfd, const char *filename, struct cm_store_entry *entry); #if OPENSSL_VERSION_NUMBER >= 0x10100000L int util_o_cert_cmp(const X509 *const *a, const X509 *const *b); #else int util_o_cert_cmp(const void *a, const void *b); #endif ASN1_BIT_STRING *util_ASN1_BIT_STRING_new(void); ASN1_GENERALIZEDTIME *util_ASN1_GENERALIZEDTIME_new(void); ASN1_IA5STRING *util_ASN1_IA5STRING_new(void); ASN1_INTEGER *util_ASN1_INTEGER_new(void); ASN1_OCTET_STRING *util_ASN1_OCTET_STRING_new(void); int util_ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); ASN1_PRINTABLESTRING *util_ASN1_PRINTABLESTRING_new(void); const unsigned char *util_ASN1_STRING_get0_data(const ASN1_STRING *x); int util_ASN1_STRING_length(const ASN1_STRING *x); ASN1_STRING *util_ASN1_STRING_new(void); ASN1_TIME *util_ASN1_TIME_dup(ASN1_TIME *t); ASN1_TIME *util_ASN1_TIME_new(void); ASN1_TIME *util_ASN1_TIME_set(ASN1_TIME *str, time_t t); int util_EVP_PKEY_base_id(const EVP_PKEY *pkey); int util_EVP_PKEY_id(const EVP_PKEY *pkey); const unsigned char *util_OBJ_get0_data(const ASN1_OBJECT *obj); size_t util_OBJ_length(const ASN1_OBJECT *obj); ASN1_OBJECT *util_X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *a); const ASN1_TIME *util_X509_get0_notAfter(X509 *x); EVP_PKEY *util_X509_get0_pubkey(X509 *cert); const ASN1_INTEGER *util_X509_get0_serialNumber(X509 *cert); X509_NAME *util_X509_get0_issuer_name(X509 *x); uint32_t util_X509_get_key_usage(X509 *x); X509_NAME *util_X509_get0_subject_name(X509 *x); EVP_PKEY *util_X509_REQ_get0_pubkey(X509_REQ *req); void util_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); int util_X509_set_pubkey(X509 *cert, EVP_PKEY *pkey); int util_X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); int util_X509_set1_notAfter(X509 *x, ASN1_TIME *tm); int util_X509_set1_notBefore(X509 *x, ASN1_TIME *tm); int util_X509_set_issuer_name(X509 *x, X509_NAME *name); int util_X509_set_subject_name(X509 *x, X509_NAME *name); int util_X509_set1_version(X509 *x, ASN1_INTEGER *version); void util_NETSCAPE_SPKI_set_sig_alg(NETSCAPE_SPKI *spki, const X509_ALGOR *sig_alg); EVP_PKEY *util_public_EVP_PKEY_dup(EVP_PKEY *pkey); EVP_PKEY *util_private_EVP_PKEY_dup(EVP_PKEY *pkey); int validate_pem(void *parent, const char *path); #endif certmonger-0.79.19/src/util.c0000644000175000017500000001212414511314133015342 0ustar gitgit00000000000000/* Authors: Rob Crittenden * John Dennis * * Copyright (C) 2009,2010 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /* Simple INI-style file reader. * * usage is: * char * data = read_config_file("/path/to/something.conf") * char * entry = get_config_entry(data, "section", "mykey") * * caller must free data and entry. */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "util.h" char * read_config_file(const char *filename) { int fd; struct stat st; char *data, *dest; size_t left; fd = open(filename, O_RDONLY); if (fd == -1) { cm_log(1, "Cannot open configuration file \"%s\": %s.\n", filename, strerror(errno)); return NULL; } /* stat() the file so we know the size and can pre-allocate the right * amount of memory. */ if (fstat(fd, &st) == -1) { close(fd); cm_log(1, "Cannot stat() configuration file \"%s\": %s.\n", filename, strerror(errno)); return NULL; } left = st.st_size; data = malloc(st.st_size + 1); if (data == NULL) { close(fd); cm_log(1, "Out of memory reading configuration file \"%s\".\n", filename); return NULL; } dest = data; while (left != 0) { ssize_t res; res = read(fd, dest, left); if (res == 0) break; if (res < 0) { cm_log(1, "Read error reading \"%s\": %s\n", filename, strerror(errno)); close(fd); free(dest); return NULL; } dest += res; left -= res; } close(fd); *dest = '\0'; return data; } char * get_config_entry(char * in_data, const char *section, const char *key) { char *ptr = NULL, *p, *tmp = NULL; char *line; int in_section = 0; char * data = strdup(in_data); for (line = strtok_r(data, "\n", &ptr); line != NULL; line = strtok_r(NULL, "\n", &ptr)) { /* Skip initial whitespace. */ while (isspace((unsigned char)*line) && (*line != '\0')) line++; /* If it's a comment, bail. */ if (*line == '#') { continue; } /* If it's the beginning of a section, process it and clear the key * and value values. */ if (*line == '[') { line++; p = strchr(line, ']'); if (p) { tmp = strndup(line, p - line); if (in_section) { /* We exited the matching section without a match */ free(data); free(tmp); return NULL; } if (strcmp(section, tmp) == 0) { free(tmp); tmp = NULL; in_section = 1; continue; } free(tmp); tmp = NULL; } } /* [ */ p = strchr(line, '='); if (p != NULL && in_section) { /* Trim any trailing whitespace off the key name. */ while (p != line && isspace((unsigned char)p[-1])) p--; /* Save the key. */ tmp = strndup(line, p - line); if (strcmp(key, tmp) != 0) { free(tmp); tmp = NULL; } else { free(tmp); tmp = NULL; /* Skip over any whitespace after the equal sign. */ line = strchr(line, '='); if (line == NULL) { free(data); return NULL; } line++; while (isspace((unsigned char)*line) && (*line != '\0')) line++; /* Trim off any trailing whitespace. */ p = strchr(line, '\0'); while (p != line && isspace((unsigned char)p[-1])) p--; /* Save the value. */ tmp = strndup(line, p - line); free(data); return tmp; } } } free(data); free(tmp); return NULL; } void str_to_upper_inplace(char *s) { if (NULL == s) return; for (; *s != '\0'; s++) { *s = toupper(*s); } } char *str_to_upper(const char *s) { char *ret = strdup(s); if (ret != NULL) str_to_upper_inplace(ret); return ret; } certmonger-0.79.19/src/util.h0000644000175000017500000000222314511314133015346 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef util_h #define util_h char *read_config_file(const char *filename); char *get_config_entry(char *data, const char *section, const char *key); /* * Convert string to upper case in place. * String must be null-terminated. Locale-unaware. */ void str_to_upper_inplace(char *s); /* * Return upper-cased copy of string. * String must be null-terminated. Locale-unaware. * Return NULL on error (insufficient memory). */ char *str_to_upper(const char *s); #endif certmonger-0.79.19/systemd/0000755000175000017500000000000014511314133015122 5ustar gitgit00000000000000certmonger-0.79.19/systemd/Makefile.am0000644000175000017500000000040314511314133017153 0ustar gitgit00000000000000if SYSTEMD unitsdir = @SYSTEMDSYSTEMUNITDIR@ units_DATA = certmonger.service servicedir = @SYSTEMBUSSERVICESDIR@ service_DATA = org.fedorahosted.certmonger.service endif if TMPFILES tmpfilesdir = $(prefix)/lib/tmpfiles.d tmpfiles_DATA = certmonger.conf endif certmonger-0.79.19/systemd/certmonger.conf.in0000644000175000017500000000026314511314133020544 0ustar gitgit00000000000000# certmonger uses libraries which may want to put temporary files in $TMPDIR, # but SELinux policy won't let anything running as certmonger_t do that d @CM_TMPDIR@ 0755 root root certmonger-0.79.19/systemd/certmonger.service.in0000644000175000017500000000053414511314133021260 0ustar gitgit00000000000000[Unit] Description=Certificate monitoring and PKI enrollment After=syslog.target network.target dbus.service PartOf=dbus.service [Service] Type=dbus PIDFile=/run/certmonger.pid EnvironmentFile=-/etc/sysconfig/certmonger ExecStart=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS BusName=@CM_DBUS_NAME@ [Install] WantedBy=multi-user.target certmonger-0.79.19/systemd/org.fedorahosted.certmonger.service.in0000644000175000017500000000014014511314133024505 0ustar gitgit00000000000000[D-BUS Service] Name=@CM_DBUS_NAME@ Exec=/bin/false User=root SystemdService=certmonger.service certmonger-0.79.19/sysvinit/0000755000175000017500000000000014511314133015322 5ustar gitgit00000000000000certmonger-0.79.19/sysvinit/Makefile.am0000644000175000017500000000010314511314133017350 0ustar gitgit00000000000000if SYSVINIT initddir = @SYSVINIT@ initd_SCRIPTS = certmonger endif certmonger-0.79.19/sysvinit/certmonger.in0000755000175000017500000000406014511314133020022 0ustar gitgit00000000000000#!/bin/sh # # certmonger monitors certificates for impending expiration and can # attempt to re-enroll when they expire # # chkconfig: - 99 01 # description: Provides certificate monitoring and PKI enrollment. # processname: @mysbindir@/certmonger # pidfile: /var/run/certmonger.pid # ### BEGIN INIT INFO # Provides: certmonger # Required-Start: messagebus # Required-Stop: messagebus # Should-Start: $network # Should-Stop: $network # Short-Description: Certificate monitor and PKI enrollment client # Description: Provides certificate monitoring and PKI enrollment. ### END INIT INFO program=@mysbindir@/certmonger prog=${program##*/} pidfile=/var/run/certmonger.pid lockfile=/var/lock/subsys/certmonger if [ -f /etc/rc.d/init.d/functions ]; then . /etc/rc.d/init.d/functions fi if [ -f /etc/sysconfig/certmonger ]; then . /etc/sysconfig/certmonger fi RETVAL=0 start() { echo -n $"Starting $prog: " [ -x $program ] || exit 5 daemon $program -S -p ${pidfile} $OPTS RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc $program RETVAL=$? echo if [ $RETVAL -eq 0 ]; then rm -f $lockfile fi } mystatusq() { status $program > /dev/null 2> /dev/null } restart() { stop start } # See how we were called. case "$1" in start) if mystatusq ; then touch $lockfile exit 0 fi $1 ;; stop) if ! test -f $pidfile ; then mystatusq || exit 0 fi $1 ;; restart) $1 ;; status) status -p $pidfile $program RETVAL=$? ;; condrestart|try-restart) [ -f $lockfile ] && restart || : ;; reload) echo "can't reload configuration, you have to restart it" RETVAL=3 ;; force-reload) restart ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 2 ;; esac exit $RETVAL certmonger-0.79.19/tests/0000755000175000017500000000000014511314133014574 5ustar gitgit00000000000000certmonger-0.79.19/tests/001-keyiread-ec/0000755000175000017500000000000014511314133017254 5ustar gitgit00000000000000certmonger-0.79.19/tests/001-keyiread-ec/expected.out0000644000175000017500000000013514511314133021605 0ustar gitgit00000000000000OK (EC:256). OK (EC:256). OK (EC:384). OK (EC:384). OK (EC:521). OK (EC:521). Test complete. certmonger-0.79.19/tests/001-keyiread-ec/expected.out.20000644000175000017500000000013514511314133021745 0ustar gitgit00000000000000OK (EC:256). OK (EC:256). OK (EC:384). OK (EC:384). OK (EC:384). OK (EC:521). Test complete. certmonger-0.79.19/tests/001-keyiread-ec/expected.out.30000644000175000017500000000020514511314133021744 0ustar gitgit00000000000000OK (EC:256). OK (EC:256). OK (EC:384). OK (EC:384). OK (EC:521). Error parsing exported key for nistp521, continuing. Test complete. certmonger-0.79.19/tests/001-keyiread-ec/expected.out.40000644000175000017500000000020514511314133021745 0ustar gitgit00000000000000OK (EC:256). OK (EC:256). OK (EC:384). OK (EC:384). OK (EC:384). Error parsing exported key for nistp521, continuing. Test complete. certmonger-0.79.19/tests/001-keyiread-ec/run.sh0000755000175000017500000000175614511314133020430 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in nistp256 nistp384 nistp521 ; do # Generate a self-signed cert. run_certutil -d "$tmpdir" -S -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -k ec -q $size # Check the size of the key. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size EOF $toolsdir/keyiread entry.nss.$size # Export the key. if ! pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 ; then echo Error exporting key for $size, continuing. continue fi if ! openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 ; then echo Error parsing exported key for $size, continuing. continue fi cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size EOF $toolsdir/keyiread entry.openssl.$size done echo Test complete. certmonger-0.79.19/tests/001-keyiread-rsa/0000755000175000017500000000000014511314133017452 5ustar gitgit00000000000000certmonger-0.79.19/tests/001-keyiread-rsa/expected.out0000644000175000017500000000015114511314133022001 0ustar gitgit00000000000000OK (RSA:2048). OK (RSA:3072). OK (RSA:4096). OK (RSA:2048). OK (RSA:3072). OK (RSA:4096). Test complete. certmonger-0.79.19/tests/001-keyiread-rsa/run.sh0000755000175000017500000000234714511314133020623 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in 2048 3072 4096 ; do # Generate a self-signed cert. run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -k rsa # Export the key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 # Check the size of the key. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size EOF grep ^key_pubkey_info= entry.openssl.$size >> entry.nss.$size grep ^key_pubkey= entry.openssl.$size >> entry.nss.$size $toolsdir/keyiread entry.nss.$size done for size in 2048 3072 4096 ; do # Generate a key. openssl genrsa $size > sample.$size 2> /dev/null # Check the size of the key. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/sample.$size EOF $toolsdir/keyiread entry.openssl.$size done echo Test complete. certmonger-0.79.19/tests/001-keyiread/0000755000175000017500000000000014511314133016667 5ustar gitgit00000000000000certmonger-0.79.19/tests/001-keyiread/expected.out0000644000175000017500000000015114511314133021216 0ustar gitgit00000000000000OK (RSA:2048). OK (RSA:3072). OK (RSA:4096). OK (RSA:2048). OK (RSA:3072). OK (RSA:4096). Test complete. certmonger-0.79.19/tests/001-keyiread/run.sh0000755000175000017500000000234014511314133020031 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in 2048 3072 4096 ; do # Generate a self-signed cert. run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u # Export the key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 # Check the size of the key. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size EOF grep ^key_pubkey= entry.openssl.$size >> entry.nss.$size grep ^key_pubkey_info= entry.openssl.$size >> entry.nss.$size $toolsdir/keyiread entry.nss.$size done for size in 2048 3072 4096 ; do # Generate a key. openssl genrsa $size > sample.$size 2> /dev/null # Check the size of the key. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/sample.$size EOF $toolsdir/keyiread entry.openssl.$size done echo Test complete. certmonger-0.79.19/tests/002-keygen-dbm/0000755000175000017500000000000014511314133017115 5ustar gitgit00000000000000certmonger-0.79.19/tests/002-keygen-dbm/expected.out0000644000175000017500000000232114511314133021445 0ustar gitgit00000000000000[nss:2048] OK. OK (RSA:2048). OK. OK (RSA:2048 after RSA:2048). OK. OK (RSA:2048 after RSA:2048). keyi2048 keyi2048 (candidate (next)) [nss:3072] OK. OK (RSA:3072). OK. OK (RSA:3072 after RSA:3072). OK. OK (RSA:3072 after RSA:3072). keyi3072 keyi3072 (candidate (next)) [nss:4096] OK. OK (RSA:4096). OK. OK (RSA:4096 after RSA:4096). OK. OK (RSA:4096 after RSA:4096). keyi4096 keyi4096 (candidate (next)) [nss:rosubdir] Failed to save NSS:dbm:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:dbm:${tmpdir}/rwsubdir: need fs permissions. [openssl:2048] OK. OK (RSA:2048). OK. OK (RSA:2048 after RSA:2048). OK. OK (RSA:2048 after RSA:2048). ${tmpdir}/sample.2048 ${tmpdir}/sample.2048.(next).key [openssl:3072] OK. OK (RSA:3072). OK. OK (RSA:3072 after RSA:3072). OK. OK (RSA:3072 after RSA:3072). ${tmpdir}/sample.3072 ${tmpdir}/sample.3072.(next).key [openssl:4096] OK. OK (RSA:4096). OK. OK (RSA:4096 after RSA:4096). OK. OK (RSA:4096 after RSA:4096). ${tmpdir}/sample.4096 ${tmpdir}/sample.4096.(next).key [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.4096: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.4096: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-dbm/run.sh0000755000175000017500000000007114511314133020256 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm: ../002-keygen/run.sh certmonger-0.79.19/tests/002-keygen-dsa/0000755000175000017500000000000014511314133017122 5ustar gitgit00000000000000certmonger-0.79.19/tests/002-keygen-dsa/expected.out0000644000175000017500000000045514511314133021460 0ustar gitgit00000000000000[openssl:2048] OK. OK (DSA:2048). [openssl:3072] OK. OK (DSA:3072). [openssl:4096] OK. OK (DSA:4096). [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.4096: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.4096: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-dsa/prequal.sh0000755000175000017500000000014514511314133021132 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/002-keygen-dsa/run.sh0000755000175000017500000000160414511314133020266 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions for size in 2048 3072 4096 ; do echo "[openssl:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/sample.$size key_gen_size=$size key_gen_type=DSA EOF $toolsdir/keygen entry.$size # Read the size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size done echo "[openssl:rosubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rosubdir/sample.$size key_gen_size=$size key_gen_type=DSA EOF $toolsdir/keygen entry.$size || true echo "[openssl:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rwsubdir/sample.$size key_gen_size=$size key_gen_type=DSA EOF touch $tmpdir/rwsubdir/sample.$size chmod u-w $tmpdir/rwsubdir/sample.$size $toolsdir/keygen entry.$size || true echo Test complete. certmonger-0.79.19/tests/002-keygen-ec/0000755000175000017500000000000014511314133016742 5ustar gitgit00000000000000certmonger-0.79.19/tests/002-keygen-ec/expected.out0000644000175000017500000000101114511314133021265 0ustar gitgit00000000000000[nss:256] OK. OK (EC:256). [nss:384] OK. OK (EC:384). [nss:521] OK. OK (EC:521). [nss:rosubdir] Failed to save NSS:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions. [openssl:256] OK. OK (EC:256). [openssl:384] OK. OK (EC:384). [openssl:521] OK. OK (EC:521). [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.521: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.521: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-ec/expected.out.20000644000175000017500000000101114511314133021425 0ustar gitgit00000000000000[nss:256] OK. OK (EC:256). [nss:384] OK. OK (EC:384). [nss:521] OK. OK (EC:521). [nss:rosubdir] Failed to save NSS:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions. [openssl:256] OK. OK (EC:256). [openssl:384] OK. OK (EC:384). [openssl:521] OK. OK (EC:384). [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.521: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.521: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-ec/expected.out.30000644000175000017500000000101114511314133021426 0ustar gitgit00000000000000[nss:256] OK. OK (EC:256). [nss:384] OK. OK (EC:384). [nss:521] OK. OK (EC:384). [nss:rosubdir] Failed to save NSS:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions. [openssl:256] OK. OK (EC:256). [openssl:384] OK. OK (EC:384). [openssl:521] OK. OK (EC:384). [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.521: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.521: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-ec/expected.out.40000644000175000017500000000101114511314133021427 0ustar gitgit00000000000000[nss:256] OK. OK (EC:256). [nss:384] OK. OK (EC:384). [nss:521] OK. OK (EC:384). [nss:rosubdir] Failed to save NSS:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions. [openssl:256] OK. OK (EC:256). [openssl:384] OK. OK (EC:384). [openssl:521] OK. OK (EC:521). [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.521: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.521: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-ec/prequal.sh0000755000175000017500000000014514511314133020752 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/002-keygen-ec/run.sh0000755000175000017500000000322514511314133020107 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in 256 384 521 ; do echo "[nss:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size key_gen_size=$size key_gen_type=EC EOF $toolsdir/keygen entry.$size # Read the type and size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size done echo "[nss:rosubdir]" cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir/rosubdir key_nickname=keyi$size key_gen_size=$size key_gen_type=EC EOF $toolsdir/keygen entry.$size || true echo "[nss:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir/rwsubdir key_nickname=keyi$size key_gen_size=$size key_gen_type=EC EOF $toolsdir/keygen entry.$size || true for size in 256 384 521 ; do echo "[openssl:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/sample.$size key_gen_size=$size key_gen_type=EC EOF $toolsdir/keygen entry.$size # Read the size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size done echo "[openssl:rosubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rosubdir/sample.$size key_gen_size=$size key_gen_type=EC EOF $toolsdir/keygen entry.$size || true echo "[openssl:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rwsubdir/sample.$size key_gen_size=$size key_gen_type=EC EOF touch $tmpdir/rwsubdir/sample.$size chmod u-w $tmpdir/rwsubdir/sample.$size $toolsdir/keygen entry.$size || true echo Test complete. certmonger-0.79.19/tests/002-keygen-rsa/0000755000175000017500000000000014511314133017140 5ustar gitgit00000000000000certmonger-0.79.19/tests/002-keygen-rsa/expected.out0000644000175000017500000000103514511314133021471 0ustar gitgit00000000000000[nss:2048] OK. OK (RSA:2048). [nss:3072] OK. OK (RSA:3072). [nss:4096] OK. OK (RSA:4096). [nss:rosubdir] Failed to save NSS:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions. [openssl:2048] OK. OK (RSA:2048). [openssl:3072] OK. OK (RSA:3072). [openssl:4096] OK. OK (RSA:4096). [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.4096: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.4096: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-rsa/prequal.sh0000755000175000017500000000014514511314133021150 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/002-keygen-rsa/run.sh0000755000175000017500000000324114511314133020303 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in 2048 3072 4096 ; do echo "[nss:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size key_gen_size=$size key_gen_type=RSA EOF $toolsdir/keygen entry.$size # Read the type and size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size done echo "[nss:rosubdir]" cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir/rosubdir key_nickname=keyi$size key_gen_size=$size key_gen_type=RSA EOF $toolsdir/keygen entry.$size || true echo "[nss:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir/rwsubdir key_nickname=keyi$size key_gen_size=$size key_gen_type=RSA EOF $toolsdir/keygen entry.$size || true for size in 2048 3072 4096 ; do echo "[openssl:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/sample.$size key_gen_size=$size key_gen_type=RSA EOF $toolsdir/keygen entry.$size # Read the size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size done echo "[openssl:rosubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rosubdir/sample.$size key_gen_size=$size key_gen_type=RSA EOF $toolsdir/keygen entry.$size || true echo "[openssl:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rwsubdir/sample.$size key_gen_size=$size key_gen_type=RSA EOF touch $tmpdir/rwsubdir/sample.$size chmod u-w $tmpdir/rwsubdir/sample.$size $toolsdir/keygen entry.$size || true echo Test complete. certmonger-0.79.19/tests/002-keygen-sql/0000755000175000017500000000000014511314133017152 5ustar gitgit00000000000000certmonger-0.79.19/tests/002-keygen-sql/expected.out0000644000175000017500000000232114511314133021502 0ustar gitgit00000000000000[nss:2048] OK. OK (RSA:2048). OK. OK (RSA:2048 after RSA:2048). OK. OK (RSA:2048 after RSA:2048). keyi2048 keyi2048 (candidate (next)) [nss:3072] OK. OK (RSA:3072). OK. OK (RSA:3072 after RSA:3072). OK. OK (RSA:3072 after RSA:3072). keyi3072 keyi3072 (candidate (next)) [nss:4096] OK. OK (RSA:4096). OK. OK (RSA:4096 after RSA:4096). OK. OK (RSA:4096 after RSA:4096). keyi4096 keyi4096 (candidate (next)) [nss:rosubdir] Failed to save NSS:sql:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:sql:${tmpdir}/rwsubdir: need fs permissions. [openssl:2048] OK. OK (RSA:2048). OK. OK (RSA:2048 after RSA:2048). OK. OK (RSA:2048 after RSA:2048). ${tmpdir}/sample.2048 ${tmpdir}/sample.2048.(next).key [openssl:3072] OK. OK (RSA:3072). OK. OK (RSA:3072 after RSA:3072). OK. OK (RSA:3072 after RSA:3072). ${tmpdir}/sample.3072 ${tmpdir}/sample.3072.(next).key [openssl:4096] OK. OK (RSA:4096). OK. OK (RSA:4096 after RSA:4096). OK. OK (RSA:4096 after RSA:4096). ${tmpdir}/sample.4096 ${tmpdir}/sample.4096.(next).key [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.4096: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.4096: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen-sql/prequal.sh0000755000175000017500000000014514511314133021162 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/002-keygen-sql/run.sh0000755000175000017500000000007114511314133020313 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql: ../002-keygen/run.sh certmonger-0.79.19/tests/002-keygen/0000755000175000017500000000000014511314133016355 5ustar gitgit00000000000000certmonger-0.79.19/tests/002-keygen/expected.out0000644000175000017500000000232114511314133020705 0ustar gitgit00000000000000[nss:2048] OK. OK (RSA:2048). OK. OK (RSA:2048 after RSA:2048). OK. OK (RSA:2048 after RSA:2048). keyi2048 keyi2048 (candidate (next)) [nss:3072] OK. OK (RSA:3072). OK. OK (RSA:3072 after RSA:3072). OK. OK (RSA:3072 after RSA:3072). keyi3072 keyi3072 (candidate (next)) [nss:4096] OK. OK (RSA:4096). OK. OK (RSA:4096 after RSA:4096). OK. OK (RSA:4096 after RSA:4096). keyi4096 keyi4096 (candidate (next)) [nss:rosubdir] Failed to save NSS:dbm:${tmpdir}/rosubdir: need fs permissions. [nss:rwsubdir] Failed to save NSS:dbm:${tmpdir}/rwsubdir: need fs permissions. [openssl:2048] OK. OK (RSA:2048). OK. OK (RSA:2048 after RSA:2048). OK. OK (RSA:2048 after RSA:2048). ${tmpdir}/sample.2048 ${tmpdir}/sample.2048.(next).key [openssl:3072] OK. OK (RSA:3072). OK. OK (RSA:3072 after RSA:3072). OK. OK (RSA:3072 after RSA:3072). ${tmpdir}/sample.3072 ${tmpdir}/sample.3072.(next).key [openssl:4096] OK. OK (RSA:4096). OK. OK (RSA:4096 after RSA:4096). OK. OK (RSA:4096 after RSA:4096). ${tmpdir}/sample.4096 ${tmpdir}/sample.4096.(next).key [openssl:rosubdir] Failed to save FILE:${tmpdir}/rosubdir/sample.4096: need fs permissions. [openssl:rwsubdir] Failed to save FILE:${tmpdir}/rwsubdir/sample.4096: need fs permissions. Test complete. certmonger-0.79.19/tests/002-keygen/prequal.sh0000755000175000017500000000014514511314133020365 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/002-keygen/run.sh0000755000175000017500000000475314511314133017531 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" scheme="${scheme:-sql:}" source "$srcdir"/functions initnssdb "$scheme$tmpdir" for size in 2048 3072 4096 ; do echo "[nss:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$scheme$tmpdir key_nickname=keyi$size key_gen_size=$size EOF $toolsdir/keygen entry.$size # Read the type and size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size # Generate a new key and read it. echo key_gen_size=$size >> entry.$size $toolsdir/keygen entry.$size $toolsdir/keyiread entry.$size # One more time. $toolsdir/keygen entry.$size $toolsdir/keyiread entry.$size # Extract the marker. marker=`grep ^key_next_marker= entry.$size | cut -f2- -d=` # Make sure we're clean. run_certutil -K -d "$scheme$tmpdir" | grep keyi$size | sed -e 's,.*keyi,keyi,' -e s,"${marker:-////////}","(next)",g | env LANG=C sort done echo "[nss:rosubdir]" cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$scheme$tmpdir/rosubdir key_nickname=keyi$size key_gen_size=$size EOF $toolsdir/keygen entry.$size || true echo "[nss:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$scheme$tmpdir/rwsubdir key_nickname=keyi$size key_gen_size=$size EOF $toolsdir/keygen entry.$size || true for size in 2048 3072 4096 ; do echo "[openssl:$size]" # Generate a key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/sample.$size key_gen_size=$size EOF $toolsdir/keygen entry.$size # Read the size. sed -i 's,^key_gen_size.*,,g' entry.$size $toolsdir/keyiread entry.$size # Generate a new key and read it. echo key_gen_size=$size >> entry.$size $toolsdir/keygen entry.$size $toolsdir/keyiread entry.$size # One more time. $toolsdir/keygen entry.$size $toolsdir/keyiread entry.$size # Extract the marker. marker=`grep ^key_next_marker= entry.$size | cut -f2- -d=` # Make sure we're clean. find $tmpdir -name "sample.$size"'*' -print | sed s,"${marker:-////////}","(next)",g | env LANG=C sort done echo "[openssl:rosubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rosubdir/sample.$size key_gen_size=$size EOF $toolsdir/keygen entry.$size || true echo "[openssl:rwsubdir]" cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/rwsubdir/sample.$size key_gen_size=$size EOF touch $tmpdir/rwsubdir/sample.$size chmod u-w $tmpdir/rwsubdir/sample.$size $toolsdir/keygen entry.$size || true echo Test complete. certmonger-0.79.19/tests/003-csrgen-ec/0000755000175000017500000000000014511314133016742 5ustar gitgit00000000000000certmonger-0.79.19/tests/003-csrgen-ec/expected.out0000644000175000017500000000017714511314133021301 0ustar gitgit00000000000000verify OK verify OK Signature OK Signature OK minicert.openssl.secp256r1.pem: OK minicert.nss.secp256r1.pem: OK Test complete. certmonger-0.79.19/tests/003-csrgen-ec/run.sh0000755000175000017500000000425414511314133020112 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" size=secp256r1 # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -k ec -q $size # Export the key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 | ( grep -v '^MAC verified OK$' || : ) # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size id=keyi$size EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 # Add the cached value to the prepping for the NSS copy. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size id=keyi$size EOF # Generate a new CSR for that certificate's key. $toolsdir/csrgen entry.nss.$size > csr.nss.$size grep ^spkac= entry.nss.$size | sed s,spkac,SPKAC, > spkac.nss.$size # Generate a new CSR using the extracted key. $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size grep ^spkac= entry.openssl.$size | sed s,spkac,SPKAC, > spkac.openssl.$size # Pull out the mini-cert. grep ^minicert= entry.openssl.$size | sed s,^minicert=,, | base64 -d > minicert.openssl.$size openssl x509 -out minicert.openssl.$size.pem -in minicert.openssl.$size -inform der grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss.$size openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der # The RSA tests already verify the contents of the requests, so we really only # need to care about the signatures passing verification. openssl req -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //' openssl req -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //' openssl spkac -verify -noout < spkac.nss.$size 2>&1 openssl spkac -verify -noout < spkac.openssl.$size 2>&1 openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1 openssl verify -CAfile minicert.nss.$size.pem minicert.nss.$size.pem 2>&1 echo Test complete. certmonger-0.79.19/tests/003-csrgen-rsa/0000755000175000017500000000000014511314133017140 5ustar gitgit00000000000000certmonger-0.79.19/tests/003-csrgen-rsa/expected.out0000644000175000017500000001101114511314133021464 0ustar gitgit00000000000000pk12util: PKCS12 EXPORT SUCCESSFUL 2048 OK. Signature OK pk12util: PKCS12 EXPORT SUCCESSFUL 3072 OK. Signature OK pk12util: PKCS12 EXPORT SUCCESSFUL 4096 OK. Signature OK The last CSR (the one with everything) was: 0:d=0 hl=4 l=1389 cons: SEQUENCE 4:d=1 hl=4 l=1109 cons: SEQUENCE 8:d=2 hl=2 l= 1 prim: INTEGER :00 11:d=2 hl=2 l= 22 cons: SEQUENCE 13:d=3 hl=2 l= 20 cons: SET 15:d=4 hl=2 l= 18 cons: SEQUENCE 17:d=5 hl=2 l= 3 prim: OBJECT :commonName 22:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Babs Jensen 35:d=2 hl=4 l= 290 cons: SEQUENCE 39:d=3 hl=2 l= 13 cons: SEQUENCE 41:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 52:d=4 hl=2 l= 0 prim: NULL 54:d=3 hl=4 l= 271 prim: BIT STRING 329:d=2 hl=4 l= 784 cons: cont [ 0 ] 333:d=3 hl=2 l= 52 cons: SEQUENCE 335:d=4 hl=2 l= 9 prim: OBJECT :challengePassword 346:d=4 hl=2 l= 39 cons: SET 348:d=5 hl=2 l= 37 prim: PRINTABLESTRING :ChallengePasswordIsEncodedInPlainText 387:d=3 hl=2 l= 61 cons: SEQUENCE 389:d=4 hl=2 l= 9 prim: OBJECT :friendlyName 400:d=4 hl=2 l= 48 cons: SET 402:d=5 hl=2 l= 46 prim: BMPSTRING 450:d=3 hl=4 l= 663 cons: SEQUENCE 454:d=4 hl=2 l= 9 prim: OBJECT :Extension Request 465:d=4 hl=4 l= 648 cons: SET 469:d=5 hl=4 l= 644 cons: SEQUENCE 473:d=6 hl=2 l= 11 cons: SEQUENCE 475:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 480:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0 486:d=6 hl=4 l= 261 cons: SEQUENCE 490:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 495:d=7 hl=3 l= 253 prim: OCTET STRING [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74 751:d=6 hl=2 l= 29 cons: SEQUENCE 753:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 758:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304 782:d=6 hl=2 l= 18 cons: SEQUENCE 784:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 789:d=7 hl=2 l= 1 prim: BOOLEAN :255 792:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103 802:d=6 hl=2 l= 31 cons: SEQUENCE 804:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 809:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D 835:d=6 hl=2 l= 29 cons: SEQUENCE 837:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 842:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D 866:d=6 hl=2 l= 104 cons: SEQUENCE 868:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access 878:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435 972:d=6 hl=2 l= 93 cons: SEQUENCE 974:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 979:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574 1067:d=6 hl=2 l= 48 cons: SEQUENCE 1069:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment 1080:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374 1117:d=1 hl=2 l= 13 cons: SEQUENCE 1119:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 1130:d=2 hl=2 l= 0 prim: NULL 1132:d=1 hl=4 l= 257 prim: BIT STRING Test complete (32 combinations). certmonger-0.79.19/tests/003-csrgen-rsa/run.sh0000755000175000017500000002110014511314133020275 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in 2048 3072 4096 ; do # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -k rsa # Export the key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts 2>&1 | ( grep -v '^MAC verified OK$' || : ) # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size id=keyi$size EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 # Add the cached value to the prepping for the NSS copy. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size id=keyi$size EOF grep ^key_pubkey_info= entry.openssl.$size >> entry.nss.$size grep ^key_pubkey= entry.openssl.$size >> entry.nss.$size # Generate a new CSR for that certificate's key. $toolsdir/csrgen entry.nss.$size > csr.nss.$size grep ^spkac entry.nss.$size | sed s,spkac,SPKAC, > spkac.nss.$size # Generate a new CSR using the extracted key. $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size grep ^spkac entry.openssl.$size | sed s,spkac,SPKAC, > spkac.openssl.$size # They'd better be the same! if cmp csr.nss.$size csr.openssl.$size ; then if cmp spkac.nss.$size spkac.openssl.$size ; then echo $size OK. cat spkac.nss.$size | openssl spkac -verify -noout 2>&1 else echo With basic/default settings, SPKACs differ: cat spkac.nss.$size spkac.openssl.$size exit 1 fi else echo With basic/default settings, these differ: cat csr.nss.$size csr.openssl.$size exit 1 fi done iterate() { size=${1} subject=${2} hostname=${3} email=${4} principal=${5} ku=${6} eku=${7} challengepassword=${8} certfname=${9} ca=${10} capathlen=${11} crldp=${12} ocsp=${13} nscomment=${14} ${certnickname:+cert_nickname=$cert_nickname} # Generate a new CSR using the copy of the key that's in a file. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size key_pubkey=616263 id=keyi$size ${certfname:+cert_nickname=$certfname} ${challengepassword:+challenge_password=$challengepassword} ${subject:+template_subject=$subject} ${hostname:+template_hostname=$hostname} ${email:+template_email=$email} ${principal:+template_principal=$principal} ${ku:+template_ku=$ku} ${eku:+template_eku=$eku} ${ca:+template_is_ca=$ca} ${capathlen:+template_ca_path_length=$capathlen} ${crldp:+template_crldp=$crldp} ${ocsp:+template_ocsp=$ocsp} ${nscomment:+template_ns_comment=$nscomment} EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 echo key_pubkey=616263 >> entry.openssl.$size $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size # Generate a new CSR using the copy of the key in the NSS database. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size key_pubkey=616263 id=keyi$size ${certfname:+cert_nickname=$certfname} ${challengepassword:+challenge_password=$challengepassword} ${subject:+template_subject=$subject} ${hostname:+template_hostname=$hostname} ${email:+template_email=$email} ${principal:+template_principal=$principal} ${ku:+template_ku=$ku} ${eku:+template_eku=$eku} ${ca:+template_is_ca=$ca} ${capathlen:+template_ca_path_length=$capathlen} ${crldp:+template_crldp=$crldp} ${ocsp:+template_ocsp=$ocsp} ${nscomment:+template_ns_comment=$nscomment} EOF grep ^key_pubkey_info= entry.openssl.$size >> entry.nss.$size echo key_pubkey=616263 >> entry.openssl.$size $toolsdir/csrgen entry.nss.$size > csr.nss.$size # Both should verify. if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for OpenSSL: cat csr.openssl.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for NSS: cat csr.nss.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi # They'd better be the same! if ! cmp csr.nss.$size csr.openssl.$size ; then echo With these settings: tail -n +3 entry.nss.$size | sed 's,^$,,g' echo These differ: cat csr.nss.$size csr.openssl.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi iteration=`expr $iteration + 1` } iteration=1 for size in 2048 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done for subject in CN=somehost "CN=Babs Jensen" ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done subject= for hostname in "" localhost,localhost.localdomain; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done hostname= for email in "" root@localhost,root@localhost.localdomain; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done email= for principal in "" root@EXAMPLE.COM,root@FOO.EXAMPLE.COM; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done principal= for ku in "" 1 10 111 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done ku= for eku in "" id-kp-clientAuth,id-kp-emailProtection ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done eku= for challengepassword in "" ChallengePasswordIsEncodedInPlainText ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done challengepassword= for certfname in "" CertificateFriendlyName ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done certfname= for ca in "" 0 1 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done ca= for capathlen in -1 3 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done capathlen= for crldp in "" http://crl-1.example.com:12345/get,http://crl-2.example.com:12345/get ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done crldp= for ocsp in "" http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done ocsp= for nscomment in "" "certmonger generated this request" ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" done nscomment= size=2048 subject="CN=Babs Jensen" hostname=localhost,localhost.localdomain email=root@localhost,root@localhost.localdomain principal=root@EXAMPLE.COM,root@FOO.EXAMPLE.COM ku=111 eku=id-kp-clientAuth,id-kp-emailProtection challengepassword=ChallengePasswordIsEncodedInPlainText certfname=CertificateFriendlyName ca=1 capathlen=3 crldp=http://crl-1.example.com:12345/get,http://crl-2.example.com:12345/get ocsp=http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345 nscomment="certmonger generated this request" iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" echo "The last CSR (the one with everything) was:" openssl req -in csr.nss.$size -outform der | openssl asn1parse -inform der echo Test complete "($iteration combinations)". certmonger-0.79.19/tests/003-csrgen/0000755000175000017500000000000014511314133016355 5ustar gitgit00000000000000certmonger-0.79.19/tests/003-csrgen/expected.out0000644000175000017500000001311714511314133020712 0ustar gitgit00000000000000pk12util: PKCS12 EXPORT SUCCESSFUL Signature OK minicert.openssl.2048.pem: OK 2048 OK. pk12util: PKCS12 EXPORT SUCCESSFUL Signature OK minicert.openssl.3072.pem: OK 3072 OK. pk12util: PKCS12 EXPORT SUCCESSFUL Signature OK minicert.openssl.4096.pem: OK 4096 OK. The last CSR (the one with everything) was: 0:d=0 hl=4 l=1599 cons: SEQUENCE 4:d=1 hl=4 l=1319 cons: SEQUENCE 8:d=2 hl=2 l= 1 prim: INTEGER :00 11:d=2 hl=2 l= 22 cons: SEQUENCE 13:d=3 hl=2 l= 20 cons: SET 15:d=4 hl=2 l= 18 cons: SEQUENCE 17:d=5 hl=2 l= 3 prim: OBJECT :commonName 22:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Cloud, Inc. 35:d=2 hl=4 l= 290 cons: SEQUENCE 39:d=3 hl=2 l= 13 cons: SEQUENCE 41:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 52:d=4 hl=2 l= 0 prim: NULL 54:d=3 hl=4 l= 271 prim: BIT STRING 329:d=2 hl=4 l= 994 cons: cont [ 0 ] 333:d=3 hl=2 l= 52 cons: SEQUENCE 335:d=4 hl=2 l= 9 prim: OBJECT :challengePassword 346:d=4 hl=2 l= 39 cons: SET 348:d=5 hl=2 l= 37 prim: PRINTABLESTRING :ChallengePasswordIsEncodedInPlainText 387:d=3 hl=2 l= 61 cons: SEQUENCE 389:d=4 hl=2 l= 9 prim: OBJECT :friendlyName 400:d=4 hl=2 l= 48 cons: SET 402:d=5 hl=2 l= 46 prim: BMPSTRING 450:d=3 hl=4 l= 873 cons: SEQUENCE 454:d=4 hl=2 l= 9 prim: OBJECT :Extension Request 465:d=4 hl=4 l= 858 cons: SET 469:d=5 hl=4 l= 854 cons: SEQUENCE 473:d=6 hl=2 l= 11 cons: SEQUENCE 475:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 480:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0 486:d=6 hl=4 l= 287 cons: SEQUENCE 490:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 495:d=7 hl=4 l= 278 prim: OCTET STRING [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001 777:d=6 hl=2 l= 29 cons: SEQUENCE 779:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 784:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304 808:d=6 hl=2 l= 18 cons: SEQUENCE 810:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 815:d=7 hl=2 l= 1 prim: BOOLEAN :255 818:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103 828:d=6 hl=2 l= 31 cons: SEQUENCE 830:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 835:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D 861:d=6 hl=2 l= 29 cons: SEQUENCE 863:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 868:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D 892:d=6 hl=2 l= 104 cons: SEQUENCE 894:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access 904:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435 998:d=6 hl=2 l= 93 cons: SEQUENCE 1000:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 1005:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574 1093:d=6 hl=2 l= 103 cons: SEQUENCE 1095:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Freshest CRL 1100:d=7 hl=2 l= 96 prim: OCTET STRING [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461 1198:d=6 hl=2 l= 48 cons: SEQUENCE 1200:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment 1211:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374 1248:d=6 hl=2 l= 15 cons: SEQUENCE 1250:d=7 hl=2 l= 9 prim: OBJECT :OCSP No Check 1261:d=7 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:0500 1265:d=6 hl=2 l= 41 cons: SEQUENCE 1267:d=7 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2 1278:d=7 hl=2 l= 28 prim: OCTET STRING [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074 1308:d=6 hl=2 l= 17 cons: SEQUENCE 1310:d=7 hl=2 l= 9 prim: OBJECT :Netscape Cert Type 1321:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 1327:d=1 hl=2 l= 13 cons: SEQUENCE 1329:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 1340:d=2 hl=2 l= 0 prim: NULL 1342:d=1 hl=4 l= 257 prim: BIT STRING Test complete (69 combinations). certmonger-0.79.19/tests/003-csrgen/run.sh0000755000175000017500000003413014511314133017521 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" for size in 2048 3072 4096 ; do # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u # Export the key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts 2>&1 | ( grep -v "^MAC verified OK$" || : ) # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size id=keyi$size EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 # Add the cached value to the prepping for the NSS copy. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size id=keyi$size EOF grep ^key_pubkey_info= entry.openssl.$size >> entry.nss.$size grep ^key_pubkey= entry.openssl.$size >> entry.nss.$size # Generate a new CSR for that certificate's key. $toolsdir/csrgen entry.nss.$size > csr.nss.$size grep ^spkac entry.nss.$size | sed s,spkac,SPKAC, > spkac.nss.$size grep ^scep_tx entry.nss.$size | sed s,^scep_tx=,, > sceptx.nss.$size if ! test -s sceptx.nss.$size ; then echo No SCEP TX ID \(NSS\) exit 1 fi grep ^minicert entry.nss.$size | sed s,^minicert=,, > minicert.nss.$size if ! test -s minicert.nss.$size ; then echo No minicert \(NSS\) exit 1 fi # Generate a new CSR using the extracted key. $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size grep ^spkac entry.openssl.$size | sed s,spkac,SPKAC, > spkac.openssl.$size grep ^scep_tx entry.openssl.$size | sed s,^scep_tx=,, > sceptx.openssl.$size if ! test -s sceptx.openssl.$size ; then echo No SCEP TX ID \(OpenSSL\) exit 1 fi grep ^minicert entry.openssl.$size | sed s,^minicert=,, > minicert.openssl.$size if ! test -s minicert.openssl.$size ; then echo No minicert \(OpenSSL\) exit 1 fi # They'd better be the same! if cmp csr.nss.$size csr.openssl.$size ; then if cmp spkac.nss.$size spkac.openssl.$size ; then if cmp sceptx.nss.$size sceptx.openssl.$size ; then cat spkac.nss.$size | openssl spkac -verify -noout 2>&1 if cmp minicert.nss.$size minicert.openssl.$size ; then base64 -d < minicert.openssl.$size | openssl x509 -out minicert.openssl.$size.pem -inform der openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem echo $size OK. else echo With basic/default settings, minicerts differ \(NSS, OpenSSL\): cat minicert.nss.$size minicert.openssl.$size exit 1 fi else echo With basic/default settings, SCEP TX IDs differ \(NSS, OpenSSL\): cat sceptx.nss.$size sceptx.openssl.$size exit 1 fi else echo With basic/default settings, SPKACs differ \(NSS, OpenSSL\): cat spkac.nss.$size spkac.openssl.$size exit 1 fi else echo With basic/default settings, these differ \(NSS, OpenSSL\): cat csr.nss.$size csr.openssl.$size exit 1 fi done iterate() { size=${1} subject=${2} hostname=${3} email=${4} principal=${5} ku=${6} eku=${7} challengepassword=${8} certfname=${9} ca=${10} capathlen=${11} crldp=${12} ocsp=${13} nscomment=${14} subjectder=${15} ipaddress=${16} freshestcrl=${17} no_ocsp_check=${18} profile=${19} ns_certtype=${20} ${certnickname:+cert_nickname=$cert_nickname} # Generate a new CSR using the copy of the key that's in a file. cat > entry.openssl.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size key_nickname=keyi$size key_pubkey=616263 id=keyi$size ${certfname:+cert_nickname=$certfname} ${challengepassword:+challenge_password=$challengepassword} ${subject:+template_subject=$subject} ${subjectder:+template_subject_der=$subjectder} ${hostname:+template_hostname=$hostname} ${email:+template_email=$email} ${principal:+template_principal=$principal} ${ku:+template_ku=$ku} ${eku:+template_eku=$eku} ${ca:+template_is_ca=$ca} ${capathlen:+template_ca_path_length=$capathlen} ${crldp:+template_crldp=$crldp} ${ocsp:+template_ocsp=$ocsp} ${nscomment:+template_ns_comment=$nscomment} ${ipaddress:+template_ipaddress=$ipaddress} ${freshestcrl:+template_freshest_crl=$freshestcrl} ${no_ocsp_check:+template_no_ocsp_check=$no_ocsp_check} ${profile:+template_profile=$profile} ${ns_certtype:+template_ns_certtype=$ns_certtype} EOF $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 echo key_pubkey=616263 >> entry.openssl.$size $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size # Generate a new CSR using the copy of the key in the NSS database. cat > entry.nss.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size key_pubkey=616263 id=keyi$size ${certfname:+cert_nickname=$certfname} ${challengepassword:+challenge_password=$challengepassword} ${subject:+template_subject=$subject} ${subjectder:+template_subject_der=$subjectder} ${hostname:+template_hostname=$hostname} ${email:+template_email=$email} ${principal:+template_principal=$principal} ${ku:+template_ku=$ku} ${eku:+template_eku=$eku} ${ca:+template_is_ca=$ca} ${capathlen:+template_ca_path_length=$capathlen} ${crldp:+template_crldp=$crldp} ${ocsp:+template_ocsp=$ocsp} ${nscomment:+template_ns_comment=$nscomment} ${ipaddress:+template_ipaddress=$ipaddress} ${freshestcrl:+template_freshest_crl=$freshestcrl} ${no_ocsp_check:+template_no_ocsp_check=$no_ocsp_check} ${profile:+template_profile=$profile} ${ns_certtype:+template_ns_certtype=$ns_certtype} EOF grep ^key_pubkey_info= entry.openssl.$size >> entry.nss.$size echo key_pubkey=616263 >> entry.openssl.$size $toolsdir/csrgen entry.nss.$size > csr.nss.$size # Both should verify. if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for OpenSSL: cat csr.openssl.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for NSS: cat csr.nss.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi # They'd better be the same! if ! cmp csr.nss.$size csr.openssl.$size ; then echo With these settings: tail -n +3 entry.nss.$size | sed 's,^$,,g' echo These differ \(NSS, OpenSSL\): cat csr.nss.$size csr.openssl.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi iteration=`expr $iteration + 1` } iteration=1 for size in 2048 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done for subject in "" "Babs Jensen" CN=somehost "CN=Babs Jensen" ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done subject= for subjectder in "" 30223120301E060355040313177361 30223120301E0603550403131773616265722E626F73746F6E2E7265646861742E636F6D ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done subjectder= for hostname in "" "," localhost,localhost.localdomain; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done hostname= for email in "" "," root@localhost,root@localhost.localdomain; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done email= for principal in "" "," root@EXAMPLE.COM,root@FOO.EXAMPLE.COM; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done principal= for ku in "" 1 10 111 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done ku= for eku in "" "," id-kp-clientAuth,id-kp-emailProtection ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done eku= for challengepassword in "" ChallengePasswordIsEncodedInPlainText ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done challengepassword= for certfname in "" CertificateFriendlyName ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done certfname= for ca in "" 0 1 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done ca= for capathlen in -1 3 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done capathlen= for crldp in "" "," http://crl-1.example.com:12345/get,http://crl-2.example.com:12345/get ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done crldp= for ocsp in "" "," http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done ocsp= for nscomment in "" "certmonger generated this request" ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done nscomment= for ipaddress in "" "," "127.0.0.1" "::1" "blargh" "this request" "1.2.3.4,fe80::" ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done ipaddress= for freshestcrl in "" "," http://crl-1.example.com:12345/getdelta,http://crl-2.example.com:12345/getdelta ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done freshestcrl= for no_ocsp_check in "" 0 1 ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done no_ocsp_check= for profile in "" caLessThanAwesomeCert caAwesomeCert ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done profile= for ns_certtype in "" client server email objsign reserved sslca emailca objca client,email ; do iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" done ns_certtype= size=2048 subject="CN=Cloud\, Inc." hostname=localhost,localhost.localdomain email=root@localhost,root@localhost.localdomain principal=root@EXAMPLE.COM,root@FOO.EXAMPLE.COM ku=111 eku=id-kp-clientAuth,id-kp-emailProtection challengepassword=ChallengePasswordIsEncodedInPlainText certfname=CertificateFriendlyName ca=1 capathlen=3 crldp=http://crl-1.example.com:12345/get,http://crl-2.example.com:12345/get ocsp=http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345 nscomment="certmonger generated this request" subjectder= ipaddress="127.0.0.1,::1" freshestcrl=http://crl-1.example.com:12345/getdelta,http://crl-2.example.com:12345/getdelta no_ocsp_check=1 profile=caAwesomeCert ns_certtype=client,email iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype" echo "The last CSR (the one with everything) was:" openssl req -in csr.nss.$size -outform der | openssl asn1parse -inform der | sed 's,2.5.29.46,X509v3 Freshest CRL,g' cat $tmpdir/key.$size csr.nss.$size 1>&2 echo Test complete "($iteration combinations)". certmonger-0.79.19/tests/004-selfsign-ec/0000755000175000017500000000000014511314133017274 5ustar gitgit00000000000000certmonger-0.79.19/tests/004-selfsign-ec/expected.out0000644000175000017500000000005714511314133021630 0ustar gitgit00000000000000verification OK verification OK Test complete. certmonger-0.79.19/tests/004-selfsign-ec/run.sh0000755000175000017500000000410414511314133020436 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" grep -v ^validity_period $CERTMONGER_CONFIG_DIR/certmonger.conf > \ $tmpdir/certmonger.conf cat >> $tmpdir/certmonger.conf << EOF [selfsign] validity_period = 46129s EOF function append() { cat >> $1 <<- EOF template_subject=CN=Babs Jensen template_hostname=localhost,localhost.localdomain template_email=root@localhost,root@localhost.localdomain template_principal=root@EXAMPLE.COM,root@FOO.EXAMPLE.COM template_ku=111 template_eku=id-kp-clientAuth,id-kp-emailProtection EOF } function setupca() { cat > ca.self <<- EOF id=self_signer ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=04 ca_internal_issue_time=40271 EOF } size=secp256r1 # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -k ec -q $size # Export the certificate and key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -passin pass: -out key.$size -nodes > /dev/null 2>&1 # Read that OpenSSL key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size EOF $toolsdir/keyiread entry.$size > /dev/null 2>&1 grep ^key_pubkey_info= entry.$size > pubkey.$size grep ^key_pubkey= entry.$size >> pubkey.$size # Use that NSS key. cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size EOF append entry.$size cat pubkey.$size >> entry.$size $toolsdir/csrgen entry.$size > csr.nss.$size setupca $toolsdir/submit ca.self entry.$size > cert.nss.$size # Use that OpenSSL key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size EOF append entry.$size cat pubkey.$size >> entry.$size $toolsdir/csrgen entry.$size > csr.openssl.$size setupca $toolsdir/submit ca.self entry.$size > cert.openssl.$size # Now check their signatures. grep -v CERTIFICATE cert.nss.$size | base64 -d | $toolsdir/checksig grep -v CERTIFICATE cert.openssl.$size | base64 -d | $toolsdir/checksig echo Test complete. certmonger-0.79.19/tests/004-selfsign-rsa/0000755000175000017500000000000014511314133017472 5ustar gitgit00000000000000certmonger-0.79.19/tests/004-selfsign-rsa/expected.out0000644000175000017500000000005214511314133022021 0ustar gitgit000000000000002048 OK. 3072 OK. 4096 OK. Test complete. certmonger-0.79.19/tests/004-selfsign-rsa/run.sh0000755000175000017500000000420114511314133020632 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" grep -v ^validity_period $CERTMONGER_CONFIG_DIR/certmonger.conf > \ $tmpdir/certmonger.conf cat >> $tmpdir/certmonger.conf << EOF [selfsign] validity_period = 46129s EOF function append() { cat >> $1 <<- EOF template_subject=CN=Babs Jensen template_hostname=localhost,localhost.localdomain template_email=root@localhost,root@localhost.localdomain template_principal=root@EXAMPLE.COM,root@FOO.EXAMPLE.COM template_ku=111 template_eku=id-kp-clientAuth,id-kp-emailProtection EOF } function setupca() { cat > ca.self <<- EOF id=self_signer ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=04 ca_internal_issue_time=40271 EOF } for size in 2048 3072 4096 ; do # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -k rsa # Export the certificate and key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -passin pass: -out key.$size -nodes > /dev/null 2>&1 # Read that OpenSSL key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size EOF $toolsdir/keyiread entry.$size > /dev/null 2>&1 grep ^key_pubkey_info= entry.$size > pubkey.$size grep ^key_pubkey= entry.$size >> pubkey.$size # Use that NSS key. cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size EOF append entry.$size cat pubkey.$size >> entry.$size $toolsdir/csrgen entry.$size > csr.nss.$size setupca $toolsdir/submit ca.self entry.$size > cert.nss.$size # Use that OpenSSL key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size EOF append entry.$size cat pubkey.$size >> entry.$size $toolsdir/csrgen entry.$size > csr.openssl.$size setupca $toolsdir/submit ca.self entry.$size > cert.openssl.$size # Now compare them. if ! cmp cert.nss.$size cert.openssl.$size ; then echo Certificates differ: cat cert.nss.$size cert.openssl.$size exit 1 else echo $size OK. fi done echo Test complete. certmonger-0.79.19/tests/004-selfsign/0000755000175000017500000000000014511314133016707 5ustar gitgit00000000000000certmonger-0.79.19/tests/004-selfsign/expected.out0000644000175000017500000000005214511314133021236 0ustar gitgit000000000000002048 OK. 3072 OK. 4096 OK. Test complete. certmonger-0.79.19/tests/004-selfsign/run.sh0000755000175000017500000000527114511314133020057 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" grep -v ^validity_period $CERTMONGER_CONFIG_DIR/certmonger.conf > \ $tmpdir/certmonger.conf cat >> $tmpdir/certmonger.conf << EOF [selfsign] validity_period = 46129s EOF function append() { cat >> $1 <<- EOF template_subject=CN=Babs Jensen template_hostname=localhost,localhost.localdomain template_email=root@localhost,root@localhost.localdomain template_principal=root@EXAMPLE.COM,root@FOO.EXAMPLE.COM template_ku=111 template_eku=id-kp-clientAuth,id-kp-emailProtection template_challengepassword=ChallengePasswordIsEncodedInPlainText template_certfname=CertificateFriendlyName template_crldp=http://crl-1.example.com:12345/get,http://crl-2.example.com:12345/get template_ocsp=http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345 template_nscomment=certmonger generated this request template_ipaddress=127.0.0.1,::1 template_freshest_crl=http://dcrl-1.example.com:12345/get,http://dcrl-2.example.com:12345/get template_no_ocsp_check=1 template_profile=caAwesomeCert template_ns_certtype=client,email EOF } function setupca() { cat > ca.self <<- EOF id=self_signer ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=04 ca_internal_issue_time=40271 EOF } for size in 2048 3072 4096 ; do # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -s "cn=T$size" -c "cn=T$size" \ -x -t u # Export the certificate and key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -passin pass: -out key.$size -nodes > /dev/null 2>&1 # Read that OpenSSL key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size EOF $toolsdir/keyiread entry.$size > /dev/null 2>&1 grep ^key_pubkey_info= entry.$size > pubkey.$size grep ^key_pubkey= entry.$size >> pubkey.$size # Use that NSS key. cat > entry.$size <<- EOF key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=keyi$size EOF append entry.$size cat pubkey.$size >> entry.$size $toolsdir/csrgen entry.$size > csr.nss.$size setupca $toolsdir/submit ca.self entry.$size > cert.nss.$size # Use that OpenSSL key. cat > entry.$size <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key.$size EOF append entry.$size cat pubkey.$size >> entry.$size $toolsdir/csrgen entry.$size > csr.openssl.$size setupca $toolsdir/submit ca.self entry.$size > cert.openssl.$size # Now compare them. if ! cmp cert.nss.$size cert.openssl.$size ; then echo Certificates differ: cat cert.nss.$size cert.openssl.$size exit 1 else echo $size OK. fi done cat cert.nss.$size 1>&2 echo Test complete. certmonger-0.79.19/tests/005-dbusm/0000755000175000017500000000000014511314133016210 5ustar gitgit00000000000000certmonger-0.79.19/tests/005-dbusm/expected.out0000644000175000017500000000557314511314133020554 0ustar gitgit00000000000000Message 0 - b:TRUE Message 1 - n:12345 Message 2 - p:/this/is/a/path/to/an/object Message 3 - s:This is a string. Message 4 - b:TRUE,p:/this/is/a/path/to/an/object Message 5 - b:TRUE,s:This is a string. Message 6 - s:This is a string.,b:TRUE Message 7 - s:This is a string.,n:12345 Message 8 - s:This is a first string.,s:This is a second string. Message 9 - [p:/this,p:/is,p:/a,p:/path,p:/array] Message 10 - [s:This,s:is,s:a,s:string,s:array.] Message 11 - s:This is a first string.,s:This is a second string.,s:This is a third string. Message 12 - s:This is a first string.,s:This is a second string.,n:12345 Message 13 - s:This is a first string.,s:This is a second string.,b:TRUE Message 14 - s:This is a first string.,s:This is a second string.,as:[s:This,s:is,s:a,s:string,s:array.] Message 15 - s:This is a first string.,s:This is a second string.s:This is a third string.,s:This is a fourth string. Message 16 - s:This is a first string.,s:This is a second string.s:(NULL)s:(NULL) Message 17 - s:This is a first string.,s:This is a second string.s:This is a third string.s:(NULL) Message 18 - s:This is a first string.,s:This is a second string.s:This is a third string.s:This is a fourth string. Message 19 - s:This is a string.,s:(NULL)s:(NULL),s:(NULL) Message 20 - s:This is a first string.,s:This is a second string.s:(NULL),s:(NULL) Message 21 - s:This is a first string.,s:This is a second string.s:This is a third string.,s:(NULL) Message 22 - s:This is a first string.,s:This is a second string.s:This is a third string.,s:This is a fourth string. Message 23 - s:This is a first string.,s:This is a second string.,[s:This,s:is,s:a,s:string,s:array.] Message 24 - s:This is a first string.,s:This is a second string.,s:This is a third string.,[s:This,s:is,s:a,s:string,s:array.] Message 25 - s:This is a first string.,s:This is a second string.,s:This is a third string.,n:23456,[s:This,s:is,s:a,s:first,s:string,s:array.],[s:This,s:is,s:a,s:second,s:string,s:array.],[s:This,s:is,s:a,s:third,s:string,s:array.],n:34567,[s:This,s:is,s:a,s:fourth,s:string,s:array.] Message 26 - s:This is a string.,[s:This,s:is,s:a,s:first,s:string,s:array.],[s:This,s:is,s:a,s:second,s:string,s:array.],[s:This,s:is,s:a,s:third,s:string,s:array.],n:12345,[s:This,s:is,s:a,s:fourth,s:string,s:array.] Message 27 - [(This,is),(a,string)] Message 28 - [{key 0=b:TRUE},{key 1=n:12345},{key 2=s:this is a string value},{key 3=as:[This,is,a,string,array.],{key 4=ass:[(This,is),(a,string)],{key 5=d:[{key 0=b:TRUE},{key 1=n:12345}]] Message 29 - s:This is a string.,[{key 0=b:TRUE},{key 1=n:12345},{key 2=s:this is a string value},{key 3=as:[This,is,a,string,array.],{key 4=ass:[(This,is),(a,string)],{key 5=d:[{key 0=b:TRUE},{key 1=n:12345}]] Message 30 - s:This is a first string.,s:This is a second string.,ass:[(This,is),(a,string)] Message 31 - s:This is a first string.,s:This is a second string.,s:This is a third string. Test complete. certmonger-0.79.19/tests/005-dbusm/run.sh0000755000175000017500000000015714511314133017356 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions "$builddir"/../src/tdbusm-check echo Test complete. certmonger-0.79.19/tests/006-serial/0000755000175000017500000000000014511314133016356 5ustar gitgit00000000000000certmonger-0.79.19/tests/006-serial/expected.out0000644000175000017500000001144714511314133020717 0ustar gitgit00000000000000Starting value = 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 0080 0081 0082 0083 0084 0085 0086 0087 0088 0089 008A 008B 008C 008D 008E 008F 0090 0091 0092 0093 0094 0095 0096 0097 0098 0099 009A 009B 009C 009D 009E 009F 00A0 00A1 00A2 00A3 00A4 00A5 00A6 00A7 00A8 00A9 00AA 00AB 00AC 00AD 00AE 00AF 00B0 00B1 00B2 00B3 00B4 00B5 00B6 00B7 00B8 00B9 00BA 00BB 00BC 00BD 00BE 00BF 00C0 00C1 00C2 00C3 00C4 00C5 00C6 00C7 00C8 00C9 00CA 00CB 00CC 00CD 00CE 00CF 00D0 00D1 00D2 00D3 00D4 00D5 00D6 00D7 00D8 00D9 00DA 00DB 00DC 00DD 00DE 00DF 00E0 00E1 00E2 00E3 00E4 00E5 00E6 00E7 00E8 00E9 00EA 00EB 00EC 00ED 00EE 00EF 00F0 00F1 00F2 00F3 00F4 00F5 00F6 00F7 00F8 00F9 00FA 00FB 00FC 00FD 00FE 00FF 0100 0101 0102 0103 0104 0105 0106 0107 0108 0109 010A 010B 010C 010D 010E 010F 0110 0111 0112 0113 0114 0115 0116 0117 0118 0119 011A 011B 011C 011D 011E 011F 0120 0121 0122 0123 0124 0125 0126 0127 0128 0129 012A 012B 012C 012D 012E 012F 0130 0131 0132 0133 0134 0135 0136 0137 0138 0139 013A 013B 013C 013D 013E 013F 0140 0141 0142 0143 0144 0145 0146 0147 0148 0149 014A 014B 014C 014D 014E 014F 0150 0151 0152 0153 0154 0155 0156 0157 0158 0159 015A 015B 015C 015D 015E 015F 0160 0161 0162 0163 0164 0165 0166 0167 0168 0169 016A 016B 016C 016D 016E 016F 0170 0171 0172 0173 0174 0175 0176 0177 0178 0179 017A 017B 017C 017D 017E 017F 0180 0181 0182 0183 0184 0185 0186 0187 0188 0189 018A 018B 018C 018D 018E 018F 0190 0191 0192 0193 0194 0195 0196 0197 0198 0199 019A 019B 019C 019D 019E 019F 01A0 01A1 01A2 01A3 01A4 01A5 01A6 01A7 01A8 01A9 01AA 01AB 01AC 01AD 01AE 01AF 01B0 01B1 01B2 01B3 01B4 01B5 01B6 01B7 01B8 01B9 01BA 01BB 01BC 01BD 01BE 01BF 01C0 01C1 01C2 01C3 01C4 01C5 01C6 01C7 01C8 01C9 01CA 01CB 01CC 01CD 01CE 01CF 01D0 01D1 01D2 01D3 01D4 01D5 01D6 01D7 01D8 01D9 01DA 01DB 01DC 01DD 01DE 01DF 01E0 01E1 01E2 01E3 01E4 01E5 01E6 01E7 01E8 01E9 01EA 01EB 01EC 01ED 01EE 01EF 01F0 01F1 01F2 01F3 01F4 01F5 01F6 01F7 01F8 01F9 01FA 01FB 01FC 01FD 01FE 01FF 0200 0201 0202 0203 0204 0205 0206 0207 0208 0209 020A 020B 020C 020D 020E 020F 0210 0211 0212 0213 0214 0215 0216 0217 0218 0219 021A 021B 021C 021D 021E 021F 0220 0221 0222 0223 0224 0225 0226 0227 0228 0229 022A 022B 022C 022D 022E 022F 0230 0231 0232 0233 0234 0235 0236 0237 0238 0239 023A 023B 023C 023D 023E 023F 0240 0241 0242 0243 0244 0245 0246 0247 0248 0249 024A 024B 024C 024D 024E 024F 0250 0251 0252 0253 0254 0255 0256 0257 0258 0259 025A 025B 025C 025D 025E 025F 0260 0261 0262 0263 0264 0265 0266 0267 0268 0269 026A 026B 026C 026D 026E 026F 0270 0271 0272 0273 0274 0275 0276 0277 0278 0279 027A 027B 027C 027D 027E 027F 0280 0281 0282 0283 0284 0285 0286 0287 0288 0289 028A 028B 028C 028D 028E 028F 0290 0291 0292 0293 0294 0295 0296 0297 0298 0299 029A 029B 029C 029D 029E 029F 02A0 02A1 02A2 02A3 02A4 02A5 02A6 02A7 02A8 02A9 02AA 02AB 02AC 02AD 02AE 02AF 02B0 02B1 02B2 02B3 02B4 02B5 02B6 02B7 02B8 02B9 02BA 02BB 02BC 02BD 02BE 02BF 02C0 02C1 02C2 02C3 02C4 02C5 02C6 02C7 02C8 02C9 02CA 02CB 02CC 02CD 02CE 02CF 02D0 02D1 02D2 02D3 02D4 02D5 02D6 02D7 02D8 02D9 02DA 02DB 02DC 02DD 02DE 02DF 02E0 02E1 02E2 02E3 02E4 02E5 02E6 02E7 02E8 02E9 02EA 02EB 02EC 02ED 02EE 02EF 02F0 02F1 02F2 02F3 02F4 02F5 02F6 02F7 02F8 02F9 02FA 02FB 02FC 02FD 02FE 02FF 0300 0301 0302 0303 0304 0305 0306 0307 0308 0309 030A 030B 030C 030D 030E 030F 0310 0311 0312 0313 0314 0315 0316 0317 0318 0319 031A 031B 031C 031D 031E 031F 0320 0321 0322 0323 0324 0325 0326 0327 0328 0329 032A 032B 032C 032D 032E 032F 0330 0331 0332 0333 0334 0335 0336 0337 0338 0339 033A 033B 033C 033D 033E 033F 0340 0341 0342 0343 0344 0345 0346 0347 0348 0349 034A 034B 034C 034D 034E 034F 0350 0351 0352 0353 0354 0355 0356 0357 0358 0359 035A 035B 035C 035D 035E 035F 0360 0361 0362 0363 0364 0365 0366 0367 0368 0369 036A 036B 036C 036D 036E 036F 0370 0371 0372 0373 0374 0375 0376 0377 0378 0379 037A 037B 037C 037D 037E 037F 0380 0381 0382 0383 0384 0385 0386 0387 0388 0389 038A 038B 038C 038D 038E 038F 0390 0391 0392 0393 0394 0395 0396 0397 0398 0399 039A 039B 039C 039D 039E 039F 03A0 03A1 03A2 03A3 03A4 03A5 03A6 03A7 03A8 03A9 03AA 03AB 03AC 03AD 03AE 03AF 03B0 03B1 03B2 03B3 03B4 03B5 03B6 03B7 03B8 03B9 03BA 03BB 03BC 03BD 03BE 03BF 03C0 03C1 03C2 03C3 03C4 03C5 03C6 03C7 03C8 03C9 03CA 03CB 03CC 03CD 03CE 03CF 03D0 03D1 03D2 03D3 03D4 03D5 03D6 03D7 03D8 03D9 03DA 03DB 03DC 03DD 03DE 03DF 03E0 03E1 03E2 03E3 03E4 03E5 03E6 03E7 03E8 03E9 03EA 03EB 03EC 03ED 03EE 03EF 03F0 03F1 03F2 03F3 03F4 03F5 03F6 03F7 03F8 03F9 03FA 03FB 03FC 03FD 03FE 03FF 0400 0401 Test complete. certmonger-0.79.19/tests/006-serial/run.sh0000755000175000017500000000015714511314133017524 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions "$builddir"/../src/serial-check echo Test complete. certmonger-0.79.19/tests/007-certsave-dbm/0000755000175000017500000000000014511314133017454 5ustar gitgit00000000000000certmonger-0.79.19/tests/007-certsave-dbm/expected.out0000644000175000017500000000300114511314133022000 0ustar gitgit00000000000000[nss:wrongnick] [nss:wrongcert] [nss:right] 1: "cert" [openssl:wrong] [openssl:right] dos2unix: converting file cert.original to unix format... dos2unix: converting file cert.nss to unix format... dos2unix: converting file cert.openssl to unix format... [openssl:rosubdir] Failed to save (FILE:${tmpdir}/rosubdir/cert.openssl), filesystem permissions error. [openssl:rwsubdir] Failed to save (FILE:${tmpdir}/rwsubdir/cert.openssl), filesystem permissions error. Testing setting trust to ,,: baseline: cert ,, right nickname, right subject: cert ,, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to P,,: baseline: cert P,, right nickname, right subject: cert P,, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to ,P,: baseline: cert ,P, right nickname, right subject: cert ,P, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to CT,C,: baseline: cert CT,C, right nickname, right subject: cert CT,C, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to C,c,p: baseline: cert C,c,p right nickname, right subject: cert C,c,p wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, [nss:rosubdir] Failed to save (NSS:dbm:${tmpdir}/rosubdir), filesystem permissions error. [nss:rwsubdir] Failed to save (NSS:dbm:${tmpdir}/rwsubdir), filesystem permissions error. Test complete. certmonger-0.79.19/tests/007-certsave-dbm/prequal.sh0000755000175000017500000000014514511314133021464 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/007-certsave-dbm/run.sh0000755000175000017500000000007214511314133020616 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../007-certsave/run.sh certmonger-0.79.19/tests/007-certsave-sql/0000755000175000017500000000000014511314133017511 5ustar gitgit00000000000000certmonger-0.79.19/tests/007-certsave-sql/expected.out0000644000175000017500000000257514511314133022054 0ustar gitgit00000000000000[nss:wrongnick] [nss:wrongcert] [nss:right] 1: "cert" [openssl:wrong] [openssl:right] dos2unix: converting file cert.original to unix format... dos2unix: converting file cert.nss to unix format... dos2unix: converting file cert.openssl to unix format... [openssl:rosubdir] Failed to save (FILE:${tmpdir}/rosubdir/cert.openssl), filesystem permissions error. [openssl:rwsubdir] Failed to save (FILE:${tmpdir}/rwsubdir/cert.openssl), filesystem permissions error. Testing setting trust to ,,: baseline: cert ,, right nickname, right subject: cert ,, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to P,,: baseline: cert P,, right nickname, right subject: cert P,, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to ,P,: baseline: cert ,P, right nickname, right subject: cert ,P, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to CT,C,: baseline: cert CT,C, right nickname, right subject: cert CT,C, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to C,c,p: baseline: cert C,c,p right nickname, right subject: cert C,c,p wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Skipping rosubdir test. Skipping rwsubdir test. Test complete. certmonger-0.79.19/tests/007-certsave-sql/prequal.sh0000755000175000017500000000014514511314133021521 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/007-certsave-sql/run.sh0000755000175000017500000000007214511314133020653 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../007-certsave/run.sh certmonger-0.79.19/tests/007-certsave/0000755000175000017500000000000014511314133016714 5ustar gitgit00000000000000certmonger-0.79.19/tests/007-certsave/expected.out0000644000175000017500000000300114511314133021240 0ustar gitgit00000000000000[nss:wrongnick] [nss:wrongcert] [nss:right] 1: "cert" [openssl:wrong] [openssl:right] dos2unix: converting file cert.original to unix format... dos2unix: converting file cert.nss to unix format... dos2unix: converting file cert.openssl to unix format... [openssl:rosubdir] Failed to save (FILE:${tmpdir}/rosubdir/cert.openssl), filesystem permissions error. [openssl:rwsubdir] Failed to save (FILE:${tmpdir}/rwsubdir/cert.openssl), filesystem permissions error. Testing setting trust to ,,: baseline: cert ,, right nickname, right subject: cert ,, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to P,,: baseline: cert P,, right nickname, right subject: cert P,, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to ,P,: baseline: cert ,P, right nickname, right subject: cert ,P, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to CT,C,: baseline: cert CT,C, right nickname, right subject: cert CT,C, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Testing setting trust to C,c,p: baseline: cert C,c,p right nickname, right subject: cert C,c,p wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, [nss:rosubdir] Failed to save (NSS:dbm:${tmpdir}/rosubdir), filesystem permissions error. [nss:rwsubdir] Failed to save (NSS:dbm:${tmpdir}/rwsubdir), filesystem permissions error. Test complete. certmonger-0.79.19/tests/007-certsave/prequal.sh0000755000175000017500000000014514511314133020724 0ustar gitgit00000000000000#!/bin/sh if test `id -u` -eq 0 ; then echo "This test won't work right if run as root." exit 1 fi certmonger-0.79.19/tests/007-certsave/run.sh0000755000175000017500000001700514511314133020062 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" scheme="${scheme:-dbm}" source "$srcdir"/functions initnssdb $scheme:$tmpdir wrongcert='-----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgIBBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdwaWxs Ym94MB4XDTExMDMyMzE2NTIyMFoXDTEyMDMyMzE2NTIyMFowEjEQMA4GA1UEAxMH cGlsbGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw+VY4P8khm FC8uQPkjN2xHIURUewBZMYC5r/rWMbbSXCVCes63PEBP8uxKriuBLgwY44pZbUO0 JMezP4+kqSWZPZPKEPTvINJksNbewH51DGvMdGOh0mJhJqK/MjNTainmIWXqiwz7 9Bhr0Py4SzdMzsmyTfJfL+CKGuS+cydSfhdc/e1XrFwyM31nGjt2Zhk3EupcraTG ngoEj8tPuPBjLCKprm89pjdBWtUa2ruCZrPy09uD/5bg/dRja1l1MxRvpGnwVXzy CAc7LJh32jwkthwxgvxR0pVp0rnqg+FjHPp/bqgomac/upHcmCDI4zPJSlnqJhgD FysndL2TGlECAwEAAaOBoTCBnjB2BgNVHREBAQAEbDBqggdwaWxsYm94oCcGCisG AQQBgjcUAgOgGQwXaG9zdC9waWxsYm94QFJFREhBVC5DT02gNgYGKwYBBQICoCww KqAMGwpSRURIQVQuQ09NoRowGKADAgEBoREwDxsEaG9zdBsHcGlsbGJveDAWBgNV HSUBAQAEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUA A4IBAQAK1F0TEZEJL/i+GhcNOQJpbFKK2McOCH6+PH1TRfClPk/y0nH3jS/HZI1s ppHAYXOl4UWaPHKPhuHFi6y/Uh11trQ5v5Gm01Y16jvcS8UJVHQphRri6FF0iIL0 a15w3l3CcJRneDbX2hhi72ZODYzCzxdalF+ysHOyH6+ZYwWz1UR+zrz9qbqVMtLo YT4fxzSEEbg7VpvDOkfCBtXyAAPi307yqVoXWtJkdRwYt4fmCih9tn/GHPrRN46F G4IHEyvT9+WN2iqQQFpPkq8iyx4+3xyPs+/i6dIuDbZoTZ7aXjuwY+Rlz+xbbDRk Szk1zDVf9U0hdr0BC3cDhfbVysgx -----END CERTIFICATE-----' cert='-----BEGIN CERTIFICATE----- MIIDBTCCAe2gAwIBAgIBRDANBgkqhkiG9w0BAQsFADAAMB4XDTA5MTExMTE3MDMw N1oXDTA5MTIxMTE3MDMwN1owADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMeBHVwuakwxp4OsPT+ooghzyr5SsyKylKJ+QP4BnQzxNSmT3O+ubtRqgv/1 Rekj30Z56QMX3D9cgJfdRCmSTQ6JLpubgX1DZtgyHq4jnUtiYsObzQ83+OXlO/kU ItGVJa2308+rAQ6FkpI8S0WwiXgfZIZmbIjghkpfj+XTPtjVsBwKVxr39++Hq0zA +1YzKPZEe+mU0C8s7zh0tzEiXVEcOnwLL25QpEVDUVxdHKHBfnVOmsN9ju9BO48b +zIIB5qtSSir+jTs9+JqRX00nsPXVonhXMHOxOjc9pMJV3D8wIfXzeW10xNA3YYC i66XiZTicfsFV8Z47Mrq0yytCe0CAwEAAaOBiTCBhjB2BgNVHREBAQAEbDBqgRBi YWJzQGV4YW1wbGUuY29toCMGCisGAQQBgjcUAgOgFQwTYmplbnNlbkBFWEFNUExF LkNPTaAxBgYrBgEFAgKgJzAloA0bC0VYQU1QTEUuQ09NoRQwEqADAgEBoQswCRsH YmplbnNlbjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAkHNQIKsgS yhowGHe8wtFD8Z+4bdRJ0NruMGltj+69AZTBt3Jo5ZvS+4UWqfRTMqZf16/uQGVJ BHVqYQr/LOkhB2j9vew7V4zhYPH23kAJO8P2lYZXX24nB8LlqRObVafPrQyrLVXU W481O+AzIFBtNIoi+sbsVm0COp8JGUo5nooBip5+as8ufQqCUu0SxhMpaokri9mB 5V3fxIA1SquOw/6aIUEir5Mi2kKUCVYm8VP9CrdYu0vVGoBZ2GkNGsD4MZS/+a6v Lgdt6ebhXuOUlaTMEYwgsJS4z9EB31oHyOt/YlJjR/fp434JRxPBfXAnXEzI9apG /DXE+1dr1yFa -----END CERTIFICATE-----' echo "$cert" | sed -e 's,^$,,g' -e 's,^ ,,g' > cert.original echo "$wrongcert" | sed -e 's,^$,,g' -e 's,^ ,,g' > cert.wrong # Save the right certificate to NSS's database with the wrong nickname. echo "[nss:wrongnick]" cat > entry.nss << EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=wrongnick cert=$cert EOF $toolsdir/certsave entry.nss # Save the wrong certificate to NSS's database with the right nickname. echo "[nss:wrongcert]" cat > entry.nss << EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$wrongcert EOF $toolsdir/certsave entry.nss # Save the right certificate to NSS's database and read it back. echo "[nss:right]" cat > entry.nss << EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss $toolsdir/listnicks entry.nss certutil -d $scheme:$tmpdir -L -n cert -a > cert.nss # Save the wrong certificate to the PEM file. echo "[openssl:wrong]" cat > entry.openssl << EOF cert_storage_type=FILE cert_storage_location=$tmpdir/cert.openssl cert=$wrongcert EOF $toolsdir/certsave entry.openssl # Save the right certificate to the PEM file. echo "[openssl:right]" cat > entry.openssl << EOF cert_storage_type=FILE cert_storage_location=$tmpdir/cert.openssl cert=$cert EOF $toolsdir/certsave entry.openssl # Compare the three. run_dos2unix cert.original run_dos2unix cert.nss run_dos2unix cert.openssl if ! cmp cert.original cert.nss ; then echo Original and NSS disagree "($scheme:$tmpdir)". cat cert.original cert.nss exit 1 fi if ! cmp cert.original cert.openssl ; then echo Original and OpenSSL disagree. cat cert.original cert.openssl exit 1 fi if ! cmp cert.nss cert.openssl ; then echo NSS and OpenSSL disagree. cat cert.nss cert.openssl exit 1 fi # Try to save the certificate to the read-only directory. echo "[openssl:rosubdir]" cat > entry.openssl << EOF cert_storage_type=FILE cert_storage_location=$tmpdir/rosubdir/cert.openssl cert=$cert EOF $toolsdir/certsave entry.openssl || true # Try to save the certificate to the read-write directory, read-only file. echo "[openssl:rwsubdir]" touch $tmpdir/rwsubdir/cert.openssl chmod u-w $tmpdir/rwsubdir/cert.openssl cat > entry.openssl << EOF cert_storage_type=FILE cert_storage_location=$tmpdir/rwsubdir/cert.openssl cert=$cert EOF $toolsdir/certsave entry.openssl || true # Now tweak the trust settings on the NSS certificate. The "u" flag seems to # be tied to whether or not we have a matching private key, so we can't mess # with it. for trust in ,, P,, ,P, CT,C, C,c,p ; do echo Testing setting trust to "$trust": # Save the right certificate to NSS's database and read it back. initnssdb $scheme:$tmpdir cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss certutil -d $scheme:$tmpdir -M -n cert -t $trust echo -n " baseline: " certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' $toolsdir/certsave entry.nss echo -n " right nickname, right subject: " certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' # Save the right certificate to NSS's database with the wrong nickname. initnssdb $scheme:$tmpdir $toolsdir/certsave entry.nss cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=wrongnick cert=$cert EOF $toolsdir/certsave entry.nss certutil -d $scheme:$tmpdir -M -n wrongnick -t $trust # Save the right certificate to NSS's database and read it back. cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss echo -n " wrong nickname, right subject: " certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' # Save the wrong certificate to NSS's database with the right nickname. initnssdb $scheme:$tmpdir $toolsdir/certsave entry.nss cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$wrongcert EOF $toolsdir/certsave entry.nss certutil -d $scheme:$tmpdir -M -n cert -t $trust # Save the right certificate to NSS's database and read it back. cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss echo -n " wrong subject, right nickname: " certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' done if test "$scheme" = sql ; then echo Skipping rosubdir test. else # Try to save the certificate to the read-only directory. echo "[nss:rosubdir]" cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir/rosubdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss || true fi if test "$scheme" = sql ; then echo Skipping rwsubdir test. else # Try to save the certificate to the read-write directory, read-only file. echo "[nss:rwsubdir]" cat > entry.nss <<- EOF cert_storage_type=NSSDB cert_storage_location=$scheme:$tmpdir/rwsubdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss || true fi echo Test complete. certmonger-0.79.19/tests/008-certread/0000755000175000017500000000000014511314133016672 5ustar gitgit00000000000000certmonger-0.79.19/tests/008-certread/expected.out0000644000175000017500000000201714511314133021224 0ustar gitgit00000000000000cert_ca_path_length=-1 cert_email=babs@example.com cert_is_ca=0 cert_issuer=CN=Babs Jensen cert_issuer_der=3016311430120603550403130B42616273204A656E73656E cert_no_ocsp_check=0 cert_not_after=20091211214654 cert_not_before=20091111214654 cert_perms=0 cert_principal=bjensen@EXAMPLE.COM cert_serial=47 cert_spki=30820122300D06092A864886F70D01010105000382010F003082010A0282010100C7811D5C2E6A4C31A783AC3D3FA8A20873CABE52B322B294A27E40FE019D0CF1352993DCEFAE6ED46A82FFF545E923DF4679E90317DC3F5C8097DD4429924D0E892E9B9B817D4366D8321EAE239D4B6262C39BCD0F37F8E5E53BF91422D19525ADB7D3CFAB010E8592923C4B45B089781F6486666C88E0864A5F8FE5D33ED8D5B01C0A571AF7F7EF87AB4CC0FB563328F6447BE994D02F2CEF3874B731225D511C3A7C0B2F6E50A44543515C5D1CA1C17E754E9AC37D8EEF413B8F1BFB3208079AAD4928ABFA34ECF7E26A457D349EC3D75689E15CC1CEC4E8DCF693095770FCC087D7CDE5B5D31340DD86028BAE978994E271FB0557C678ECCAEAD32CAD09ED0203010001 cert_subject=CN=Babs Jensen cert_subject_der=3016311430120603550403130B42616273204A656E73656E cert_token=NSS Certificate DB Test complete. certmonger-0.79.19/tests/008-certread/run.sh0000755000175000017500000000551014511314133020036 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" cert='-----BEGIN CERTIFICATE----- MIIDMTCCAhmgAwIBAgIBRzANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtCYWJz IEplbnNlbjAeFw0wOTExMTEyMTQ2NTRaFw0wOTEyMTEyMTQ2NTRaMBYxFDASBgNV BAMTC0JhYnMgSmVuc2VuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA x4EdXC5qTDGng6w9P6iiCHPKvlKzIrKUon5A/gGdDPE1KZPc765u1GqC//VF6SPf RnnpAxfcP1yAl91EKZJNDokum5uBfUNm2DIeriOdS2Jiw5vNDzf45eU7+RQi0ZUl rbfTz6sBDoWSkjxLRbCJeB9khmZsiOCGSl+P5dM+2NWwHApXGvf374erTMD7VjMo 9kR76ZTQLyzvOHS3MSJdURw6fAsvblCkRUNRXF0cocF+dU6aw32O70E7jxv7MggH mq1JKKv6NOz34mpFfTSew9dWieFcwc7E6Nz2kwlXcPzAh9fN5bXTE0DdhgKLrpeJ lOJx+wVXxnjsyurTLK0J7QIDAQABo4GJMIGGMHYGA1UdEQEBAARsMGqBEGJhYnNA ZXhhbXBsZS5jb22gIwYKKwYBBAGCNxQCA6AVDBNiamVuc2VuQEVYQU1QTEUuQ09N oDEGBisGAQUCAqAnMCWgDRsLRVhBTVBMRS5DT02hFDASoAMCAQGhCzAJGwdiamVu c2VuMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAKwbX1XJIn78vSqE /VEnMECQG46z7JPJC0+40fqpF2chC2LwFGWTInbfrq0AVOJ3hFP4b8UY20KhjOYv 5SWQXotbOBUjqAGM69/IG9eNGoMi7yaeGCxq3O+yyyR8Nh2GfraHVeIhywtfyIft Iy4wMPoh6qoWCSyxokNTTsFhlV/Ka7e8fDqAGKWJvABzV4Qd6MxN9MNrVoYc5UcI /JzTBBsjXY4BF7xLgB5hAsL7PHAOYlraZkCuIP+8dEaCTdim8b9jVgPHVTp+mxmL yxLfZh7aPfW0TcCn4tVFugebEL1bFz9Sok0F1j7uYdu5e6f3jw+QUyE24KOGFTtQ i6k3fDQ= -----END CERTIFICATE-----' echo "$cert" | sed -e 's,^$,,g' -e 's,^ ,,g' > cert.original # Import it into NSS's database and read it back. certutil -d "$tmpdir" -A -n cert -t u,u,u < cert.original cat > entry.nss << EOF id=Test cert_storage_type=NSSDB cert_storage_location=$tmpdir cert_nickname=cert EOF $toolsdir/certread entry.nss # Read it from a PEM file. cp cert.original cert.openssl cat > entry.openssl << EOF id=Test cert_storage_type=FILE cert_storage_location=$tmpdir/cert.openssl EOF $toolsdir/certread entry.openssl # Strip out storage keywords. egrep -v '^(cert_storage_type|cert_storage_location|cert_nickname|cert_token)' entry.nss >\ entry.nss.clean egrep -v '^(cert_storage_type|cert_storage_location|cert_nickname|cert_token)' entry.openssl >\ entry.openssl.clean awk '/^cert=.*BEGIN CERTIFICATE/,/END CERTIFICATE/{print}{;}' entry.nss >> entry.nss.clean awk '/^cert=.*BEGIN CERTIFICATE/,/END CERTIFICATE/{print}{;}' entry.openssl >> entry.openssl.clean if ! grep -q '^cert=.*BEGIN CERTIFICATE' entry.nss.clean && \ ! grep -q '^ -----END CERTIFICATE-----' entry.nss.clean ; then echo Failed to pull certificate out of NSS. exit 1 fi if ! grep -q '^cert=.*BEGIN CERTIFICATE' entry.openssl.clean && \ ! grep -q '^ -----END CERTIFICATE-----' entry.openssl.clean ; then echo Failed to pull certificate out of OpenSSL. exit 1 fi # Compare the two cleaned entry files. if ! cmp entry.nss.clean entry.openssl.clean ; then echo Read certificates differently. diff -u entry.nss.clean entry.openssl.clean exit 1 fi # Let the caller make sure it looks right. grep ^cert_ entry.nss.clean | sort grep ^cert_token entry.nss echo Test complete. certmonger-0.79.19/tests/009-oiddict/0000755000175000017500000000000014511314133016521 5ustar gitgit00000000000000certmonger-0.79.19/tests/009-oiddict/expected.out0000644000175000017500000000230014511314133021046 0ustar gitgit00000000000000id-kp -> 1.3.6.1.5.5.7.3 id-kp.1 -> 1.3.6.1.5.5.7.3.1 id-kp.2 -> 1.3.6.1.5.5.7.3.2 id-kp.3 -> 1.3.6.1.5.5.7.3.3 id-kp.4 -> 1.3.6.1.5.5.7.3.4 id-kp.5 -> 1.3.6.1.5.5.7.3.5 id-kp.8 -> 1.3.6.1.5.5.7.3.8 id-kp.9 -> 1.3.6.1.5.5.7.3.9 id-kp-clientAuth -> 1.3.6.1.5.5.7.3.2 id-kp-codeSigning -> 1.3.6.1.5.5.7.3.3 id-kp-emailProtection -> 1.3.6.1.5.5.7.3.4 id-kp-OCSPSigning -> 1.3.6.1.5.5.7.3.9 id-kp-serverAuth -> 1.3.6.1.5.5.7.3.1 id-kp-timeStamping -> 1.3.6.1.5.5.7.3.8 id-ms-kp-sc-logon -> 1.3.6.1.4.1.311.20.2.2 id-pkinit -> 1.3.6.1.5.2.3 id-pkinit.4 -> 1.3.6.1.5.2.3.4 id-pkinit.5 -> 1.3.6.1.5.2.3.5 id-pkinit-KPClientAuth -> 1.3.6.1.5.2.3.4 id-pkinit-KPKdc -> 1.3.6.1.5.2.3.5 id-pkix -> 1.3.6.1.5.5.7 id-pkix.1 -> 1.3.6.1.5.5.7.1 id-pkix.3 -> 1.3.6.1.5.5.7.3 id-pkix-ocsp-nocheck -> 1.3.6.1.5.5.7.48.1.5 id-pe.1 -> 1.3.6.1.5.5.7.1.1 id-ce.35 -> 2.5.29.35 id-ce.14 -> 2.5.29.14 id-qt.2 -> 1.3.6.1.5.5.7.2.2 1.3.6.1.5 -> iso.org.dod.internet.security 1.3.6.1.5.5 -> iso.org.dod.internet.security.mechanisms 1.3.6.1.5.5.7 -> id-pkix 1.3.6.1.5.5.7.48.1.5 -> id-pkix-ocsp-nocheck 1.3.6.1.5.2 -> iso.org.dod.internet.security.kerberosV5 1.3.6.1.5.2.3 -> id-pkinit 1.3.6.1.4.1.311.20.2.2 -> id-ms-kp-sc-logon Test complete. certmonger-0.79.19/tests/009-oiddict/run.sh0000755000175000017500000000131714511314133017666 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions names=' id-kp id-kp.1 id-kp.2 id-kp.3 id-kp.4 id-kp.5 id-kp.8 id-kp.9 id-kp-clientAuth id-kp-codeSigning id-kp-emailProtection id-kp-OCSPSigning id-kp-serverAuth id-kp-timeStamping id-ms-kp-sc-logon id-pkinit id-pkinit.4 id-pkinit.5 id-pkinit-KPClientAuth id-pkinit-KPKdc id-pkix id-pkix.1 id-pkix.3 id-pkix-ocsp-nocheck id-pe.1 id-ce.35 id-ce.14 id-qt.2 ' oids=' 1.3.6.1.5 1.3.6.1.5.5 1.3.6.1.5.5.7 1.3.6.1.5.5.7.48.1.5 1.3.6.1.5.2 1.3.6.1.5.2.3 1.3.6.1.4.1.311.20.2.2 ' for name in $names ; do oid=`$toolsdir/name2oid "$name"` echo $name '->' $oid done for oid in $oids ; do name=`$toolsdir/oid2name "$oid"` echo $oid '->' $name done echo Test complete. certmonger-0.79.19/tests/010-iterate/0000755000175000017500000000000014511314133016527 5ustar gitgit00000000000000certmonger-0.79.19/tests/010-iterate/expected.out0000644000175000017500000004011014511314133021055 0ustar gitgit00000000000000[Generating key pair.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO -STOP- key_issued_count=0 key_requested_count=0 [Reading back key info.] NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- key_size=2048 key_issued_count=0 key_requested_count=0 [Generating CSR.] NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- key_issued_count=0 key_requested_count=0 [Getting CSR signed.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- key_issued_count=0 key_requested_count=1 [Saving certificate.] NEED_TO_SAVE_CERT -START- PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED Certificate in file "$tmpdir/certfile" issued by CA and saved. MONITORING -STOP- key_issued_count=1 key_requested_count=1 [From-scratch enrollment scenario OK.] [Picking up mid-life without a key or a certificate.] NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING NEED_KEY_PAIR -STOP- [Picking up mid-life without a certificate.] NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING NEED_CSR -STOP- [Picking up mid-life.] NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [Retroactive issuing.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED Certificate in file "$tmpdir/certfile2" issued by CA and saved. MONITORING -STOP- notBefore=Jan 1 00:00:00 1970 GMT notAfter=Jan 2 00:00:00 1970 GMT [Noticing expiration.] notBefore=Jan 1 00:00:00 1970 GMT notAfter=Jan 2 00:00:00 1970 GMT MONITORING -START- NEED_TO_NOTIFY_VALIDITY NOTIFYING_VALIDITY Certificate in file "$tmpdir/certfile2" is no longer valid. delay=86400 MONITORING -STOP- [Kicking off autorenew.] notBefore=Jan 1 00:00:00 1970 GMT notAfter=Jan 2 00:00:00 1970 GMT MONITORING -START- NEED_TO_NOTIFY_VALIDITY NOTIFYING_VALIDITY Certificate in file "$tmpdir/certfile2" is no longer valid. NEED_CSR -STOP- [Enroll.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- key_issued_count=0 key_requested_count=0 NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- key_issued_count=0 key_requested_count=0 HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- key_issued_count=0 key_requested_count=1 NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- key_issued_count=1 key_requested_count=1 [Enroll, helper produces noise before.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- [Enroll, helper produces noise after] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- [Enroll, helper produces noise before and after.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- [Enroll, helper omits newline at end of certificate.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- [Enroll, helper produces binary certificate output.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- [Enroll, helper produces JSON output.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT -STOP- 1 1 2 [Try to enroll, but we need to generate a new key] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_KEY_PAIR -STOP- NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO -STOP- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- [Enroll until we notice we have no specified CA.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT NEED_CA -STOP- [Enroll until the CA tells us to come back later.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=604800 CA_WORKING -STOP- ca_cookie=iLoveCookiesSome CA_WORKING -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT -STOP- [Enroll until the CA rejects us.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- key_issued_count=0 key_requested_count=0 NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- key_issued_count=0 key_requested_count=0 HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_NOTIFY_REJECTION -STOP- key_issued_count=0 key_requested_count=1 NEED_TO_NOTIFY_REJECTION -START- NOTIFYING_REJECTION Request for certificate to be stored in file "$tmpdir/certfile3" rejected by CA. CA_REJECTED -STOP- key_issued_count=0 key_requested_count=1 CA_REJECTED -START- CA_REJECTED -STOP- key_issued_count=0 key_requested_count=1 [Enroll until the CA rejects us after poll.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=1 CA_WORKING NEED_TO_SUBMIT SUBMITTING NEED_TO_NOTIFY_REJECTION -STOP- NEED_TO_NOTIFY_REJECTION -START- NOTIFYING_REJECTION Request for certificate to be stored in file "$tmpdir/certfile3" rejected by CA. CA_REJECTED -STOP- CA_REJECTED -START- CA_REJECTED -STOP- [Enroll until the CA turns out to be unreachable.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=604800 CA_UNREACHABLE -STOP- CA_UNREACHABLE -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT -STOP- [Enroll until the CA client turns out to be unconfigured.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=604800 CA_UNCONFIGURED -STOP- CA_UNCONFIGURED -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT -STOP- [Enroll until the CA tells us to come back later.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=13 CA_WORKING -STOP- ca_cookie=iLoveCookiesMore CA_WORKING -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT -STOP- [Enroll until the CA tells us to come back later, but with a broken date.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_GUIDANCE -STOP- NO COOKIE FOR YOU NEED_GUIDANCE -START- NEED_GUIDANCE -STOP- [Enroll until we realize our enrollment helper doesn't support enrollment.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_GUIDANCE -STOP- [Enroll until we have SCEP data to go with it.] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- key_issued_count=0 key_requested_count=0 NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- key_issued_count=0 key_requested_count=0 HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_SCEP_DATA -STOP- key_issued_count=0 key_requested_count=1 NEED_SCEP_DATA -START- GENERATING_SCEP_DATA HAVE_SCEP_DATA NEED_TO_SUBMIT -STOP- key_issued_count=0 key_requested_count=1 [CA poll timeout remaining=0.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=300 CA_UNREACHABLE -STOP- [CA poll timeout remaining=0.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=300 CA_WORKING -STOP- [CA poll timeout remaining=0.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=300 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=0.] MONITORING -START- delay=86400 MONITORING -STOP- [CA poll timeout remaining=30.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=300 CA_UNREACHABLE -STOP- [CA poll timeout remaining=30.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=300 CA_WORKING -STOP- [CA poll timeout remaining=30.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=300 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=30.] MONITORING -START- delay=1800 MONITORING -STOP- [CA poll timeout remaining=1800.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=900 CA_UNREACHABLE -STOP- [CA poll timeout remaining=1800.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=900 CA_WORKING -STOP- [CA poll timeout remaining=1800.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=900 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=1800.] MONITORING -START- delay=1800 MONITORING -STOP- [CA poll timeout remaining=3600.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=1800 CA_UNREACHABLE -STOP- [CA poll timeout remaining=3600.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=1800 CA_WORKING -STOP- [CA poll timeout remaining=3600.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=1800 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=3600.] MONITORING -START- delay=1800 MONITORING -STOP- [CA poll timeout remaining=7200.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=3600 CA_UNREACHABLE -STOP- [CA poll timeout remaining=7200.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=3600 CA_WORKING -STOP- [CA poll timeout remaining=7200.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=3600 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=7200.] MONITORING -START- delay=3605 MONITORING -STOP- [CA poll timeout remaining=84700.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=42350 CA_UNREACHABLE -STOP- [CA poll timeout remaining=84700.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=42350 CA_WORKING -STOP- [CA poll timeout remaining=84700.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=42350 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=84700.] MONITORING -START- delay=41505 MONITORING -STOP- [CA poll timeout remaining=86000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=43000 CA_UNREACHABLE -STOP- [CA poll timeout remaining=86000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=43000 CA_WORKING -STOP- [CA poll timeout remaining=86000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=43000 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=86000.] MONITORING -START- delay=42805 MONITORING -STOP- [CA poll timeout remaining=86500.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=43250 CA_UNREACHABLE -STOP- [CA poll timeout remaining=86500.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=43250 CA_WORKING -STOP- [CA poll timeout remaining=86500.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=43250 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=86500.] MONITORING -START- delay=1800 MONITORING -STOP- [CA poll timeout remaining=604800.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=302400 CA_UNREACHABLE -STOP- [CA poll timeout remaining=604800.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=302400 CA_WORKING -STOP- [CA poll timeout remaining=604800.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=302400 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=604800.] MONITORING -START- delay=86400 MONITORING -STOP- [CA poll timeout remaining=1000000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=500000 CA_UNREACHABLE -STOP- [CA poll timeout remaining=1000000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=500000 CA_WORKING -STOP- [CA poll timeout remaining=1000000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=500000 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=1000000.] MONITORING -START- delay=86400 MONITORING -STOP- [CA poll timeout remaining=2000000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=604800 CA_UNREACHABLE -STOP- [CA poll timeout remaining=2000000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=604800 CA_WORKING -STOP- [CA poll timeout remaining=2000000.] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING delay=604800 CA_UNCONFIGURED -STOP- [Monitor poll timeout remaining=2000000.] MONITORING -START- delay=86400 MONITORING -STOP- [Kicking off split monitor/enroll TTL tests.] NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING NEED_KEY_PAIR -STOP- NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR -STOP- NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR -STOP- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [Kicking off enroll only.] notBefore=Jan 1 00:00:00 1970 GMT notAfter=Jan 1 00:00:00 1971 GMT MONITORING -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [Kicking off notify only.] notBefore=Jan 1 00:00:00 1970 GMT notAfter=Jan 1 00:00:00 1971 GMT MONITORING -START- NEED_TO_NOTIFY_VALIDITY NOTIFYING_VALIDITY delay=86400 MONITORING -STOP- [Kicking off notify-then-submit.] notBefore=Jan 1 00:00:00 1970 GMT notAfter=Jan 1 00:00:00 1971 GMT MONITORING -START- NEED_TO_NOTIFY_VALIDITY NOTIFYING_VALIDITY NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- The sky is falling: Certificate in file "$tmpdir/certfile10" is no longer valid. The sky is falling: Certificate in file "$tmpdir/certfile10" issued by CA and saved. Test complete. certmonger-0.79.19/tests/010-iterate/run.sh0000755000175000017500000007043714511314133017705 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions cert="-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE-----" cert2="-----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE-----" cert3="-----BEGIN CERTIFICATE----- MIIB0TCCATqgAwIBAgICEjUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJbG9j YWxob3N0MB4XDTcwMDEwMTExMTExMVoXDTcxMDEwMTExMTExMVowFDESMBAGA1UE AxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC394oITlJc hLbXLUAYJ+IGpvr3YfyQlQb3u95p3s0gEemx/+Dy3ViJW7WhMuc/FHJSV5ghLflk TRLfUdS18LGBkfkREBJVWfELhgm5ZHqiGzCvTmg01tgvouKj+8kFNJIaWsEm8mBa SoJzk8+vOQsnXjrZAKAFY7WrVryilh4cQQIDAQABozIwMDAMBgNVHRMBAf8EAjAA MCAGA1UdDgEBAAQWBBQfjVS9H0rXGb4SFB9bkzTpHHUH2jANBgkqhkiG9w0BAQsF AAOBgQCt6xbyri3BobQUPQmN7ROc3mveMSfMyOwBSTDjl2XIWV98HjVLWRjScbg7 KW6z8W7iaasSDF7GWM2YqWaanWx5XwzayNUvIX3gHKqo+OwHo5QUfawtEV5Niop1 N4nZp1GMclRuk9UFXLV2NfaohRPYs7FVdBVtWNvg7hH8XedLyw== -----END CERTIFICATE-----" cert4="-----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- " cat > ca-issued << EOF #!/bin/sh echo "$cert" exit 0 EOF chmod u+x ca-issued cat > ca-issued-with-no-newline << EOF #!/bin/sh echo -n "$cert" exit 0 EOF chmod u+x ca-issued-with-no-newline cat > ca-issued-with-noise-before << EOF #!/bin/sh echo iLoveCookies echo "$cert" exit 0 EOF chmod u+x ca-issued-with-noise-before cat > ca-issued-with-noise-after << EOF #!/bin/sh echo "$cert" echo iLoveCookies exit 0 EOF chmod u+x ca-issued-with-noise-after cat > ca-issued-with-noise-both << EOF #!/bin/sh echo iLoveCookies echo "$cert" echo Also Monkeys exit 0 EOF chmod u+x ca-issued-with-noise-both cat > ca-issued-json << EOF #!/bin/sh echo -n "{\"certificate\":\"$cert\",\"roots\":[{\"nickname\":\"CA1\",\"certificate\":\"$cert2\"},{\"nickname\":\"CA2\",\"certificate\":\"$cert3\"}],\"chain\":[{\"nickname\":\"CA3\",\"certificate\":\"$cert4\"}],\"whatever\":null}" exit 0 EOF chmod u+x ca-issued-json cat > ca-ask-again << EOF #!/bin/sh echo iLoveCookiesSome exit 1 EOF chmod u+x ca-ask-again cat > ca-need-rekey << EOF #!/bin/sh echo NotThatKeyAgain exit 17 EOF chmod u+x ca-need-rekey cat > ca-issued-binary-x509 << EOF #!/bin/sh echo "$cert" | openssl x509 -outform der exit 0 EOF chmod u+x ca-issued-binary-x509 cat > ca-reject << EOF #!/bin/sh echo CA rejected us, must have been having a bad day. exit 2 EOF chmod u+x ca-reject cat > ca-reject-second-time << EOF #!/bin/sh if test -z "\$CERTMONGER_CA_COOKIE" ; then echo 1 echo Try again. echo echo Maybe later. exit 5 else echo CA rejected us, must have been having a bad day. echo cookie was "\$CERTMONGER_CA_COOKIE" exit 2 fi EOF chmod u+x ca-reject-second-time cat > ca-unreachable << EOF #!/bin/sh echo Could not contact CA. exit 3 EOF chmod u+x ca-unreachable cat > ca-unconfigured << EOF #!/bin/sh echo Something is wrong with my brain. exit 4 EOF chmod u+x ca-unconfigured cat > ca-ask-again-5 << EOF #!/bin/sh echo 13 echo iLoveCookiesMore exit 5 EOF chmod u+x ca-ask-again-5 cat > ca-ask-again-broken-5 << EOF #!/bin/sh echo "?1034h13" echo iLoveCookiesMore exit 5 EOF chmod u+x ca-ask-again-broken-5 cat > ca-what-what-6 << EOF #!/bin/sh echo What do you want? exit 6 EOF chmod u+x ca-what-what-6 cat > ca-needs-scep-16 << EOF #!/bin/sh echo Nope, need SCEP data. exit 16 EOF chmod u+x ca-needs-scep-16 cat > ca << EOF id=SelfSign ca_type=INTERNAL:SELF EOF cat > entry << EOF id=Test ca_name=SelfSign state=NEED_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile notification_method=STDOUT post_certsave_command=echo POSTHOOK post_certsave_uid=`id -u` pre_certsave_command=echo PREHOOK pre_certsave_uid=`id -u` EOF # These cover parts of the process, forcing it to stop if any phase needs # to be tried again, so that we don't hit infinite loops. echo '[Generating key pair.]' $toolsdir/iterate ca entry GENERATING_KEY_PAIR,HAVE_KEY_PAIR if test "`grep ^state entry`" != state=NEED_KEYINFO ; then echo Key generation failed or did not move to key info reading. grep ^state entry exit 1 fi grep ^key.\*count= entry | LANG=C sort echo echo '[Reading back key info.]' $toolsdir/iterate ca entry NEED_KEYINFO,START_READING_KEYINFO,READING_KEYINFO,HAVE_KEYINFO if test "`grep ^state entry`" != state=NEED_CSR ; then echo Key info read failed or did not move to CSR generation. grep ^state entry exit 1 fi grep ^key_size entry grep ^key.\*count= entry | LANG=C sort echo echo '[Generating CSR.]' $toolsdir/iterate ca entry HAVE_KEYINFO,NEED_CSR,GENERATING_CSR if test "`grep ^state entry`" != state=HAVE_CSR ; then echo CSR generation failed or did not move to submission. grep ^state entry exit 1 fi grep ^key.\*count= entry | LANG=C sort echo echo '[Getting CSR signed.]' $toolsdir/iterate ca entry HAVE_CSR,NEED_TO_SUBMIT,SUBMITTING if test "`grep ^state entry`" != state=NEED_TO_SAVE_CERT ; then echo Signing failed or did not move to saving. grep ^state entry exit 1 fi grep ^key.\*count= entry | LANG=C sort echo echo '[Saving certificate.]' $toolsdir/iterate ca entry START_SAVING_CERT,PRE_SAVE_CERT,SAVING_CERT,NEED_TO_READ_CERT,READING_CERT,POST_SAVED_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT | sed 's@'"$tmpdir"'@$tmpdir@g' if test "`grep ^state entry`" != state=MONITORING ; then echo Saving failed or did not move to monitoring. grep ^state entry exit 1 fi grep ^key.\*count= entry | LANG=C sort echo echo '[From-scratch enrollment scenario OK.]' echo echo '[Picking up mid-life without a key or a certificate.]' cat > entry << EOF id=Test state=NEWLY_ADDED key_storage_type=FILE key_storage_location=$tmpdir/keyfile2 cert_storage_type=FILE cert_storage_location=$tmpdir/certfile2 notification_method=STDOUT EOF $toolsdir/iterate ca entry NEWLY_ADDED,NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING if test "`grep ^state entry`" != state=NEED_KEY_PAIR ; then echo Figuring stuff out failed or did not move to generating a key. grep ^state entry exit 1 fi echo echo '[Picking up mid-life without a certificate.]' cat > entry << EOF id=Test state=NEWLY_ADDED key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile2 notification_method=STDOUT EOF $toolsdir/iterate ca entry NEWLY_ADDED,NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING if test "`grep ^state entry`" != state=NEED_CSR; then echo Figuring stuff out failed or did not move to generating a CSR. grep ^state entry exit 1 fi echo echo '[Picking up mid-life.]' cat > entry << EOF id=Test state=NEWLY_ADDED key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile notification_method=STDOUT EOF $toolsdir/iterate ca entry NEWLY_ADDED,NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING if test "`grep ^state entry`" != state=MONITORING ; then echo Figuring stuff out failed or did not move to monitoring. grep ^state entry exit 1 fi echo echo '[Retroactive issuing.]' cat > entry2 << EOF id=Test ca_name=SelfSign state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile2 monitor=1 notification_method=STDOUT EOF cat > ca2 << EOF id=SelfSign ca_type=INTERNAL:SELF ca_internal_issue_time=0 EOF $toolsdir/iterate ca2 entry2 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca2 entry2 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca2 entry2 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca2 entry2 START_SAVING_CERT,SAVING_CERT,NEED_TO_READ_CERT,READING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT | sed 's@'"$tmpdir"'@$tmpdir@g' openssl x509 -noout -startdate -enddate -in $tmpdir/certfile2 echo echo '[Noticing expiration.]' openssl x509 -noout -startdate -enddate -in $tmpdir/certfile2 $toolsdir/iterate ca entry2 NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY | sed 's@'"$tmpdir"'@$tmpdir@g' echo echo '[Kicking off autorenew.]' cat > entry2 << EOF id=Test ca_name=SelfSign state=MONITORING key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile2 monitor=1 autorenew=1 notification_method=STDOUT EOF openssl x509 -noout -startdate -enddate -in $tmpdir/certfile2 $toolsdir/iterate ca entry2 MONITORING,NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY | sed 's@'"$tmpdir"'@$tmpdir@g' echo echo '[Enroll.]' cat > entry3 << EOF id=Test ca_name=Friendly state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile4 notification_method=STDOUT EOF cat > ca3 << EOF id=Friendly ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued EOF : > $tmpdir/certfile4 $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO grep ^key.\*count= entry3 | LANG=C sort $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR grep ^key.\*count= entry3 | LANG=C sort $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING grep ^key.\*count= entry3 | LANG=C sort $toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT grep ^key.\*count= entry3 | LANG=C sort echo echo '[Enroll, helper produces noise before.]' cat > entry3 << EOF id=Test ca_name=Friendly state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile4 notification_method=STDOUT EOF cat > ca3 << EOF id=Friendly ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued-with-noise-before EOF : > $tmpdir/certfile4 $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT echo echo '[Enroll, helper produces noise after]' cat > entry3 << EOF id=Test ca_name=Friendly state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile4 notification_method=STDOUT EOF cat > ca3 << EOF id=Friendly ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued-with-noise-after EOF : > $tmpdir/certfile4 $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT echo echo '[Enroll, helper produces noise before and after.]' cat > entry3 << EOF id=Test ca_name=Friendly state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile4 notification_method=STDOUT EOF cat > ca3 << EOF id=Friendly ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued-with-noise-both EOF : > $tmpdir/certfile4 $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT echo echo '[Enroll, helper omits newline at end of certificate.]' cat > entry3 << EOF id=Test ca_name=Friendly state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile4 notification_method=STDOUT EOF cat > ca3 << EOF id=Friendly ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued-with-no-newline EOF : > $tmpdir/certfile4 $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT echo echo '[Enroll, helper produces binary certificate output.]' cat > entry3 << EOF id=Test ca_name=Friendly state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile4 notification_method=STDOUT EOF cat > ca3 << EOF id=Friendly ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued-binary-x509 EOF : > $tmpdir/certfile4 $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT echo echo '[Enroll, helper produces JSON output.]' cat > entry11 << EOF id=Test ca_name=Webby state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile11 root_cert_files=$tmpdir/rootcertfile other_cert_files=$tmpdir/othercertfile notification_method=STDOUT EOF cat > ca11 << EOF id=Webby ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-issued-json EOF : > $tmpdir/certfile11 rm -f $tmpdir/rootcertfile rm -f $tmpdir/othercertfile $toolsdir/iterate ca11 entry11 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca11 entry11 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca11 entry11 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca11 entry11 NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT,SAVED_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS grep 'BEGIN CERTIFICATE' $tmpdir/certfile11 | wc -l grep 'BEGIN CERTIFICATE' $tmpdir/othercertfile | wc -l grep 'BEGIN CERTIFICATE' $tmpdir/rootcertfile | wc -l echo echo '[Try to enroll, but we need to generate a new key]' cat > entry12 << EOF id=Test ca_name=Webby state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile12 notification_method=STDOUT EOF cat > ca12 << EOF id=Webby ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-need-rekey EOF : > $tmpdir/certfile12 rm -f $tmpdir/rootcertfile rm -f $tmpdir/othercertfile $toolsdir/iterate ca12 entry12 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca12 entry12 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca12 entry12 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca12 entry12 NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR $toolsdir/iterate ca12 entry12 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO echo echo '[Enroll until we notice we have no specified CA.]' cat > entry3 << EOF id=Test state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca3 << EOF id=Meanie ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-reject EOF $toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING echo echo '[Enroll until the CA tells us to come back later.]' cat > entry4 << EOF id=Test ca_name=Busy state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca4 << EOF id=Busy ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-ask-again EOF $toolsdir/iterate ca4 entry4 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca4 entry4 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca4 entry4 NEED_TO_SUBMIT,SUBMITTING grep ca_cookie entry4 $toolsdir/iterate ca4 entry4 "" echo echo '[Enroll until the CA rejects us.]' cat > entry5 << EOF id=Test ca_name=Meanie state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile3 notification_method=STDOUT EOF cat > ca5 << EOF id=Meanie ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-reject EOF $toolsdir/iterate ca5 entry5 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO grep ^key.\*count= entry5 | LANG=C sort $toolsdir/iterate ca5 entry5 NEED_CSR,GENERATING_CSR grep ^key.\*count= entry5 | LANG=C sort $toolsdir/iterate ca5 entry5 NEED_TO_SUBMIT,SUBMITTING grep ^key.\*count= entry5 | LANG=C sort $toolsdir/iterate ca5 entry5 NEED_TO_NOTIFY_REJECTION,NOTIFYING_REJECTION | sed 's@'"$tmpdir"'@$tmpdir@g' grep ^key.\*count= entry5 | LANG=C sort $toolsdir/iterate ca5 entry5 "" | sed 's@'"$tmpdir"'@$tmpdir@g' grep ^key.\*count= entry5 | LANG=C sort echo echo '[Enroll until the CA rejects us after poll.]' cat > entry5 << EOF id=Test ca_name=Meanie state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile3 notification_method=STDOUT EOF cat > ca5 << EOF id=Meanie ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-reject-second-time EOF $toolsdir/iterate ca5 entry5 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca5 entry5 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca5 entry5 NEED_TO_SUBMIT,SUBMITTING,CA_WORKING $toolsdir/iterate ca5 entry5 NEED_TO_NOTIFY_REJECTION,NOTIFYING_REJECTION | sed 's@'"$tmpdir"'@$tmpdir@g' $toolsdir/iterate ca5 entry5 "" | sed 's@'"$tmpdir"'@$tmpdir@g' echo echo '[Enroll until the CA turns out to be unreachable.]' cat > entry6 << EOF id=Test ca_name=Lostie state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca6 << EOF id=Lostie ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-unreachable EOF $toolsdir/iterate ca6 entry6 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca6 entry6 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca6 entry6 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca6 entry6 "" echo echo '[Enroll until the CA client turns out to be unconfigured.]' cat > entry7 << EOF id=Test ca_name=Lostie state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca7 << EOF id=Lostie ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-unconfigured EOF $toolsdir/iterate ca7 entry7 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca7 entry7 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca7 entry7 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca7 entry7 "" echo echo '[Enroll until the CA tells us to come back later.]' cat > entry8 << EOF id=Test ca_name=Busy state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca8 << EOF id=Busy ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-ask-again-5 EOF $toolsdir/iterate ca8 entry8 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca8 entry8 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca8 entry8 NEED_TO_SUBMIT,SUBMITTING grep ca_cookie entry8 $toolsdir/iterate ca8 entry8 "" echo echo '[Enroll until the CA tells us to come back later, but with a broken date.]' cat > entry8 << EOF id=Test ca_name=Busy state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca8 << EOF id=Busy ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-ask-again-broken-5 EOF $toolsdir/iterate ca8 entry8 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca8 entry8 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca8 entry8 NEED_TO_SUBMIT,SUBMITTING grep ca_cookie entry8 || echo NO COOKIE FOR YOU $toolsdir/iterate ca8 entry8 "" echo echo "[Enroll until we realize our enrollment helper doesn't support enrollment.]" cat > entry9 << EOF id=Test ca_name=Confused state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca9 << EOF id=Confused ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-what-what-6 EOF $toolsdir/iterate ca9 entry9 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca9 entry9 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca9 entry9 NEED_TO_SUBMIT,SUBMITTING echo echo "[Enroll until we have SCEP data to go with it.]" cat > entry9 << EOF id=Test ca_name=SCEP state=HAVE_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile notification_method=STDOUT EOF cat > ca9 << EOF id=SCEP ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-needs-scep-16 ca_encryption_cert=-----BEGIN CERTIFICATE----- MIICBDCCAW2gAwIBAgIEEjRWgTANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDDA9U ZXN0IExldmVsIDggQ0EwHhcNMTUwMjA0MTk0NjU4WhcNMTYwMjA0MTk0NjU4WjAX MRUwEwYDVQQDDAxUZXN0IEVFIENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBALjcinKYW+KHmciWmdXK5ZNRpKXcc6DqKykg0dUYgUsKTr6GYBeyA64Jmq8S IOYqP2gWnSnw+LWQpbzKvCW0gCO6/skqwNdDZfcxXQmWVEE2oJPmu0a5I02DD46y vVeugjriz2RHVNNjORXmf2xm6bZtcWtzzXew+H5lJIpRzj4LAgMBAAGjWjBYMAkG A1UdEwQCMAAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBRd3x1DMcHyzexXrenW0TRw 3ANRyjAfBgNVHSMEGDAWgBQz4V1OzMt4ObAn9koy3aLP2bzFTjANBgkqhkiG9w0B AQUFAAOBgQBozEcRs625HJ6YMZ2TLJKST1Z38ouIfwtl2Gv4WzGgVcRKVpoMgWjl DbC+yjEDPm5+GwzEwVuR0E4g/nThfff/Ld8wVLfqdvClIUcgM8XEpPSRGrWLri+t 9KqCx+t7heiWQcRD4OT1EfsHmXUz2+tAat6XvRcJ3AI1gtks0vJ6mA== -----END CERTIFICATE----- EOF $toolsdir/iterate ca9 entry9 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO grep ^key.\*count= entry9 | LANG=C sort $toolsdir/iterate ca9 entry9 NEED_CSR,GENERATING_CSR grep ^key.\*count= entry9 | LANG=C sort $toolsdir/iterate ca9 entry9 NEED_TO_SUBMIT,SUBMITTING grep ^key.\*count= entry9 | LANG=C sort $toolsdir/iterate ca9 entry9 NEED_SCEP_DATA,GENERATING_SCEP_DATA,HAVE_SCEP_DATA grep ^key.\*count= entry9 | LANG=C sort # Note! The "iterate" harness rounds delay times up to the next multiple of 50. for interval in 0 30 1800 3600 7200 84700 86000 86500 604800 1000000 2000000; do now=`date +%s` CM_FORCE_TIME=$now ; export CM_FORCE_TIME when=`expr $now + $interval` later=`env TZ=UTC date -d @$when +%Y%m%d%H%M%S` for ca in ca-unreachable ca-ask-again ca-unconfigured ; do echo echo '[CA poll timeout remaining='$interval'.]' cat > entry9 <<- EOF id=Test ca_name=Lostie state=HAVE_CSR cert_not_after=$later csr=AAAA notification_method=STDOUT EOF cat > ca9 <<- EOF id=Lostie ca_type=EXTERNAL ca_external_helper=$tmpdir/$ca EOF $toolsdir/iterate ca9 entry9 NEED_TO_SUBMIT,SUBMITTING done echo echo '[Monitor poll timeout remaining='$interval'.]' cat > entry9 <<- EOF id=Test ca_name=Lostie state=MONITORING cert_not_after=$later csr=AAAA notification_method=STDOUT EOF cat > ca9 <<- EOF id=Lostie ca_type=EXTERNAL ca_external_helper=$tmpdir/$ca EOF $toolsdir/iterate ca9 entry9 "" done SAVED_CONFIG_DIR="$CERTMONGER_CONFIG_DIR" CERTMONGER_CONFIG_DIR=`pwd` echo echo '[Kicking off split monitor/enroll TTL tests.]' cat > entry10 << EOF id=Test ca_name=SelfSign state=NEWLY_ADDED key_storage_type=FILE key_storage_location=$tmpdir/keyfile10 cert_storage_type=FILE cert_storage_location=$tmpdir/certfile10 monitor=1 autorenew=1 notification_method=STDOUT EOF cat > ca10 << EOF id=SelfSign ca_type=INTERNAL:SELF ca_internal_issue_time=0 EOF $toolsdir/iterate ca10 entry10 NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING $toolsdir/iterate ca10 entry10 NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR,NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO $toolsdir/iterate ca10 entry10 NEED_CSR,GENERATING_CSR $toolsdir/iterate ca10 entry10 NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca10 entry10 START_SAVING_CERT,SAVING_CERT,NEED_TO_READ_CERT,READING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT | sed 's@'"$tmpdir"'@$tmpdir@g' cp $tmpdir/certfile10 $tmpdir/certfile10.bak echo echo '[Kicking off enroll only.]' cp $tmpdir/certfile10.bak $tmpdir/certfile10 cat > entry10 << EOF id=Test ca_name=SelfSign state=MONITORING key_storage_type=FILE key_storage_location=$tmpdir/keyfile10 cert_storage_type=FILE cert_storage_location=$tmpdir/certfile10 monitor=1 autorenew=1 notification_method=STDOUT EOF cat > ca10 << EOF id=SelfSign ca_type=INTERNAL:SELF ca_internal_issue_time=0 EOF openssl x509 -noout -startdate -enddate -in $tmpdir/certfile10 cat > certmonger.conf << EOF [defaults] enroll_ttls = 30s notify_ttls = N EOF $toolsdir/iterate ca10 entry10 NEED_CSR,GENERATING_CSR,HAVE_CSR,NEED_TO_SUBMIT,SUBMITTING,NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT,NEED_TO_READ_CERT,READING_CERT | sed 's@'"$tmpdir"'@$tmpdir@g' echo echo '[Kicking off notify only.]' cp $tmpdir/certfile10.bak $tmpdir/certfile10 cat > entry10 << EOF id=Test ca_name=SelfSign state=MONITORING key_storage_type=FILE key_storage_location=$tmpdir/keyfile10 cert_storage_type=FILE cert_storage_location=$tmpdir/certfile10 monitor=1 autorenew=1 notification_method=STDOUT EOF cat > ca10 << EOF id=SelfSign ca_type=INTERNAL:SELF ca_internal_issue_time=0 EOF openssl x509 -noout -startdate -enddate -in $tmpdir/certfile10 cat > certmonger.conf << EOF [defaults] notify_ttls = 30s enroll_ttls = N EOF $toolsdir/iterate ca10 entry10 NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY | sed 's@'"$tmpdir"'@$tmpdir@g' echo echo '[Kicking off notify-then-submit.]' : > $tmpdir/notification.txt cat > $tmpdir/notify.sh << EOF #!/bin/sh touch $tmpdir/notification.txt echo The sky is falling: \$CERTMONGER_NOTIFICATION >> $tmpdir/notification.txt EOF chmod u+x $tmpdir/notify.sh cp $tmpdir/certfile10.bak $tmpdir/certfile10 cat > entry10 << EOF id=Test ca_name=SelfSign state=MONITORING key_storage_type=FILE key_storage_location=$tmpdir/keyfile10 cert_storage_type=FILE cert_storage_location=$tmpdir/certfile10 monitor=1 autorenew=1 notification_method=STDOUT EOF cat > ca10 << EOF id=SelfSign ca_type=INTERNAL:SELF ca_internal_issue_time=0 EOF openssl x509 -noout -startdate -enddate -in $tmpdir/certfile10 cat > certmonger.conf << EOF [defaults] notify_ttls = 30s enroll_ttls = 30s notification_method=command notification_destination=$tmpdir/notify.sh EOF $toolsdir/iterate ca10 entry10 NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY,NEED_CSR,GENERATING_CSR,HAVE_CSR,NEED_TO_SUBMIT,SUBMITTING,NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT,NEED_TO_READ_CERT,READING_CERT | sed 's@'"$tmpdir"'@$tmpdir@g' cat $tmpdir/notification.txt | sed 's@'"$tmpdir"'@$tmpdir@g' CERTMONGER_CONFIG_DIR="$SAVED_CONFIG_DIR" echo echo Test complete. certmonger-0.79.19/tests/011-dbinit-dbm/0000755000175000017500000000000014511314133017104 5ustar gitgit00000000000000certmonger-0.79.19/tests/011-dbinit-dbm/expected.out0000644000175000017500000000042114511314133021433 0ustar gitgit00000000000000[Generating key (dbm).] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Saving certificate (dbm).] OK Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Test ,, [Test complete.] certmonger-0.79.19/tests/011-dbinit-dbm/run.sh0000755000175000017500000000007014511314133020244 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../011-dbinit/run.sh certmonger-0.79.19/tests/011-dbinit-sql/0000755000175000017500000000000014511314133017141 5ustar gitgit00000000000000certmonger-0.79.19/tests/011-dbinit-sql/expected.out0000644000175000017500000000042114511314133021470 0ustar gitgit00000000000000[Generating key (sql).] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Saving certificate (sql).] OK Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Test ,, [Test complete.] certmonger-0.79.19/tests/011-dbinit-sql/run.sh0000755000175000017500000000007014511314133020301 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../011-dbinit/run.sh certmonger-0.79.19/tests/011-dbinit/0000755000175000017500000000000014511314133016344 5ustar gitgit00000000000000certmonger-0.79.19/tests/011-dbinit/expected.out0000644000175000017500000000040514511314133020675 0ustar gitgit00000000000000[Generating key.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Saving certificate.] OK Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Test ,, [Test complete.] certmonger-0.79.19/tests/011-dbinit/run.sh0000755000175000017500000000414014511314133017506 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions echo '['Generating key${scheme:+ \($scheme\)}.']' rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db cat > entry.key${scheme:+.$scheme} <<- EOF state=NEED_KEY_PAIR key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test EOF $toolsdir/keygen entry.key${scheme:+.$scheme} certutil -K -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' echo '['Saving certificate${scheme:+ \($scheme\)}.']' rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db cat > entry.cert${scheme:+.$scheme} <<- EOF state=NEED_TO_SAVE_CERT cert_storage_type=NSSDB cert_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db cert_nickname=Test cert=-----BEGIN CERTIFICATE----- MIIC3jCCAcagAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdwaWxs Ym94MB4XDTEwMDIxMDIyMDMzOVoXDTEwMDMxMjIyMDMzOVowEjEQMA4GA1UEAxMH cGlsbGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQOQn5USR/Q Gp2230fks3ZOjkF5VHxwLziS9rc+AFZ8UZrXMidnkhso9Eqp74CaJ+KhJI2F62wm SerBztRAVb8T98+dXUvgYIXE6OxB0ITCMMvdJZFKs5hek2Xd6uiulCegqsNOD1qy llBNLtWDoZqgXuEKfeQmUR6qUGqhVFfmL7qKmIOWN+lSswhkQrrGy3oSNVU5KWYM d7bkrKWEze8ksWgNOwDFQ2pQibYljywEfBZaLegeoASygK3yl6dVjioQmkHBk8Z1 fRLnMs8TRT7NwgsWFkKi04SGkn/VpVKZ9piMJCpYhQWIy0U2ib0nBaYec2ReFQ6r 2du1UMmkwXECAwEAAaM/MD0wFQYDVR0RAQEABAswCYIHcGlsbGJveDAWBgNVHSUB AQAEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IB AQA9dqnzVzblb0PKdiMOzLksEqFridaRVOB/hK4WHeSJQsCk6a151Fli1uX3/QHJ vRXH0P6i8eMblQ20J4IpZuO9aBLW1go8vPQM8/gD5dXUVm57sqsJlvxjKbnHplGi w8KKasuYMHGOI0M//MR84LI7Nd/JIu+9In9Y+qRj91saBIgHDKeiHQtzWdehNC+2 e3gdWc74hx26gXRO6bNE5CZExnVULNkDOsPh/nr4Qwwx+BOn4DdU8tbRvUbvjjzQ koiuvyXyTlj1E8JcT6q4P3YbCn4PTlF8xZK9+XdUzOA6HUlz2Q/ysjIQMHe6zapD 8Vw+Zwf78Wg6L4tcAJ6Y4W/Z -----END CERTIFICATE----- EOF $toolsdir/certsave entry.cert${scheme:+.$scheme} echo OK certutil -L -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,[ \t]+, ,g' -e 's,Services ",Services",g' echo '['Test complete.']' certmonger-0.79.19/tests/012-dbadd-dbm/0000755000175000017500000000000014511314133016672 5ustar gitgit00000000000000certmonger-0.79.19/tests/012-dbadd-dbm/expected.out0000644000175000017500000000042114511314133021221 0ustar gitgit00000000000000[Generating key (dbm).] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Saving certificate (dbm).] OK Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Test ,, [Test complete.] certmonger-0.79.19/tests/012-dbadd-dbm/run.sh0000755000175000017500000000006714511314133020040 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../012-dbadd/run.sh certmonger-0.79.19/tests/012-dbadd-sql/0000755000175000017500000000000014511314133016727 5ustar gitgit00000000000000certmonger-0.79.19/tests/012-dbadd-sql/expected.out0000644000175000017500000000042114511314133021256 0ustar gitgit00000000000000[Generating key (sql).] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Saving certificate (sql).] OK Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Test ,, [Test complete.] certmonger-0.79.19/tests/012-dbadd-sql/run.sh0000755000175000017500000000006714511314133020075 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../012-dbadd/run.sh certmonger-0.79.19/tests/012-dbadd/0000755000175000017500000000000014511314133016132 5ustar gitgit00000000000000certmonger-0.79.19/tests/012-dbadd/expected.out0000644000175000017500000000040514511314133020463 0ustar gitgit00000000000000[Generating key.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Saving certificate.] OK Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Test ,, [Test complete.] certmonger-0.79.19/tests/012-dbadd/run.sh0000755000175000017500000000431014511314133017273 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions echo '['Generating key${scheme:+ \($scheme\)}.']' rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db initnssdb ${scheme:+${scheme}:}$tmpdir/${scheme}db cat > entry.key${scheme:+.$scheme} <<- EOF state=NEED_KEY_PAIR key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test EOF $toolsdir/keygen entry.key${scheme:+.$scheme} certutil -K -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' echo '['Saving certificate${scheme:+ \($scheme\)}.']' rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db initnssdb ${scheme:+${scheme}:}$tmpdir/${scheme}db cat > entry.cert${scheme:+.$scheme} <<- EOF state=NEED_TO_SAVE_CERT cert_storage_type=NSSDB cert_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db cert_nickname=Test cert=-----BEGIN CERTIFICATE----- MIIC3jCCAcagAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdwaWxs Ym94MB4XDTEwMDIxMDIyMDMzOVoXDTEwMDMxMjIyMDMzOVowEjEQMA4GA1UEAxMH cGlsbGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQOQn5USR/Q Gp2230fks3ZOjkF5VHxwLziS9rc+AFZ8UZrXMidnkhso9Eqp74CaJ+KhJI2F62wm SerBztRAVb8T98+dXUvgYIXE6OxB0ITCMMvdJZFKs5hek2Xd6uiulCegqsNOD1qy llBNLtWDoZqgXuEKfeQmUR6qUGqhVFfmL7qKmIOWN+lSswhkQrrGy3oSNVU5KWYM d7bkrKWEze8ksWgNOwDFQ2pQibYljywEfBZaLegeoASygK3yl6dVjioQmkHBk8Z1 fRLnMs8TRT7NwgsWFkKi04SGkn/VpVKZ9piMJCpYhQWIy0U2ib0nBaYec2ReFQ6r 2du1UMmkwXECAwEAAaM/MD0wFQYDVR0RAQEABAswCYIHcGlsbGJveDAWBgNVHSUB AQAEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IB AQA9dqnzVzblb0PKdiMOzLksEqFridaRVOB/hK4WHeSJQsCk6a151Fli1uX3/QHJ vRXH0P6i8eMblQ20J4IpZuO9aBLW1go8vPQM8/gD5dXUVm57sqsJlvxjKbnHplGi w8KKasuYMHGOI0M//MR84LI7Nd/JIu+9In9Y+qRj91saBIgHDKeiHQtzWdehNC+2 e3gdWc74hx26gXRO6bNE5CZExnVULNkDOsPh/nr4Qwwx+BOn4DdU8tbRvUbvjjzQ koiuvyXyTlj1E8JcT6q4P3YbCn4PTlF8xZK9+XdUzOA6HUlz2Q/ysjIQMHe6zapD 8Vw+Zwf78Wg6L4tcAJ6Y4W/Z -----END CERTIFICATE----- EOF $toolsdir/certsave entry.cert${scheme:+.$scheme} echo OK certutil -L -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,[ \t]+, ,g' -e 's,Services ",Services",g' echo '['Test complete.']' certmonger-0.79.19/tests/013-enckey-dbm/0000755000175000017500000000000014511314133017113 5ustar gitgit00000000000000certmonger-0.79.19/tests/013-enckey-dbm/expected.out0000644000175000017500000000270414511314133021450 0ustar gitgit00000000000000[Read Key Info With PIN.] OK (RSA:2048). [Read Key Info With PIN File.] OK (RSA:2048). [Generate Key With PIN.] OK. -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- [Generate CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Not Pre-creating database.] [Generating key (dbm) with PIN.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Reading Key Info With PIN.] OK (RSA:2048). certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Creating database.] [Generating key (dbm) with PIN.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Reading Key Info With PIN.] OK (RSA:2048). certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Test complete.] certmonger-0.79.19/tests/013-enckey-dbm/run.sh0000755000175000017500000000007014511314133020253 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../013-enckey/run.sh certmonger-0.79.19/tests/013-enckey-sql/0000755000175000017500000000000014511314133017150 5ustar gitgit00000000000000certmonger-0.79.19/tests/013-enckey-sql/expected.out0000644000175000017500000000270414511314133021505 0ustar gitgit00000000000000[Read Key Info With PIN.] OK (RSA:2048). [Read Key Info With PIN File.] OK (RSA:2048). [Generate Key With PIN.] OK. -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- [Generate CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Not Pre-creating database.] [Generating key (sql) with PIN.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Reading Key Info With PIN.] OK (RSA:2048). certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Creating database.] [Generating key (sql) with PIN.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Reading Key Info With PIN.] OK (RSA:2048). certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Test complete.] certmonger-0.79.19/tests/013-enckey-sql/run.sh0000755000175000017500000000007014511314133020310 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../013-enckey/run.sh certmonger-0.79.19/tests/013-enckey/0000755000175000017500000000000014511314133016353 5ustar gitgit00000000000000certmonger-0.79.19/tests/013-enckey/expected.out0000644000175000017500000000267014511314133020712 0ustar gitgit00000000000000[Read Key Info With PIN.] OK (RSA:2048). [Read Key Info With PIN File.] OK (RSA:2048). [Generate Key With PIN.] OK. -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- [Generate CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Not Pre-creating database.] [Generating key with PIN.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Reading Key Info With PIN.] OK (RSA:2048). certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Creating database.] [Generating key with PIN.] OK. certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Reading Key Info With PIN.] OK (RSA:2048). certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa PRIVATE-KEY Test [Test complete.] certmonger-0.79.19/tests/013-enckey/run.sh0000755000175000017500000000742214511314133017523 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions size=2048 echo BlahBlah > pin.txt cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_pin=BlahBlah EOF cat > keyfile <<- EOF -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,6D3E363E83BA9625DBD7F9A72916A6C5 rwAsW2aMYZBbnPMK9ceei/xVq4OP7ecYKUcVYED6Vt+Z1j2mD2RJM1/WRtfhzkFB vVKzalWgsnqB8VzUbTe38s9HP5ldGbv9IYFW4KDIMDP603Cce3IrAhgSwUqoE+6I 5NwdzsqH/m8tCT9ZJk20nY/9G/2/OdAuu3C+DQziWVyhs44L5K3hlU4j1ox0/NaU cHTUORWB1yPLY2dEeeJoB/MgKN+RYQVaAXOfofDZOMsHlu71ZfWJIpEdHrSi1C1Q pKZK4sVXpwbT20WVAj710IyVu6i4ybCfNKsPCfpicvqpwqzAs+hap03D0BoTsZ0u GZ6mh8w6QLsqReXVsHK4KksJnpprBTCbtiA4KfmZ4LAoKjKBH//8UJhZHeuB3xao NACmweBANowsCdbVOFQV2vTg48zWHFnV92t9GLgAx6QeX161GCSXMK5JX854K0nq /9hb4/XtGoGRD1BrR5S3oVK6cKLsEffQ3wq4GfE5g3e4LhOpA6QFLMxU6Tj6lOHO mr6KrlAuyMzeCZImx786CtP87ECD+zHFzpx88EBAVIVr/zWUC0Z03cZXklFKLRfQ YnOahBXxrxjFSPfnQVFkATVqPb3cC87zUEahxYcRycHHed4Q7nlkcKcu/6d2+6O0 XGlcAuqtn9SurObxtn7KPQbZWi99SUguFpD51Orc0AWirWIGom41VBJ1FXHUiSb8 l8A5e9oHNwyweVOIvB0bUu8I2IgTGA5u8ObYhsEX48r6uH7qHWNjGoYm2gG461ec wYn+x8H/Jum+M3uLKH2ARrECHyOZAlvHWll1YT2XIfD2nTSjkXvirg9InzXhoncZ W2HU9u+N8Wl9S2dK5sDk+wIZjK2NrNr2kTgnIL3pLPK2QD0+SaDfG0FOt5dimHPd 0Qrj1iLjaEf11O3k5FRYctviPy/7Bxp4gfiNrdSZcvGsf4a1izjYsgR6x/1VDWhW A2d84q8rA0ac5KH3pQvucziJQbWAkJ2OGdcb3ciyxjUD97kN9X0ymXbDLiXrhy7x JYit5EUqvLHTpwen+/oFD/Vfc25qiAqjsa9Gqh6RxkiRGjV9ifNo83MvuhgdScFB XMtEL0ugTBII0V5xfg9OQYE7lwlK0WV59osGI3hlEDcPkqpfV030Yy8Ac0xfnNlL mWNzFL30/lbp7ujqRsazgT2w1IHZs/KiJ7USMtyKQvZvFiJIu5up1Mk7RMktNkb1 w18yPa98a5E2zVHtgOcwDu1+527UDLt9kw8EMrYw7Z2SZFuWmCIoYHfRZfv4VKEq 71JcF9MphytcpXJalLMVLm9qP2Fb60sSV1qOG1xiS0OhFGTPqFr9Gqj8jvpwTA62 u7DomMcgjaIqHQBexermp8MHhSBFkuPRHN8PqW2JnrnZ2yBBCzt8ggWXEIPvTRhy 9SUjHVen/LBk4ux2tfT2BwXWZTBRyjqmJDcEPFq9OA/InYFbEoZ4jaqqbE3S18pZ 0IQvbS6KT95b9zZhyUSW1ihOoVtBHlYSSFVkycXSiMVFJktEOMNdqsBm+zKwCq21 nV7TSp7bQHQ62mo4zyc5xRk0r/AJTGPY/NPmACewKuxth0zU+rLachA8EsmHel/4 -----END RSA PRIVATE KEY----- EOF echo '['Read Key Info With PIN.']' $toolsdir/keyiread entry cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_pin_file=$tmpdir/pin.txt EOF echo '['Read Key Info With PIN File.']' $toolsdir/keyiread entry cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_pin_file=$tmpdir/pin.txt key_gen_size=2048 EOF rm $tmpdir/keyfile echo '['Generate Key With PIN.']' $toolsdir/keygen entry egrep '(: |PRIVATE)' $tmpdir/keyfile echo '['Generate CSR With PIN.']' rm -f csr.pem $toolsdir/csrgen entry > csr.pem egrep '(: |REQUEST)' $tmpdir/csr.pem for precreate in false true ; do rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db if $precreate ; then echo '['Creating database.']' initnssdb "${scheme:+${scheme}:}$tmpdir/${scheme}db" BlahBlah else echo '['Not Pre-creating database.']' fi cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test key_pin_file=$tmpdir/pin.txt EOF echo '['Generating key${scheme:+ \($scheme\)} with PIN.']' $toolsdir/keygen entry certutil -K -f $tmpdir/pin.txt -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' echo '['Reading Key Info With PIN.']' $toolsdir/keyiread entry certutil -K -f $tmpdir/pin.txt -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' echo '['Generating CSR With PIN.']' rm -f csr.pem $toolsdir/csrgen entry > csr.pem egrep '(: |REQUEST)' $tmpdir/csr.pem certutil -K -f $tmpdir/pin.txt -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' done echo '['Test complete.']' certmonger-0.79.19/tests/014-prefs/0000755000175000017500000000000014511314133016215 5ustar gitgit00000000000000certmonger-0.79.19/tests/014-prefs/expected.out0000644000175000017500000000255314511314133020554 0ustar gitgit00000000000000[Empty file.] cipher: AES128 digest: SHA256 notify_ttls: 3600, 7200, 21600, 43200, 86400, 172800, 259200, 604800, 2419200 enroll_ttls: 3600, 7200, 21600, 43200, 86400, 172800, 259200, 604800, 2419200 notification: SYSLOG:daemon.notice RSA key size: default [Empty defaults.] cipher: AES128 digest: SHA256 notify_ttls: 3600, 7200, 21600, 43200, 86400, 172800, 259200, 604800, 2419200 enroll_ttls: 3600, 7200, 21600, 43200, 86400, 172800, 259200, 604800, 2419200 notification: SYSLOG:daemon.notice RSA key size: default [Other settings.] cipher: AES128 digest: SHA1 notify_ttls: 30, 60, 90 enroll_ttls: 30, 60, 90 notification: MAILTO:root RSA key size: default [Other settings.] cipher: AES128 digest: SHA512 notify_ttls: 86400, 604800, 1209600, 2419200, 31536000 enroll_ttls: 86400, 604800, 1209600, 2419200, 31536000 notification: MAILTO:root RSA key size: default [TTL settings compatibility and notification commands.] cipher: AES128 digest: SHA256 notify_ttls: 86400, 604800, 1209600 enroll_ttls: 86400, 604800, 1209600, 2419200 notification: COMMAND:logger "The sky is falling!" RSA key size: default [RSA key size default.] cipher: AES128 digest: SHA256 notify_ttls: 3600, 7200, 21600, 43200, 86400, 172800, 259200, 604800, 2419200 enroll_ttls: 3600, 7200, 21600, 43200, 86400, 172800, 259200, 604800, 2419200 notification: SYSLOG:daemon.notice RSA key size: 4096 [Test complete.] certmonger-0.79.19/tests/014-prefs/run.sh0000755000175000017500000000231514511314133017361 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" CERTMONGER_CONFIG_DIR=$tmpdir; export CERTMONGER_CONFIG_DIR source "$srcdir"/functions echo '['Empty file.']' cat > certmonger.conf << EOF EOF $toolsdir/prefs echo '['Empty defaults.']' cat > certmonger.conf << EOF [defaults] EOF $toolsdir/prefs echo '['Other settings.']' cat > certmonger.conf << EOF [defaults] cipher = aes256 digest = sha-1 ttls = 30 60 90 notification_method = mail notification_destination = root EOF $toolsdir/prefs echo '['Other settings.']' cat > certmonger.conf << EOF [defaults] cipher = aes128 digest = sha512 ttls = 1d 14d 7d 28d 1y notification_method = mail notification_destination = root EOF # Accept 366*24*60*60 as a valid substitute for 365*24*60*60 when computing # seconds-until-it's-one-year-from-now $toolsdir/prefs | sed -e 's,31622400$,31536000,g' echo '['TTL settings compatibility and notification commands.']' cat > certmonger.conf << EOF [defaults] enroll_ttls = 1d 14d 7d 28d notify_ttls = 1d 14d 7d notification_method = command notification_destination = logger "The sky is falling!" EOF $toolsdir/prefs echo '['RSA key size default.']' cat > certmonger.conf << EOF [defaults] rsa_key_size = 4096 EOF $toolsdir/prefs echo '['Test complete.']' certmonger-0.79.19/tests/015-lockedkey-dbm/0000755000175000017500000000000014511314133017611 5ustar gitgit00000000000000certmonger-0.79.19/tests/015-lockedkey-dbm/expected.out0000644000175000017500000000542614511314133022152 0ustar gitgit00000000000000[Generate Key Without PIN.] OK. -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- [Try To Read Key Without PIN.] OK (RSA:2048). [Retry With Unnecessary PIN File.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Replacing key with an encrypted one.] [Read Key Info With Bogus PIN Location.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Read Key Info Without PIN.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retrying With PIN.] OK (RSA:512). [Read Key Info Without PIN File.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retry With PIN File.] OK (RSA:512). [Generate Key With PIN.] OK. -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- [Try To Read Key Without PIN.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retry With PIN File.] OK (RSA:2048). [Generate CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Not pre-creating database.] [Generating key (dbm) without PIN.] OK. < 0> rsa PRIVATE-KEY Test [Providing Unnecessary PIN.] [Reading Key Info With Unnecessary PIN.] Failed to read key "dbm:$tmpdir/dbmdb":"Test". (Need PIN.) < 0> rsa PRIVATE-KEY Test [Generating CSR With Unnecessary PIN.] < 0> rsa PRIVATE-KEY Test [Creating database, without PIN.] [Generating key (dbm) without PIN.] OK. < 0> rsa PRIVATE-KEY Test [Providing Unnecessary PIN.] [Reading Key Info With Unnecessary PIN.] Failed to read key "dbm:$tmpdir/dbmdb":"Test". (Need PIN.) < 0> rsa PRIVATE-KEY Test [Generating CSR With Unnecessary PIN.] < 0> rsa PRIVATE-KEY Test [Not pre-creating database, with PIN.] [Generating key (dbm) with PIN.] OK. < 0> rsa PRIVATE-KEY Test [Reading Key Info Without PIN.] Failed to read key "dbm:$tmpdir/dbmdb":"Test". (Need PIN.) Incorrect password/PIN entered. certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect. [Reading Key Info With Bogus PIN Location.] Failed to read key "dbm:$tmpdir/dbmdb":"Test". (Need PIN.) [Reading Key Info With PIN.] OK (RSA:2048). [Generating CSR Without PIN.] [Generating CSR With Bogus PIN Location.] [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Creating database with PIN.] [Generating key (dbm) with PIN.] OK. < 0> rsa PRIVATE-KEY Test [Reading Key Info Without PIN.] Failed to read key "dbm:$tmpdir/dbmdb":"Test". (Need PIN.) Incorrect password/PIN entered. certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect. [Reading Key Info With Bogus PIN Location.] Failed to read key "dbm:$tmpdir/dbmdb":"Test". (Need PIN.) [Reading Key Info With PIN.] OK (RSA:2048). [Generating CSR Without PIN.] [Generating CSR With Bogus PIN Location.] [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Test complete.] certmonger-0.79.19/tests/015-lockedkey-dbm/run.sh0000755000175000017500000000007314511314133020754 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../015-lockedkey/run.sh certmonger-0.79.19/tests/015-lockedkey-sql/0000755000175000017500000000000014511314133017646 5ustar gitgit00000000000000certmonger-0.79.19/tests/015-lockedkey-sql/expected.out0000644000175000017500000000542614511314133022207 0ustar gitgit00000000000000[Generate Key Without PIN.] OK. -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- [Try To Read Key Without PIN.] OK (RSA:2048). [Retry With Unnecessary PIN File.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Replacing key with an encrypted one.] [Read Key Info With Bogus PIN Location.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Read Key Info Without PIN.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retrying With PIN.] OK (RSA:512). [Read Key Info Without PIN File.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retry With PIN File.] OK (RSA:512). [Generate Key With PIN.] OK. -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- [Try To Read Key Without PIN.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retry With PIN File.] OK (RSA:2048). [Generate CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Not pre-creating database.] [Generating key (sql) without PIN.] OK. < 0> rsa PRIVATE-KEY Test [Providing Unnecessary PIN.] [Reading Key Info With Unnecessary PIN.] Failed to read key "sql:$tmpdir/sqldb":"Test". (Need PIN.) < 0> rsa PRIVATE-KEY Test [Generating CSR With Unnecessary PIN.] < 0> rsa PRIVATE-KEY Test [Creating database, without PIN.] [Generating key (sql) without PIN.] OK. < 0> rsa PRIVATE-KEY Test [Providing Unnecessary PIN.] [Reading Key Info With Unnecessary PIN.] Failed to read key "sql:$tmpdir/sqldb":"Test". (Need PIN.) < 0> rsa PRIVATE-KEY Test [Generating CSR With Unnecessary PIN.] < 0> rsa PRIVATE-KEY Test [Not pre-creating database, with PIN.] [Generating key (sql) with PIN.] OK. < 0> rsa PRIVATE-KEY Test [Reading Key Info Without PIN.] Failed to read key "sql:$tmpdir/sqldb":"Test". (Need PIN.) Incorrect password/PIN entered. certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect. [Reading Key Info With Bogus PIN Location.] Failed to read key "sql:$tmpdir/sqldb":"Test". (Need PIN.) [Reading Key Info With PIN.] OK (RSA:2048). [Generating CSR Without PIN.] [Generating CSR With Bogus PIN Location.] [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Creating database with PIN.] [Generating key (sql) with PIN.] OK. < 0> rsa PRIVATE-KEY Test [Reading Key Info Without PIN.] Failed to read key "sql:$tmpdir/sqldb":"Test". (Need PIN.) Incorrect password/PIN entered. certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect. [Reading Key Info With Bogus PIN Location.] Failed to read key "sql:$tmpdir/sqldb":"Test". (Need PIN.) [Reading Key Info With PIN.] OK (RSA:2048). [Generating CSR Without PIN.] [Generating CSR With Bogus PIN Location.] [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Test complete.] certmonger-0.79.19/tests/015-lockedkey-sql/run.sh0000755000175000017500000000007314511314133021011 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../015-lockedkey/run.sh certmonger-0.79.19/tests/015-lockedkey/0000755000175000017500000000000014511314133017051 5ustar gitgit00000000000000certmonger-0.79.19/tests/015-lockedkey/expected.out0000644000175000017500000000532414511314133021407 0ustar gitgit00000000000000[Generate Key Without PIN.] OK. -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- [Try To Read Key Without PIN.] OK (RSA:2048). [Retry With Unnecessary PIN File.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Replacing key with an encrypted one.] [Read Key Info With Bogus PIN Location.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Read Key Info Without PIN.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retrying With PIN.] OK (RSA:512). [Read Key Info Without PIN File.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retry With PIN File.] OK (RSA:512). [Generate Key With PIN.] OK. -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- [Try To Read Key Without PIN.] Failed to read key "$tmpdir/keyfile". (Need PIN.) [Retry With PIN File.] OK (RSA:2048). [Generate CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Not pre-creating database.] [Generating key without PIN.] OK. < 0> rsa PRIVATE-KEY Test [Providing Unnecessary PIN.] [Reading Key Info With Unnecessary PIN.] Failed to read key "$tmpdir/db":"Test". (Need PIN.) < 0> rsa PRIVATE-KEY Test [Generating CSR With Unnecessary PIN.] < 0> rsa PRIVATE-KEY Test [Creating database, without PIN.] [Generating key without PIN.] OK. < 0> rsa PRIVATE-KEY Test [Providing Unnecessary PIN.] [Reading Key Info With Unnecessary PIN.] Failed to read key "$tmpdir/db":"Test". (Need PIN.) < 0> rsa PRIVATE-KEY Test [Generating CSR With Unnecessary PIN.] < 0> rsa PRIVATE-KEY Test [Not pre-creating database, with PIN.] [Generating key with PIN.] OK. < 0> rsa PRIVATE-KEY Test [Reading Key Info Without PIN.] Failed to read key "$tmpdir/db":"Test". (Need PIN.) Incorrect password/PIN entered. certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect. [Reading Key Info With Bogus PIN Location.] Failed to read key "$tmpdir/db":"Test". (Need PIN.) [Reading Key Info With PIN.] OK (RSA:2048). [Generating CSR Without PIN.] [Generating CSR With Bogus PIN Location.] [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Creating database with PIN.] [Generating key with PIN.] OK. < 0> rsa PRIVATE-KEY Test [Reading Key Info Without PIN.] Failed to read key "$tmpdir/db":"Test". (Need PIN.) Incorrect password/PIN entered. certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect. [Reading Key Info With Bogus PIN Location.] Failed to read key "$tmpdir/db":"Test". (Need PIN.) [Reading Key Info With PIN.] OK (RSA:2048). [Generating CSR Without PIN.] [Generating CSR With Bogus PIN Location.] [Generating CSR With PIN.] -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- [Test complete.] certmonger-0.79.19/tests/015-lockedkey/run.sh0000755000175000017500000001464614511314133020227 0ustar gitgit00000000000000#!/bin/bash cd "$tmpdir" source "$srcdir"/functions size=2048 pin=blahblah echo $pin > pin.txt echo "" > empty.txt clean() { sed -r -e 's|'"$tmpdir"'|$tmpdir|g' -e 's,: SEC_ERROR_[^:]+: ,: ,g' |\ grep -vF 'certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"' } echo '['Generate Key Without PIN.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_gen_size=$size EOF rm -f $tmpdir/keyfile $toolsdir/keygen entry | clean egrep '(: |PRIVATE)' $tmpdir/keyfile echo '['Try To Read Key Without PIN.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_gen_size=$size EOF $toolsdir/keyiread entry | clean echo '['Retry With Unnecessary PIN File.']' echo key_pin_file=$tmpdir/pin.txt >> entry $toolsdir/keyiread entry | clean echo '['Replacing key with an encrypted one.']' cat > keyfile <<- EOF -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,6D45AA0F810E9C67 4PkG3RcN8x3s5B1QlpCnfRouU5cR1Ws6lUTClbxqJwLtnJQb5gfvJmOCVft3guKE UYfYbwsE1xiz1SOPyQiMCQFN6kHTQQOXeoDa0FI2EJOKMaYDG8eyt9lIBVb3nAVo YsWh6lvgZVAcyf9EwqaXm/5Ay3rdoyT1yktN4TpC8AvCjAHy3y1Vb/e2TDmz8faQ FS5T/L7oCaNcbfK/PSBG9jAQdlLJoL53L9eKzMK6WP2LTtVFI2i7vDuQnQPw5GN7 Q+HGpLSICBZbw6n1MmTmmdOtowDnXmr6FSyECB5ibdCqb+2itNQ+J1HNOtKzpbKC 3q6YSAMDw/D8e45auh3FRt6SAYvZ8Tw4jNqd16P6/aa5rno3qMWBcv0G0fmb0N6R Hka4FKLjBQo5g0WxKvpRwxHrrQW6JeT9I5+NgNN4sJc= -----END RSA PRIVATE KEY----- EOF echo '['Read Key Info With Bogus PIN Location.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_pin_file=$tmpdir/bogus-pin.txt EOF $toolsdir/keyiread entry | clean echo '['Read Key Info Without PIN.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile EOF $toolsdir/keyiread entry | clean echo '['Retrying With PIN.']' echo key_pin=$pin >> entry $toolsdir/keyiread entry | clean echo '['Read Key Info Without PIN File.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile EOF $toolsdir/keyiread entry | clean echo '['Retry With PIN File.']' echo key_pin_file=$tmpdir/pin.txt >> entry $toolsdir/keyiread entry | clean echo '['Generate Key With PIN.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_gen_size=2048 key_pin_file=$tmpdir/pin.txt EOF rm -f $tmpdir/keyfile $toolsdir/keygen entry | clean egrep '(: |PRIVATE)' $tmpdir/keyfile echo '['Try To Read Key Without PIN.']' cat > entry <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/keyfile key_gen_size=2048 EOF $toolsdir/keyiread entry | clean echo '['Retry With PIN File.']' echo key_pin_file=$tmpdir/pin.txt >> entry $toolsdir/keyiread entry | clean echo '['Generate CSR With PIN.']' rm -f csr.pem echo key_pin_file=$tmpdir/pin.txt >> entry $toolsdir/csrgen entry > csr.pem | clean egrep '(: |REQUEST)' $tmpdir/csr.pem for precreate in false true ; do rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db if $precreate ; then echo '['Creating database, without PIN.']' initnssdb "${scheme:+${scheme}:}$tmpdir/${scheme}db" else echo '['Not pre-creating database.']' fi cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test EOF echo '['Generating key${scheme:+ \($scheme\)} without PIN.']' $toolsdir/keygen entry | clean run_certutil -K -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' | clean echo '['Providing Unnecessary PIN.']' echo key_pin_file=$tmpdir/pin.txt >> entry echo '['Reading Key Info With Unnecessary PIN.']' $toolsdir/keyiread entry | clean run_certutil -K -d ${scheme:+${scheme}:}$tmpdir/${scheme}db -f $tmpdir/pin.txt 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' | clean echo '['Generating CSR With Unnecessary PIN.']' rm -f csr.pem $toolsdir/csrgen entry > csr.pem | clean egrep '(: |REQUEST)' $tmpdir/csr.pem run_certutil -K -d ${scheme:+${scheme}:}$tmpdir/${scheme}db -f $tmpdir/pin.txt 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' | clean done for precreate in false true ; do rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db if $precreate ; then echo '['Creating database with PIN.']' initnssdb "${scheme:+${scheme}:}$tmpdir/${scheme}db" $pin else echo '['Not pre-creating database, with PIN.']' fi cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test key_pin_file=$tmpdir/pin.txt EOF echo '['Generating key${scheme:+ \($scheme\)} with PIN.']' $toolsdir/keygen entry | clean run_certutil -K -f $tmpdir/pin.txt -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' | clean echo '['Reading Key Info Without PIN.']' cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test EOF $toolsdir/keyiread entry | clean run_certutil -K -f $tmpdir/empty.txt -d ${scheme:+${scheme}:}$tmpdir/${scheme}db 2>&1 | sed -re 's,rsa .* Test,rsa PRIVATE-KEY Test,g' -e 's,[ \t]+, ,g' -e 's,Services ",Services",g' | clean echo '['Reading Key Info With Bogus PIN Location.']' echo key_pin_file=$tmpdir/bogus-pin.txt >> entry $toolsdir/keyiread entry | clean echo '['Reading Key Info With PIN.']' cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test key_pin_file=$tmpdir/pin.txt EOF $toolsdir/keyiread entry | clean echo '['Generating CSR Without PIN.']' cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test EOF rm -f csr.pem $toolsdir/csrgen entry > csr.pem | clean egrep '(: |REQUEST)' $tmpdir/csr.pem echo '['Generating CSR With Bogus PIN Location.']' echo key_pin_file=$tmpdir/bogus-pin.txt >> entry rm -f csr.pem $toolsdir/csrgen entry > csr.pem | clean egrep '(: |REQUEST)' $tmpdir/csr.pem echo '['Generating CSR With PIN.']' cat > entry <<- EOF key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_nickname=Test key_pin_file=$tmpdir/pin.txt EOF rm -f csr.pem $toolsdir/csrgen entry > csr.pem | clean egrep '(: |REQUEST)' $tmpdir/csr.pem done echo '['Test complete.']' certmonger-0.79.19/tests/016-dates/0000755000175000017500000000000014511314133016200 5ustar gitgit00000000000000certmonger-0.79.19/tests/016-dates/expected.out0000644000175000017500000000426414511314133020540 0ustar gitgit00000000000000[Tests begin.] 1999-01-01 00:00:00 + "1s" = 1999-01-01 00:00:01 1999-01-01 00:00:00 + "30" = 1999-01-01 00:00:30 1999-01-01 00:00:00 + "1m" = 1999-01-01 00:01:00 1999-01-01 00:00:00 + "1h" = 1999-01-01 01:00:00 1999-01-01 00:00:00 + "24h" = 1999-01-02 00:00:00 1999-01-01 00:00:00 + "1d" = 1999-01-02 00:00:00 1999-01-01 00:00:00 + "2w" = 1999-01-15 00:00:00 1999-01-01 00:00:00 + "28d" = 1999-01-29 00:00:00 1999-01-01 00:00:00 + "1M" = 1999-02-01 00:00:00 1999-01-01 00:00:00 + "6M" = 1999-07-01 00:00:00 1999-01-01 00:00:00 + "1y" = 2000-01-01 00:00:00 1999-01-01 00:00:00 + "5y" = 2004-01-01 00:00:00 1999-01-01 00:00:00 + "3y 2M 3d" = 2002-03-04 00:00:00 2000-01-01 00:00:00 + "1s" = 2000-01-01 00:00:01 2000-01-01 00:00:00 + "1m" = 2000-01-01 00:01:00 2000-01-01 00:00:00 + "60m" = 2000-01-01 01:00:00 2000-01-01 00:00:00 + "24h" = 2000-01-02 00:00:00 2000-01-01 00:00:00 + "1d" = 2000-01-02 00:00:00 2000-01-01 00:00:00 + "2w" = 2000-01-15 00:00:00 2000-01-01 00:00:00 + "28d" = 2000-01-29 00:00:00 2000-01-01 00:00:00 + "1M" = 2000-02-01 00:00:00 2000-01-01 00:00:00 + "6M" = 2000-07-01 00:00:00 2000-01-01 00:00:00 + "1y" = 2001-01-01 00:00:00 2000-01-01 00:00:00 + "5y" = 2005-01-01 00:00:00 2000-01-01 00:00:00 + "3y 2M 3d" = 2003-03-04 00:00:00 2001-01-01 00:00:00 + "1s" = 2001-01-01 00:00:01 2001-01-01 00:00:00 + "1m" = 2001-01-01 00:01:00 2001-01-01 00:00:00 + "60m" = 2001-01-01 01:00:00 2001-01-01 00:00:00 + "1h" = 2001-01-01 01:00:00 2001-01-01 00:00:00 + "1d" = 2001-01-02 00:00:00 2001-01-01 00:00:00 + "2w" = 2001-01-15 00:00:00 2001-01-01 00:00:00 + "28d" = 2001-01-29 00:00:00 2001-01-01 00:00:00 + "1M" = 2001-02-01 00:00:00 2001-01-01 00:00:00 + "6M" = 2001-07-01 00:00:00 2001-01-01 00:00:00 + "1y" = 2002-01-01 00:00:00 2001-01-01 00:00:00 + "5y" = 2006-01-01 00:00:00 2001-01-01 00:00:00 + "3y 2M 3d" = 2004-03-04 00:00:00 2008-01-01 00:00:00 + "36h" = 2008-01-02 12:00:00 2008-01-01 00:00:00 + "48h" = 2008-01-03 00:00:00 2008-01-01 00:00:00 + "2w3600" = 2008-01-15 01:00:00 2008-01-01 00:00:00 + "336h" = 2008-01-15 00:00:00 2008-01-01 00:00:00 + "1080h" = 2008-02-15 00:00:00 2008-01-01 00:00:00 + "14M" = 2009-03-01 00:00:00 2008-01-01 00:00:00 + "1y14M" = 2010-03-01 00:00:00 [Test complete.] certmonger-0.79.19/tests/016-dates/run.sh0000755000175000017500000000066014511314133017345 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" CERTMONGER_CONFIG_DIR=$tmpdir; export CERTMONGER_CONFIG_DIR source "$srcdir"/functions echo '['Tests begin.']' $toolsdir/dates 1999 1s 30 1m 1h 24h 1d 2w 28d 1M 6M 1y 5y "3y 2M 3d" $toolsdir/dates 2000 1s 1m 60m 24h 1d 2w 28d 1M 6M 1y 5y "3y 2M 3d" $toolsdir/dates 2001 1s 1m 60m 1h 1d 2w 28d 1M 6M 1y 5y "3y 2M 3d" $toolsdir/dates 2008 36h 48h "2w3600" 336h 1080h 14M 1y14M echo '['Test complete.']' certmonger-0.79.19/tests/017-notoken-dbm/0000755000175000017500000000000014511314133017316 5ustar gitgit00000000000000certmonger-0.79.19/tests/017-notoken-dbm/expected.out0000644000175000017500000000076614511314133021661 0ustar gitgit00000000000000[Creating database.] [Generating key (dbm) with no token.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR NEED_KEY_GEN_TOKEN -STOP- state=NEED_KEY_GEN_TOKEN [Creating database.] [Reading Key Info (dbm) with no token.] NEED_KEYINFO -START- READING_KEYINFO NEED_KEYINFO_READ_TOKEN -STOP- state=NEED_KEYINFO_READ_TOKEN [Creating database.] [Generating CSR (dbm) with no token.] NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR NEED_CSR_GEN_TOKEN -STOP- state=NEED_CSR_GEN_TOKEN [Test complete.] certmonger-0.79.19/tests/017-notoken-dbm/run.sh0000755000175000017500000000007114511314133020457 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../017-notoken/run.sh certmonger-0.79.19/tests/017-notoken-sql/0000755000175000017500000000000014511314133017353 5ustar gitgit00000000000000certmonger-0.79.19/tests/017-notoken-sql/expected.out0000644000175000017500000000076614511314133021716 0ustar gitgit00000000000000[Creating database.] [Generating key (sql) with no token.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR NEED_KEY_GEN_TOKEN -STOP- state=NEED_KEY_GEN_TOKEN [Creating database.] [Reading Key Info (sql) with no token.] NEED_KEYINFO -START- READING_KEYINFO NEED_KEYINFO_READ_TOKEN -STOP- state=NEED_KEYINFO_READ_TOKEN [Creating database.] [Generating CSR (sql) with no token.] NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR NEED_CSR_GEN_TOKEN -STOP- state=NEED_CSR_GEN_TOKEN [Test complete.] certmonger-0.79.19/tests/017-notoken-sql/run.sh0000755000175000017500000000007114511314133020514 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../017-notoken/run.sh certmonger-0.79.19/tests/017-notoken/0000755000175000017500000000000014511314133016556 5ustar gitgit00000000000000certmonger-0.79.19/tests/017-notoken/expected.out0000644000175000017500000000074414511314133021115 0ustar gitgit00000000000000[Creating database.] [Generating key with no token.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR NEED_KEY_GEN_TOKEN -STOP- state=NEED_KEY_GEN_TOKEN [Creating database.] [Reading Key Info with no token.] NEED_KEYINFO -START- READING_KEYINFO NEED_KEYINFO_READ_TOKEN -STOP- state=NEED_KEYINFO_READ_TOKEN [Creating database.] [Generating CSR with no token.] NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR NEED_CSR_GEN_TOKEN -STOP- state=NEED_CSR_GEN_TOKEN [Test complete.] certmonger-0.79.19/tests/017-notoken/run.sh0000755000175000017500000000320314511314133017717 0ustar gitgit00000000000000#!/bin/bash cd "$tmpdir" source "$srcdir"/functions size=2048 cat > $tmpdir/ca << EOF id=Lostie ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-unconfigured EOF rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db echo '['Creating database.']' initnssdb "${scheme:+${scheme}:}$tmpdir/${scheme}db" BlahBlah cat > entry <<- EOF id=Test key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_token=No Such Token key_nickname=Test state=NEED_KEY_PAIR EOF echo '['Generating key${scheme:+ \($scheme\)} with no token.']' $toolsdir/iterate $tmpdir/ca $tmpdir/entry NEED_KEY_PAIR,GENERATING_KEY_PAIR grep ^state= $tmpdir/entry rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db echo '['Creating database.']' initnssdb "${scheme:+${scheme}:}$tmpdir/${scheme}db" BlahBlah cat > entry <<- EOF id=Test key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_token=No Such Token key_nickname=Test state=NEED_KEYINFO EOF echo '['Reading Key Info${scheme:+ \($scheme\)} with no token.']' $toolsdir/iterate $tmpdir/ca $tmpdir/entry NEED_KEYINFO,READING_KEYINFO grep ^state= $tmpdir/entry rm -fr $tmpdir/${scheme}db mkdir -p $tmpdir/${scheme}db echo '['Creating database.']' initnssdb "${scheme:+${scheme}:}$tmpdir/${scheme}db" BlahBlah cat > entry <<- EOF id=Test key_storage_type=NSSDB key_storage_location=${scheme:+${scheme}:}$tmpdir/${scheme}db key_token=No Such Token key_nickname=Test state=NEED_CSR EOF echo '['Generating CSR${scheme:+ \($scheme\)} with no token.']' $toolsdir/iterate $tmpdir/ca $tmpdir/entry NEED_CSR,GENERATING_CSR grep ^state= $tmpdir/entry echo '['Test complete.']' certmonger-0.79.19/tests/018-pembase/0000755000175000017500000000000014511314133016516 5ustar gitgit00000000000000certmonger-0.79.19/tests/018-pembase/expected.out0000644000175000017500000000004014511314133021042 0ustar gitgit00000000000000[Tests begin.] [Test complete.] certmonger-0.79.19/tests/018-pembase/run.sh0000755000175000017500000000511614511314133017664 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" cat > 1.pem << EOF -----BEGIN CERTIFICATE----- MIICaDCCAdGgAwIBAgIQCgEBAQAAAnwAAAADAAAAAjANBgkqhkiG9w0BAQUFADBA MSEwHwYDVQQKExhYY2VydCBJbnRlcm5hdGlvbmFsIEluYy4xGzAZBgNVBAsTElhj ZXJ0IFJvb3QgQ0EgMTAyNDAeFw0wMDA4MTgxODMxMzJaFw0yNTA4MTUxOTAwNTZa MEAxITAfBgNVBAoTGFhjZXJ0IEludGVybmF0aW9uYWwgSW5jLjEbMBkGA1UECxMS WGNlcnQgUm9vdCBDQSAxMDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDW vjeJEami90csKs9qACZlKESkiuTeoENVmURrvG64x87GY7bT6G/FmCskkbieorpx SN40ICF61tLFiTKlicbchYRU8p5I7cxEtgb/jsTOWa2fbOkiWME/FApDgIcZUlDj KAfIrBjisRqqo+Jgt3ZRByk5XkjpZnCBLjiavRl96wIDAQABo2MwYTAPBgNVHRMB Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBSEecdPB1mxa8E6 Nbq49NWZJ8i6DjAdBgNVHQ4EFgQUhHnHTwdZsWvBOjW6uPTVmSfIug4wDQYJKoZI hvcNAQEFBQADgYEAc7DhAO2uaNJgA0br+RzxpaZ8XDJ87AJh0xwdczEsuo69SU3I 3dl3dUHnkiGabCnbp2xwhqBcw+TzMswBhFnXiDk486ji4hqwl80rF9xkBA+qanOU 1usIxoBpTd561cU38ZIXPG3TiiHMZBCq3mKHH4+4+Kp1SvQILPXcZs/DOH4= -----END CERTIFICATE----- EOF cat > 1.b << EOF MIICaDCCAdGgAwIBAgIQCgEBAQAAAnwAAAADAAAAAjANBgkqhkiG9w0BAQUFADBAMSEwHwYDVQQKExhYY2VydCBJbnRlcm5hdGlvbmFsIEluYy4xGzAZBgNVBAsTElhjZXJ0IFJvb3QgQ0EgMTAyNDAeFw0wMDA4MTgxODMxMzJaFw0yNTA4MTUxOTAwNTZaMEAxITAfBgNVBAoTGFhjZXJ0IEludGVybmF0aW9uYWwgSW5jLjEbMBkGA1UECxMSWGNlcnQgUm9vdCBDQSAxMDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWvjeJEami90csKs9qACZlKESkiuTeoENVmURrvG64x87GY7bT6G/FmCskkbieorpxSN40ICF61tLFiTKlicbchYRU8p5I7cxEtgb/jsTOWa2fbOkiWME/FApDgIcZUlDjKAfIrBjisRqqo+Jgt3ZRByk5XkjpZnCBLjiavRl96wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBSEecdPB1mxa8E6Nbq49NWZJ8i6DjAdBgNVHQ4EFgQUhHnHTwdZsWvBOjW6uPTVmSfIug4wDQYJKoZIhvcNAQEFBQADgYEAc7DhAO2uaNJgA0br+RzxpaZ8XDJ87AJh0xwdczEsuo69SU3I3dl3dUHnkiGabCnbp2xwhqBcw+TzMswBhFnXiDk486ji4hqwl80rF9xkBA+qanOU1usIxoBpTd561cU38ZIXPG3TiiHMZBCq3mKHH4+4+Kp1SvQILPXcZs/DOH4= EOF echo '['Tests begin.']' $toolsdir/pem2base < 1.pem > 2.b $toolsdir/base2pem < 1.b > 2.pem $toolsdir/pem2base < 2.pem > 3.b $toolsdir/base2pem < 2.b > 3.pem $toolsdir/pem2base < 3.pem > 4.b $toolsdir/pem2base < 4.b > 5.b unix2dos 1.pem > /dev/null 2> /dev/null unix2dos 2.pem > /dev/null 2> /dev/null unix2dos 3.pem > /dev/null 2> /dev/null unix2dos 1.b > /dev/null 2> /dev/null unix2dos 2.b > /dev/null 2> /dev/null unix2dos 3.b > /dev/null 2> /dev/null unix2dos 4.b > /dev/null 2> /dev/null unix2dos 5.b > /dev/null 2> /dev/null $toolsdir/base2pem -u < 4.b > 6.pem cp 6.pem 6a.pem unix2dos 6a.pem $toolsdir/base2pem -d < 4.b > 7.pem cp 7.pem 7a.pem dos2unix 7.pem diff -u 1.pem 2.pem diff -u 1.pem 3.pem diff -u 1.b 2.b diff -u 1.b 3.b diff -u 1.b 4.b diff -u 1.b 5.b diff -u 6.pem 7.pem diff -u 6a.pem 7a.pem echo '['Test complete.']' certmonger-0.79.19/tests/019-dparse/0000755000175000017500000000000014511314133016361 5ustar gitgit00000000000000certmonger-0.79.19/tests/019-dparse/bad.checkRequest.nosuch0000644000175000017500000000041214511314133022752 0ustar gitgit00000000000000
Certificate ManagerRequest ID 29 was not found in the request queue.7 certmonger-0.79.19/tests/019-dparse/bad.displayCertFromRequest.incomplete0000644000175000017500000000037114511314133025650 0ustar gitgit00000000000000
Certificate ManagerRequest ID 14 was not completed.7 certmonger-0.79.19/tests/019-dparse/bad.displayCertFromRequest.no-such-request0000644000175000017500000000041214511314133026547 0ustar gitgit00000000000000
Certificate ManagerRequest ID 19 was not found in the request queue.7 certmonger-0.79.19/tests/019-dparse/bad.displayCertFromRequest.rejected0000644000175000017500000000037114511314133025276 0ustar gitgit00000000000000
Certificate ManagerRequest ID 17 was not completed.7 certmonger-0.79.19/tests/019-dparse/bad.profileProcess.bad-property0000644000175000017500000000046414511314133024443 0ustar gitgit00000000000000 Property Error - Invalid Property notBefore renewal caServerCert 17 1 pending approve certmonger-0.79.19/tests/019-dparse/bad.profileProcess.no-agent-cert0000644000175000017500000000006114511314133024467 0ustar gitgit00000000000000Error 58. Problem with the local SSL certificate certmonger-0.79.19/tests/019-dparse/bad.profileProcess.no-ca-cert0000644000175000017500000000011614511314133023755 0ustar gitgit00000000000000Error 60. Peer certificate cannot be authenticated with given CA certificates certmonger-0.79.19/tests/019-dparse/bad.profileProcess.no-property0000644000175000017500000000046414511314133024331 0ustar gitgit00000000000000 Property Error - Invalid Property notBefore renewal caServerCert 17 1 pending approve certmonger-0.79.19/tests/019-dparse/bad.profileProcess.not-pending0000644000175000017500000000023614511314133024252 0ustar gitgit00000000000000 Request Not In Pending State 17 1 certmonger-0.79.19/tests/019-dparse/bad.profileReview.no-such-request0000644000175000017500000000017114511314133024713 0ustar gitgit00000000000000 Request 0 Not Found 1 certmonger-0.79.19/tests/019-dparse/bad.profileReview.unauthorized-cert0000644000175000017500000000017214511314133025326 0ustar gitgit00000000000000 Authentication Error 1 certmonger-0.79.19/tests/019-dparse/bad.profileReview.wrong-nssdb0000644000175000017500000000006114511314133024112 0ustar gitgit00000000000000Error 58. Problem with the local SSL certificate certmonger-0.79.19/tests/019-dparse/bad.profileSubmit.csr.empty0000644000175000017500000000020214511314133023572 0ustar gitgit000000000000001Invalid Request certmonger-0.79.19/tests/019-dparse/bad.profileSubmit.csr.subject-mismatch0000644000175000017500000000034314511314133025704 0ustar gitgit000000000000003Request Rejected - Subject Name Not Matched O=Default Company Ltd,L=Default City,C=XX 13 certmonger-0.79.19/tests/019-dparse/bad.profileSubmit.serial.empty0000644000175000017500000000040114511314133024263 0ustar gitgit00000000000000

The Certificate System has encountered an unrecoverable error.

Error Message:
java.lang.NumberFormatException: Zero length BigInteger

Please contact your local administrator for assistance. certmonger-0.79.19/tests/019-dparse/bad.profileSubmit.serial.invalid0000644000175000017500000000040014511314133024552 0ustar gitgit00000000000000

The Certificate System has encountered an unrecoverable error.

Error Message:
java.lang.NumberFormatException: For input string: "B"

Please contact your local administrator for assistance. certmonger-0.79.19/tests/019-dparse/bad.profileSubmit.serial.out-of-range0000644000175000017500000000017314511314133025436 0ustar gitgit00000000000000 Server Internal Error 1 certmonger-0.79.19/tests/019-dparse/expected.out0000644000175000017500000003576114511314133020727 0ustar gitgit00000000000000[submit-as-agent(good.profileSubmit.issued) = ISSUED] status="0",cert="-----BEGIN CERTIFICATE-----" -----BEGIN CERTIFICATE----- MIIDyDCCArCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1 MDQxMzIwMDMxMVoXDTE1MTAxMDIwMDMxMVowgYMxCzAJBgNVBAYTAlVTMRYwFAYD VQQIDA1NYXNzYWNodXNldHRzMRMwEQYDVQQHDApTb21lcnZpbGxlMRAwDgYDVQQK DAdSZWQgSGF0MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWcGlsbGJv eC5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMM9VrTiHmA1bFavmJMj1rY7UjhDPeGTILN5NpyiVb1ZVUwUG4SKNi0L8SSssIBZ S14KhSHMlTopKV6uDVtWg5fV/Rq6LwtBrGDoO3lVSW9D7zbgqXkWkviJuuQHS+h8 Dz8x9IbV2fXM9FjyXuKB62K47PDu5q+zGtMFMdoy+kOWItrAvRuowjMKfoNaLLJ0 4Fb9P3NmVW9fvjZ/46pUOCpAik+nRJr/D2PA1d3s8CI34sbJZb04GNSzA+BHLJBE 7PC1LDppo//g1IgDWNcp6IHSd6zwasTGzlhyMLVSfKze5qXJKS6JzX0DbbSJaZC/ UN0wfzcmXya8Pd6nmvoOT0sCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTaNCP4eABB wBT/3pQoWQ+cxEo9vTBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6 Ly9tYWNoZXRlLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQD AgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdriiD zQIkPqzRY1nUR9jI5oTygHKqNYIj8+1oKHweyKi98L47lv2hZgtREfgUCl7PS7VL LEDAqboUEK4lJH2lstxmz2fHuQ2AOeGv6zr16u4X+woP6ZZLP6Lj/MDaueUAbOEf /qLsaw15i53YzWXOsie3rYvy/sg0Teu4VqO3E10erL8NBJkQeKKonG70f5HuVgcR 5sWwIsxJi8YQuRkhW9meftppJIz05VHesguFvdpr2xWSB5vTH4prbfketIZl6g/c RfOVKrVpzilh6++ZIbeFYqd3z4vIMLedjk2hSUwK5A3bPgFlqzYii8j4scn+0mZM AsSesPzyAiutWBAX -----END CERTIFICATE----- [submit-as-agent(good.profileSubmit.serial.in-range) = WAIT_WITH_DELAY] error="Request Deferred - defer request",status="2",requestId="12" 0 state=approve&requestId=12 [review-as-agent(good.profileReview) = WAIT_WITH_DELAY] error_code="0",status="pending",requestId="17" 0 state=approve&requestId=17 [check-as-agent(good.checkRequest.complete) = WAIT_WITH_DELAY] status="complete",requestId="23" 0 state=retrieve&requestId=23 [check-as-agent(good.checkRequest.pending) = WAIT_WITH_DELAY] status="pending",requestId="22" 0 state=approve&requestId=22 [fetch-as-agent(good.displayCertFromRequest) = ISSUED] requestId="11",cert="-----BEGIN CERTIFICATE-----" -----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K 8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW 4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- [fetch-as-agent(good.displayCertFromRequest-extra-line) = ISSUED] requestId="11",cert="-----BEGIN CERTIFICATE-----" -----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K 8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW 4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- [profiles-as-agent(good.profileList) = ISSUED] error_code="0",error_reason="" caUserCert caUserSMIMEcapCert caDualCert caSignedLogCert caTPSCert caServerCert caOtherCert caCACert caInstallCACert caRACert caOCSPCert caTransportCert caDirUserCert caAgentServerCert caAgentFileSigning caCMCUserCert DomainController caDualRAuserCert caRAagentCert caRAserverCert caSSLClientSelfRenewal caDirUserRenewal caManualRenewal [submit-as-agent(bad.profileSubmit.csr.empty) = REJECTED] error="Invalid Request",status="1" Server at "SUBMIT" replied: Invalid Request [submit-as-agent(bad.profileSubmit.csr.subject-mismatch) = REJECTED] error="Request Rejected - Subject Name Not Matched O=Default Company Ltd,L=Default City,C=XX",status="3",requestId="13" Server at "SUBMIT" replied: Request Rejected - Subject Name Not Matched O=Default Company Ltd,L=Default City,C=XX [submit-as-agent(bad.profileSubmit.serial.empty) = REJECTED] [submit-as-agent(bad.profileSubmit.serial.invalid) = REJECTED] [submit-as-agent(bad.profileSubmit.serial.out-of-range) = REJECTED] error_code="1",error_reason="Server Internal Error" Server at "SUBMIT" replied: 1: Server Internal Error [review-as-agent(bad.profileReview.no-such-request) = REJECTED] error_code="1",error_reason="Request 0 Not Found" Server at "REVIEW" replied: 1: Request 0 Not Found [review-as-agent(bad.profileReview.unauthorized-cert) = REJECTED] error_code="1",error_reason="Authentication Error" Server at "REVIEW" replied: 1: Authentication Error [review-as-agent(bad.profileReview.wrong-nssdb) = REJECTED] [approve-as-agent(bad.profileProcess.bad-property) = REJECTED] error_code="1",error_reason="Property Error - Invalid Property notBefore",status="pending",requestId="17" Server at "APPROVE" replied: 1: Property Error - Invalid Property notBefore [approve-as-agent(bad.profileProcess.no-agent-cert) = REJECTED] [approve-as-agent(bad.profileProcess.no-ca-cert) = REJECTED] [approve-as-agent(bad.profileProcess.no-property) = REJECTED] error_code="1",error_reason="Property Error - Invalid Property notBefore",status="pending",requestId="17" Server at "APPROVE" replied: 1: Property Error - Invalid Property notBefore [approve-as-agent(bad.profileProcess.not-pending) = REJECTED] error_code="1",error_reason="Request Not In Pending State",requestId="17" Server at "APPROVE" replied: 1: Request Not In Pending State [check-as-agent(bad.checkRequest.nosuch) = REJECTED] error="Request ID 29 was not found in the request queue." Server at "CHECK" replied: Request ID 29 was not found in the request queue. [fetch-as-agent(bad.displayCertFromRequest.incomplete) = REJECTED] error="Request ID 14 was not completed.",status="7" Server at "FETCH" replied: Request ID 14 was not completed. [fetch-as-agent(bad.displayCertFromRequest.no-such-request) = REJECTED] error="Request ID 19 was not found in the request queue.",status="7" Server at "FETCH" replied: Request ID 19 was not found in the request queue. [fetch-as-agent(bad.displayCertFromRequest.rejected) = REJECTED] error="Request ID 17 was not completed.",status="7" Server at "FETCH" replied: Request ID 17 was not completed. [submit-as-end-entity(good.profileSubmit.issued) = ISSUED] status="0",cert="-----BEGIN CERTIFICATE-----" -----BEGIN CERTIFICATE----- MIIDyDCCArCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1 MDQxMzIwMDMxMVoXDTE1MTAxMDIwMDMxMVowgYMxCzAJBgNVBAYTAlVTMRYwFAYD VQQIDA1NYXNzYWNodXNldHRzMRMwEQYDVQQHDApTb21lcnZpbGxlMRAwDgYDVQQK DAdSZWQgSGF0MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWcGlsbGJv eC5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMM9VrTiHmA1bFavmJMj1rY7UjhDPeGTILN5NpyiVb1ZVUwUG4SKNi0L8SSssIBZ S14KhSHMlTopKV6uDVtWg5fV/Rq6LwtBrGDoO3lVSW9D7zbgqXkWkviJuuQHS+h8 Dz8x9IbV2fXM9FjyXuKB62K47PDu5q+zGtMFMdoy+kOWItrAvRuowjMKfoNaLLJ0 4Fb9P3NmVW9fvjZ/46pUOCpAik+nRJr/D2PA1d3s8CI34sbJZb04GNSzA+BHLJBE 7PC1LDppo//g1IgDWNcp6IHSd6zwasTGzlhyMLVSfKze5qXJKS6JzX0DbbSJaZC/ UN0wfzcmXya8Pd6nmvoOT0sCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTaNCP4eABB wBT/3pQoWQ+cxEo9vTBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6 Ly9tYWNoZXRlLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQD AgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdriiD zQIkPqzRY1nUR9jI5oTygHKqNYIj8+1oKHweyKi98L47lv2hZgtREfgUCl7PS7VL LEDAqboUEK4lJH2lstxmz2fHuQ2AOeGv6zr16u4X+woP6ZZLP6Lj/MDaueUAbOEf /qLsaw15i53YzWXOsie3rYvy/sg0Teu4VqO3E10erL8NBJkQeKKonG70f5HuVgcR 5sWwIsxJi8YQuRkhW9meftppJIz05VHesguFvdpr2xWSB5vTH4prbfketIZl6g/c RfOVKrVpzilh6++ZIbeFYqd3z4vIMLedjk2hSUwK5A3bPgFlqzYii8j4scn+0mZM AsSesPzyAiutWBAX -----END CERTIFICATE----- [submit-as-end-entity(good.profileSubmit.serial.in-range) = WAIT] error="Request Deferred - defer request",status="2",requestId="12" state=check&requestId=12 [review-as-end-entity(good.profileReview) = WAIT_WITH_DELAY] error_code="0",status="pending",requestId="17" 0 state=approve&requestId=17 [check-as-end-entity(good.checkRequest.complete) = WAIT_WITH_DELAY] status="complete",requestId="23" 0 state=retrieve&requestId=23 [check-as-end-entity(good.checkRequest.pending) = WAIT] status="pending",requestId="22" state=check&requestId=22 [fetch-as-end-entity(good.displayCertFromRequest) = ISSUED] requestId="11",cert="-----BEGIN CERTIFICATE-----" -----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K 8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW 4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- [fetch-as-end-entity(good.displayCertFromRequest-extra-line) = ISSUED] requestId="11",cert="-----BEGIN CERTIFICATE-----" -----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K 8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW 4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- [profiles-as-end-entity(good.profileList) = ISSUED] error_code="0",error_reason="" caUserCert caUserSMIMEcapCert caDualCert caSignedLogCert caTPSCert caServerCert caOtherCert caCACert caInstallCACert caRACert caOCSPCert caTransportCert caDirUserCert caAgentServerCert caAgentFileSigning caCMCUserCert DomainController caDualRAuserCert caRAagentCert caRAserverCert caSSLClientSelfRenewal caDirUserRenewal caManualRenewal [submit-as-end-entity(bad.profileSubmit.csr.empty) = REJECTED] error="Invalid Request",status="1" Server at "SUBMIT" replied: Invalid Request [submit-as-end-entity(bad.profileSubmit.csr.subject-mismatch) = REJECTED] error="Request Rejected - Subject Name Not Matched O=Default Company Ltd,L=Default City,C=XX",status="3",requestId="13" Server at "SUBMIT" replied: Request Rejected - Subject Name Not Matched O=Default Company Ltd,L=Default City,C=XX [submit-as-end-entity(bad.profileSubmit.serial.empty) = REJECTED] [submit-as-end-entity(bad.profileSubmit.serial.invalid) = REJECTED] [submit-as-end-entity(bad.profileSubmit.serial.out-of-range) = REJECTED] error_code="1",error_reason="Server Internal Error" Server at "SUBMIT" replied: 1: Server Internal Error [review-as-end-entity(bad.profileReview.no-such-request) = REJECTED] error_code="1",error_reason="Request 0 Not Found" Server at "REVIEW" replied: 1: Request 0 Not Found [review-as-end-entity(bad.profileReview.unauthorized-cert) = REJECTED] error_code="1",error_reason="Authentication Error" Server at "REVIEW" replied: 1: Authentication Error [review-as-end-entity(bad.profileReview.wrong-nssdb) = REJECTED] [approve-as-end-entity(bad.profileProcess.bad-property) = REJECTED] error_code="1",error_reason="Property Error - Invalid Property notBefore",status="pending",requestId="17" Server at "APPROVE" replied: 1: Property Error - Invalid Property notBefore [approve-as-end-entity(bad.profileProcess.no-agent-cert) = REJECTED] [approve-as-end-entity(bad.profileProcess.no-ca-cert) = REJECTED] [approve-as-end-entity(bad.profileProcess.no-property) = REJECTED] error_code="1",error_reason="Property Error - Invalid Property notBefore",status="pending",requestId="17" Server at "APPROVE" replied: 1: Property Error - Invalid Property notBefore [approve-as-end-entity(bad.profileProcess.not-pending) = REJECTED] error_code="1",error_reason="Request Not In Pending State",requestId="17" Server at "APPROVE" replied: 1: Request Not In Pending State [check-as-end-entity(bad.checkRequest.nosuch) = REJECTED] error="Request ID 29 was not found in the request queue." Server at "CHECK" replied: Request ID 29 was not found in the request queue. [fetch-as-end-entity(bad.displayCertFromRequest.incomplete) = REJECTED] error="Request ID 14 was not completed.",status="7" Server at "FETCH" replied: Request ID 14 was not completed. [fetch-as-end-entity(bad.displayCertFromRequest.no-such-request) = REJECTED] error="Request ID 19 was not found in the request queue.",status="7" Server at "FETCH" replied: Request ID 19 was not found in the request queue. [fetch-as-end-entity(bad.displayCertFromRequest.rejected) = REJECTED] error="Request ID 17 was not completed.",status="7" Server at "FETCH" replied: Request ID 17 was not completed. 50 samples. certmonger-0.79.19/tests/019-dparse/good.checkRequest.complete0000644000175000017500000000546314511314133023500 0ustar gitgit00000000000000

completeMIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIG rzCCAxAwggH4oAMCAQICAQwwDQYJKoZIhvcNAQELBQAwOTEXMBUGA1UEChMOQk9T LlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x MjA2MjYxOTE3NTdaFw0xNjA2MjYxOTE3NTdaMDcxFzAVBgNVBAoTDkJPUy5SRURI QVQuQ09NMRwwGgYDVQQDExNPYmplY3QgU2lnbmluZyBDZXJ0MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmaKlG/IR0uhPzJq5YpkJYSx5T3cZSWZ93Xt CvLx1grsgajPbZiErKEmBznQpv3Or61cMEjJJ+RzI41rCRijXWaLgZpQNVrojA41 ha+1nsRlHd+JVJZYhulUHSHZEDJ/a4xvlvMExDjwsZVAVMFAcyMmd1w3tHgiDezQ S8Ie3n2WY0YJZ/Jh+2hBmlLoNrTqo9p4rnV2WSyzLYVP3++KXQUw/hF4gJBIzfI9 dm2tmb+Zg8g6mp+VgzH/WvRGw8DJxSlO/0hAwr62to60DTyrv3UbAbxnc6oBCQ7j Wlq5/5Es9sKK21tnO1fYy4LGEo0y3mCALpQonyMwRvW4rAE/AwIDAQABoyUwIzAO BgNVHQ8BAf8EBAMCAoQwEQYJYIZIAYb4QgEBBAQDAgQQMA0GCSqGSIb3DQEBCwUA A4IBAQBW9rkKwDOoIxtzQ+x4HYJsmwf1nTRcm8oAtLCINkFQvMvpMOvEgQ0w5RQb 8/hb7nBmQMxkht8imYh0nw3ztpDmYLmeSYjWY0moD8AU8QdH5VJTHCLrVTwToJVp +Ol8CrjhCk9vIEHWR56w50ZHIsl3uA4NJZu5cdrZvbo3K/Ng2uucwyruInjN13WC UERcopy1I6HxeOWItsKA7VahGNC4xAEWw0/0YCybg5Tt6LaZMG4JpQOpYID2KT9h W8JKQg9YZJt11IK5j9EMy//Va3CPdYCXLntUYBCF2g2Zx/zgwdyCxz4g5dtiyavH XNm4C7eQeMg+ZXm5D39cktk1mIFHMIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0B AQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MB4XDTEyMDYyNTIxMDQxNFoXDTIwMDYyNTIxMDQxNFow OTEXMBUGA1UEChMOQk9TLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRl IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQDgery 1wgDVSs2yLo1vM0QCPOFi12T5ree2J/ian0dfHbSS9T2GC2TQwjgJLFUnQGkKZ9P TnASJSbPrILl19W/k+QwW3fPqvt+ryvXtK2Ezd3nFVUt6oKxj2bqxC0vS04k0Bab qBfAiRILI4VKUgPWu3YI3k8Nret4+dUmA8EkfBe/FiCdAXdlxWRfkXiiKX6JRfVx 0xweVfw0IDJopNFqAeznvre6fHpzROqw3JKXgagBGYLRgLlontbHnY8teJjlrbBe HQDKn3iOpjkWwHihYkODVSNr3lK8NnfeRjX2+qMOKzX6nkEpz1wigS+/BTtkrRDa AB+oRKKR5D9Zy2sCAwEAAaOBqTCBpjAfBgNVHSMEGDAWgBT5QugkOI4hLnyQxmRS gyB6JXCJmDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4E FgQU+ULoJDiOIS58kMZkUoMgeiVwiZgwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF BzABhidodHRwOi8vcmFwaWVyLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDQYJ KoZIhvcNAQELBQADggEBAC/7xtbqCLTNX/ctz3NW+TDRQcSBftVWMDK8G+4TAjKa vsZdVnEKJAxo9UAcQL7A8/NFhxDwFGc3gF4agkGuZAMyZzUwynpY26yLyM4mBviv KhJBvbNOykB5BdAags04/Zlb1Bgg9PZqc5ErjcICKTmBAmVxQ0Nzlv49Ts9kNTa+ RZfNvne05dxNdJdPOWX7SHlh0GA/E6d/9+mlNn8x0uHMhbGlLC4EifeiijOyOLwH 6gwPXRPij+95RLxpRA6lXKVEUc5Iu2iZOn25b3xrYL7hFilzLA05vM/Z67UkJbBn a01OM5RZIURKD5IGIuD6BTD/u0qzNq4EEF2HedELdVUxAA==134073842023ca1340738217
c certmonger-0.79.19/tests/019-dparse/good.checkRequest.pending0000644000175000017500000000036114511314133023304 0ustar gitgit00000000000000
pending134073817122ca1340738171
 certmonger-0.79.19/tests/019-dparse/good.displayCertFromRequest0000644000175000017500000002147414511314133023723 0ustar gitgit00000000000000
true11
http9180rapier.bos.redhat.comrapier.bos.redhat.com11Certificate Manager9180MD2: 2B:E7:39:53:38:28:68:11:65:8A:E3:7B:36:4E:A9:44 MD5: 68:3F:AF:2C:38:37:E8:3E:5A:B5:4E:AE:40:54:2F:12 SHA1: D2:E1:1C:C4:CD:53:03:2C:62:CC:4F:68:60:52:A3:DC: 2F:2B:64:89 SHA256: B8:DA:7A:D4:79:75:63:2B:59:D4:C5:B9:61:3C:59:60: E6:A3:7C:38:EE:55:48:45:CB:B8:91:D0:CB:C7:E6:5F SHA512: 8F:E1:12:D0:A5:D7:C0:B0:77:D6:56:22:B7:4C:96:D3: 8F:F0:8E:0B:25:8D:48:E5:8F:15:44:44:B0:51:B4:96: AE:DC:01:B1:EF:34:E5:48:20:CB:31:6B:00:20:3B:F4: 30:1D:86:74:B1:CA:4F:4F:DD:6C:20:2B:75:DB:89:51MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIG rzCCAxAwggH4oAMCAQICAQswDQYJKoZIhvcNAQELBQAwOTEXMBUGA1UEChMOQk9T LlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x MjA2MjUyMTA3MTJaFw0xNjA2MjUyMTA3MTJaMDcxFzAVBgNVBAoTDkJPUy5SRURI QVQuQ09NMRwwGgYDVQQDExNPYmplY3QgU2lnbmluZyBDZXJ0MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmaKlG/IR0uhPzJq5YpkJYSx5T3cZSWZ93Xt CvLx1grsgajPbZiErKEmBznQpv3Or61cMEjJJ+RzI41rCRijXWaLgZpQNVrojA41 ha+1nsRlHd+JVJZYhulUHSHZEDJ/a4xvlvMExDjwsZVAVMFAcyMmd1w3tHgiDezQ S8Ie3n2WY0YJZ/Jh+2hBmlLoNrTqo9p4rnV2WSyzLYVP3++KXQUw/hF4gJBIzfI9 dm2tmb+Zg8g6mp+VgzH/WvRGw8DJxSlO/0hAwr62to60DTyrv3UbAbxnc6oBCQ7j Wlq5/5Es9sKK21tnO1fYy4LGEo0y3mCALpQonyMwRvW4rAE/AwIDAQABoyUwIzAO BgNVHQ8BAf8EBAMCAoQwEQYJYIZIAYb4QgEBBAQDAgQQMA0GCSqGSIb3DQEBCwUA A4IBAQCcxEcVFXZGuVBffCrPS4+GOvcqIiBUWLMC7AmGaD/K8GZVuGqa7RP3Gs95 25hSkhtaEvOA2f3d8J70gYXW3wS4efWB/XiZ0WT0vEPoyEZIPVUp5XkEyYPpCJ4F GXlgUlFEnwCOga4HWhQeLrO4tMliU6K0Yf03uvTN1CjVX8fCybD7f5xtp0Fv19Mn SSwk+5uTed+aQ3+LRC3F0UAFL/8U6exeTvOKafAXs9eIlU7Sms6rHquSuxCgrEV3 1uM49RXsEmGhGkx8ga3MMAKxMgW3ZAuXHcHyVFbzRVl632IgsusgZkwkG67nJqgt DBcX0eKh88KQ/UO6708xT9vyfwq/MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0B AQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MB4XDTEyMDYyNTIxMDQxNFoXDTIwMDYyNTIxMDQxNFow OTEXMBUGA1UEChMOQk9TLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRl IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQDgery 1wgDVSs2yLo1vM0QCPOFi12T5ree2J/ian0dfHbSS9T2GC2TQwjgJLFUnQGkKZ9P TnASJSbPrILl19W/k+QwW3fPqvt+ryvXtK2Ezd3nFVUt6oKxj2bqxC0vS04k0Bab qBfAiRILI4VKUgPWu3YI3k8Nret4+dUmA8EkfBe/FiCdAXdlxWRfkXiiKX6JRfVx 0xweVfw0IDJopNFqAeznvre6fHpzROqw3JKXgagBGYLRgLlontbHnY8teJjlrbBe HQDKn3iOpjkWwHihYkODVSNr3lK8NnfeRjX2+qMOKzX6nkEpz1wigS+/BTtkrRDa AB+oRKKR5D9Zy2sCAwEAAaOBqTCBpjAfBgNVHSMEGDAWgBT5QugkOI4hLnyQxmRS gyB6JXCJmDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4E FgQU+ULoJDiOIS58kMZkUoMgeiVwiZgwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF BzABhidodHRwOi8vcmFwaWVyLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDQYJ KoZIhvcNAQELBQADggEBAC/7xtbqCLTNX/ctz3NW+TDRQcSBftVWMDK8G+4TAjKa vsZdVnEKJAxo9UAcQL7A8/NFhxDwFGc3gF4agkGuZAMyZzUwynpY26yLyM4mBviv KhJBvbNOykB5BdAags04/Zlb1Bgg9PZqc5ErjcICKTmBAmVxQ0Nzlv49Ts9kNTa+ RZfNvne05dxNdJdPOWX7SHlh0GA/E6d/9+mlNn8x0uHMhbGlLC4EifeiijOyOLwH 6gwPXRPij+95RLxpRA6lXKVEUc5Iu2iZOn25b3xrYL7hFilzLA05vM/Z67UkJbBn a01OM5RZIURKD5IGIuD6BTD/u0qzNq4EEF2HedELdVUxAA==bCertificate: Data: Version: v3 Serial Number: 0xB Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Issuer: CN=Certificate Authority,O=BOS.REDHAT.COM Validity: Not Before: Monday, June 25, 2012 5:07:12 PM EDT America/New_York Not After: Saturday, June 25, 2016 5:07:12 PM EDT America/New_York Subject: CN=Object Signing Cert,O=BOS.REDHAT.COM Subject Public Key Info: Algorithm: RSA - 1.2.840.113549.1.1.1 Public Key: Exponent: 65537 Public Key Modulus: (2048 bits) : A6:66:8A:94:6F:C8:47:4B:A1:3F:32:6A:E5:8A:64:25: 84:B1:E5:3D:DC:65:25:99:F7:75:ED:0A:F2:F1:D6:0A: EC:81:A8:CF:6D:98:84:AC:A1:26:07:39:D0:A6:FD:CE: AF:AD:5C:30:48:C9:27:E4:73:23:8D:6B:09:18:A3:5D: 66:8B:81:9A:50:35:5A:E8:8C:0E:35:85:AF:B5:9E:C4: 65:1D:DF:89:54:96:58:86:E9:54:1D:21:D9:10:32:7F: 6B:8C:6F:96:F3:04:C4:38:F0:B1:95:40:54:C1:40:73: 23:26:77:5C:37:B4:78:22:0D:EC:D0:4B:C2:1E:DE:7D: 96:63:46:09:67:F2:61:FB:68:41:9A:52:E8:36:B4:EA: A3:DA:78:AE:75:76:59:2C:B3:2D:85:4F:DF:EF:8A:5D: 05:30:FE:11:78:80:90:48:CD:F2:3D:76:6D:AD:99:BF: 99:83:C8:3A:9A:9F:95:83:31:FF:5A:F4:46:C3:C0:C9: C5:29:4E:FF:48:40:C2:BE:B6:B6:8E:B4:0D:3C:AB:BF: 75:1B:01:BC:67:73:AA:01:09:0E:E3:5A:5A:B9:FF:91: 2C:F6:C2:8A:DB:5B:67:3B:57:D8:CB:82:C6:12:8D:32: DE:60:80:2E:94:28:9F:23:30:46:F5:B8:AC:01:3F:03 Extensions: Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Key CertSign Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1 Critical: no Certificate Usage: Object Signing Signature: Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Signature: 9C:C4:47:15:15:76:46:B9:50:5F:7C:2A:CF:4B:8F:86: 3A:F7:2A:22:20:54:58:B3:02:EC:09:86:68:3F:CA:F0: 66:55:B8:6A:9A:ED:13:F7:1A:CF:79:DB:98:52:92:1B: 5A:12:F3:80:D9:FD:DD:F0:9E:F4:81:85:D6:DF:04:B8: 79:F5:81:FD:78:99:D1:64:F4:BC:43:E8:C8:46:48:3D: 55:29:E5:79:04:C9:83:E9:08:9E:05:19:79:60:52:51: 44:9F:00:8E:81:AE:07:5A:14:1E:2E:B3:B8:B4:C9:62: 53:A2:B4:61:FD:37:BA:F4:CD:D4:28:D5:5F:C7:C2:C9: B0:FB:7F:9C:6D:A7:41:6F:D7:D3:27:49:2C:24:FB:9B: 93:79:DF:9A:43:7F:8B:44:2D:C5:D1:40:05:2F:FF:14: E9:EC:5E:4E:F3:8A:69:F0:17:B3:D7:88:95:4E:D2:9A: CE:AB:1E:AB:92:BB:10:A0:AC:45:77:D6:E3:38:F5:15: EC:12:61:A1:1A:4C:7C:81:AD:CC:30:02:B1:32:05:B7: 64:0B:97:1D:C1:F2:54:56:F3:45:59:7A:DF:62:20:B2: EB:20:66:4C:24:1B:AE:E7:26:A8:2D:0C:17:17:D1:E2: A1:F3:C2:90:FD:43:BA:EF:4F:31:4F:DB:F2:7F:0A:BF FingerPrint MD2: 2B:E7:39:53:38:28:68:11:65:8A:E3:7B:36:4E:A9:44 MD5: 68:3F:AF:2C:38:37:E8:3E:5A:B5:4E:AE:40:54:2F:12 SHA1: D2:E1:1C:C4:CD:53:03:2C:62:CC:4F:68:60:52:A3:DC: 2F:2B:64:89 SHA256: B8:DA:7A:D4:79:75:63:2B:59:D4:C5:B9:61:3C:59:60: E6:A3:7C:38:EE:55:48:45:CB:B8:91:D0:CB:C7:E6:5F SHA512: 8F:E1:12:D0:A5:D7:C0:B0:77:D6:56:22:B7:4C:96:D3: 8F:F0:8E:0B:25:8D:48:E5:8F:15:44:44:B0:51:B4:96: AE:DC:01:B1:EF:34:E5:48:20:CB:31:6B:00:20:3B:F4: 30:1D:86:74:B1:CA:4F:4F:DD:6C:20:2B:75:DB:89:51-----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K 8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW 4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- certmonger-0.79.19/tests/019-dparse/good.displayCertFromRequest-extra-line0000644000175000017500000002150714511314133025766 0ustar gitgit00000000000000
true11
http9180rapier.bos.redhat.comrapier.bos.redhat.com11Certificate Manager9180MD2: 2B:E7:39:53:38:28:68:11:65:8A:E3:7B:36:4E:A9:44 MD5: 68:3F:AF:2C:38:37:E8:3E:5A:B5:4E:AE:40:54:2F:12 SHA1: D2:E1:1C:C4:CD:53:03:2C:62:CC:4F:68:60:52:A3:DC: 2F:2B:64:89 SHA256: B8:DA:7A:D4:79:75:63:2B:59:D4:C5:B9:61:3C:59:60: E6:A3:7C:38:EE:55:48:45:CB:B8:91:D0:CB:C7:E6:5F SHA512: 8F:E1:12:D0:A5:D7:C0:B0:77:D6:56:22:B7:4C:96:D3: 8F:F0:8E:0B:25:8D:48:E5:8F:15:44:44:B0:51:B4:96: AE:DC:01:B1:EF:34:E5:48:20:CB:31:6B:00:20:3B:F4: 30:1D:86:74:B1:CA:4F:4F:DD:6C:20:2B:75:DB:89:51MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIG rzCCAxAwggH4oAMCAQICAQswDQYJKoZIhvcNAQELBQAwOTEXMBUGA1UEChMOQk9T LlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x MjA2MjUyMTA3MTJaFw0xNjA2MjUyMTA3MTJaMDcxFzAVBgNVBAoTDkJPUy5SRURI QVQuQ09NMRwwGgYDVQQDExNPYmplY3QgU2lnbmluZyBDZXJ0MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmaKlG/IR0uhPzJq5YpkJYSx5T3cZSWZ93Xt CvLx1grsgajPbZiErKEmBznQpv3Or61cMEjJJ+RzI41rCRijXWaLgZpQNVrojA41 ha+1nsRlHd+JVJZYhulUHSHZEDJ/a4xvlvMExDjwsZVAVMFAcyMmd1w3tHgiDezQ S8Ie3n2WY0YJZ/Jh+2hBmlLoNrTqo9p4rnV2WSyzLYVP3++KXQUw/hF4gJBIzfI9 dm2tmb+Zg8g6mp+VgzH/WvRGw8DJxSlO/0hAwr62to60DTyrv3UbAbxnc6oBCQ7j Wlq5/5Es9sKK21tnO1fYy4LGEo0y3mCALpQonyMwRvW4rAE/AwIDAQABoyUwIzAO BgNVHQ8BAf8EBAMCAoQwEQYJYIZIAYb4QgEBBAQDAgQQMA0GCSqGSIb3DQEBCwUA A4IBAQCcxEcVFXZGuVBffCrPS4+GOvcqIiBUWLMC7AmGaD/K8GZVuGqa7RP3Gs95 25hSkhtaEvOA2f3d8J70gYXW3wS4efWB/XiZ0WT0vEPoyEZIPVUp5XkEyYPpCJ4F GXlgUlFEnwCOga4HWhQeLrO4tMliU6K0Yf03uvTN1CjVX8fCybD7f5xtp0Fv19Mn SSwk+5uTed+aQ3+LRC3F0UAFL/8U6exeTvOKafAXs9eIlU7Sms6rHquSuxCgrEV3 1uM49RXsEmGhGkx8ga3MMAKxMgW3ZAuXHcHyVFbzRVl632IgsusgZkwkG67nJqgt DBcX0eKh88KQ/UO6708xT9vyfwq/MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0B AQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MB4XDTEyMDYyNTIxMDQxNFoXDTIwMDYyNTIxMDQxNFow OTEXMBUGA1UEChMOQk9TLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRl IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQDgery 1wgDVSs2yLo1vM0QCPOFi12T5ree2J/ian0dfHbSS9T2GC2TQwjgJLFUnQGkKZ9P TnASJSbPrILl19W/k+QwW3fPqvt+ryvXtK2Ezd3nFVUt6oKxj2bqxC0vS04k0Bab qBfAiRILI4VKUgPWu3YI3k8Nret4+dUmA8EkfBe/FiCdAXdlxWRfkXiiKX6JRfVx 0xweVfw0IDJopNFqAeznvre6fHpzROqw3JKXgagBGYLRgLlontbHnY8teJjlrbBe HQDKn3iOpjkWwHihYkODVSNr3lK8NnfeRjX2+qMOKzX6nkEpz1wigS+/BTtkrRDa AB+oRKKR5D9Zy2sCAwEAAaOBqTCBpjAfBgNVHSMEGDAWgBT5QugkOI4hLnyQxmRS gyB6JXCJmDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4E FgQU+ULoJDiOIS58kMZkUoMgeiVwiZgwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF BzABhidodHRwOi8vcmFwaWVyLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDQYJ KoZIhvcNAQELBQADggEBAC/7xtbqCLTNX/ctz3NW+TDRQcSBftVWMDK8G+4TAjKa vsZdVnEKJAxo9UAcQL7A8/NFhxDwFGc3gF4agkGuZAMyZzUwynpY26yLyM4mBviv KhJBvbNOykB5BdAags04/Zlb1Bgg9PZqc5ErjcICKTmBAmVxQ0Nzlv49Ts9kNTa+ RZfNvne05dxNdJdPOWX7SHlh0GA/E6d/9+mlNn8x0uHMhbGlLC4EifeiijOyOLwH 6gwPXRPij+95RLxpRA6lXKVEUc5Iu2iZOn25b3xrYL7hFilzLA05vM/Z67UkJbBn a01OM5RZIURKD5IGIuD6BTD/u0qzNq4EEF2HedELdVUxAA==bCertificate: Data: Version: v3 Serial Number: 0xB Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Issuer: CN=Certificate Authority,O=BOS.REDHAT.COM Validity: Not Before: Monday, June 25, 2012 5:07:12 PM EDT America/New_York Not After: Saturday, June 25, 2016 5:07:12 PM EDT America/New_York Subject: CN=Object Signing Cert,O=BOS.REDHAT.COM Subject Public Key Info: Algorithm: RSA - 1.2.840.113549.1.1.1 Public Key: Exponent: 65537 Public Key Modulus: (2048 bits) : A6:66:8A:94:6F:C8:47:4B:A1:3F:32:6A:E5:8A:64:25: 84:B1:E5:3D:DC:65:25:99:F7:75:ED:0A:F2:F1:D6:0A: EC:81:A8:CF:6D:98:84:AC:A1:26:07:39:D0:A6:FD:CE: AF:AD:5C:30:48:C9:27:E4:73:23:8D:6B:09:18:A3:5D: 66:8B:81:9A:50:35:5A:E8:8C:0E:35:85:AF:B5:9E:C4: 65:1D:DF:89:54:96:58:86:E9:54:1D:21:D9:10:32:7F: 6B:8C:6F:96:F3:04:C4:38:F0:B1:95:40:54:C1:40:73: 23:26:77:5C:37:B4:78:22:0D:EC:D0:4B:C2:1E:DE:7D: 96:63:46:09:67:F2:61:FB:68:41:9A:52:E8:36:B4:EA: A3:DA:78:AE:75:76:59:2C:B3:2D:85:4F:DF:EF:8A:5D: 05:30:FE:11:78:80:90:48:CD:F2:3D:76:6D:AD:99:BF: 99:83:C8:3A:9A:9F:95:83:31:FF:5A:F4:46:C3:C0:C9: C5:29:4E:FF:48:40:C2:BE:B6:B6:8E:B4:0D:3C:AB:BF: 75:1B:01:BC:67:73:AA:01:09:0E:E3:5A:5A:B9:FF:91: 2C:F6:C2:8A:DB:5B:67:3B:57:D8:CB:82:C6:12:8D:32: DE:60:80:2E:94:28:9F:23:30:46:F5:B8:AC:01:3F:03 Extensions: Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Key CertSign Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1 Critical: no Certificate Usage: Object Signing Signature: Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Signature: 9C:C4:47:15:15:76:46:B9:50:5F:7C:2A:CF:4B:8F:86: 3A:F7:2A:22:20:54:58:B3:02:EC:09:86:68:3F:CA:F0: 66:55:B8:6A:9A:ED:13:F7:1A:CF:79:DB:98:52:92:1B: 5A:12:F3:80:D9:FD:DD:F0:9E:F4:81:85:D6:DF:04:B8: 79:F5:81:FD:78:99:D1:64:F4:BC:43:E8:C8:46:48:3D: 55:29:E5:79:04:C9:83:E9:08:9E:05:19:79:60:52:51: 44:9F:00:8E:81:AE:07:5A:14:1E:2E:B3:B8:B4:C9:62: 53:A2:B4:61:FD:37:BA:F4:CD:D4:28:D5:5F:C7:C2:C9: B0:FB:7F:9C:6D:A7:41:6F:D7:D3:27:49:2C:24:FB:9B: 93:79:DF:9A:43:7F:8B:44:2D:C5:D1:40:05:2F:FF:14: E9:EC:5E:4E:F3:8A:69:F0:17:B3:D7:88:95:4E:D2:9A: CE:AB:1E:AB:92:BB:10:A0:AC:45:77:D6:E3:38:F5:15: EC:12:61:A1:1A:4C:7C:81:AD:CC:30:02:B1:32:05:B7: 64:0B:97:1D:C1:F2:54:56:F3:45:59:7A:DF:62:20:B2: EB:20:66:4C:24:1B:AE:E7:26:A8:2D:0C:17:17:D1:E2: A1:F3:C2:90:FD:43:BA:EF:4F:31:4F:DB:F2:7F:0A:BF FingerPrint MD2: 2B:E7:39:53:38:28:68:11:65:8A:E3:7B:36:4E:A9:44 MD5: 68:3F:AF:2C:38:37:E8:3E:5A:B5:4E:AE:40:54:2F:12 SHA1: D2:E1:1C:C4:CD:53:03:2C:62:CC:4F:68:60:52:A3:DC: 2F:2B:64:89 SHA256: B8:DA:7A:D4:79:75:63:2B:59:D4:C5:B9:61:3C:59:60: E6:A3:7C:38:EE:55:48:45:CB:B8:91:D0:CB:C7:E6:5F SHA512: 8F:E1:12:D0:A5:D7:C0:B0:77:D6:56:22:B7:4C:96:D3: 8F:F0:8E:0B:25:8D:48:E5:8F:15:44:44:B0:51:B4:96: AE:DC:01:B1:EF:34:E5:48:20:CB:31:6B:00:20:3B:F4: 30:1D:86:74:B1:CA:4F:4F:DD:6C:20:2B:75:DB:89:51-----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K 8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW 4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- certmonger-0.79.19/tests/019-dparse/good.profileList0000644000175000017500000004370514511314133021540 0ustar gitgit00000000000000 This certificate profile is for enrolling user certificates. true Manual User Dual-Use Certificate Enrollment admin caUserCert true This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15 true Manual User Dual-Use S/MIME capabilities Certificate Enrollment admin caUserSMIMEcapCert true This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later. true Manual User Signing & Encryption Certificates Enrollment admin caDualCert true This profile is for enrolling audit log signing certificates true Manual Log Signing Certificate Enrollment admin caSignedLogCert true This certificate profile is for enrolling TPS server certificates. true Manual TPS Server Certificate Enrollment admin caTPSCert true This certificate profile is for enrolling router certificates. true RA Agent-Authenticated Router Certificate Enrollment admin caRARouterCert false This certificate profile is for enrolling router certificates. true One Time Pin Router Certificate Enrollment admin caRouterCert false This certificate profile is for enrolling server certificates. true Manual Server Certificate Enrollment admin caServerCert true This certificate profile is for enrolling other certificates. true Other Certificate Enrollment admin caOtherCert true This certificate profile is for enrolling Certificate Authority certificates. true Manual Certificate Manager Signing Certificate Enrollment admin caCACert true This certificate profile is for enrolling Security Domain Certificate Authority certificates. true Manual Security Domain Certificate Authority Signing Certificate Enrollment admin caInstallCACert true This certificate profile is for enrolling Registration Manager certificates. true Manual Registration Manager Signing Certificate Enrollment admin caRACert true This certificate profile is for enrolling OCSP Manager certificates. true Manual OCSP Manager Signing Certificate Enrollment admin caOCSPCert true This certificate profile is for enrolling Data Recovery Manager transport certificates. true Manual Data Recovery Manager Transport Certificate Enrollment admin caTransportCert true This certificate profile is for enrolling user certificates with directory-based authentication. true Directory-Authenticated User Dual-Use Certificate Enrollment admin caDirUserCert true This certificate profile is for enrolling server certificates with agent authentication. true Agent-Authenticated Server Certificate Enrollment admin caAgentServerCert true This certificate profile is for getting file signing certificate with agent authentication. true Agent-Authenticated File Signing admin caAgentFileSigning true This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. true Signed CMC-Authenticated User Certificate Enrollment admin caCMCUserCert true This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. true Signed CMC-Authenticated User Certificate Enrollment admin caFullCMCUserCert false This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. true Simple CMC Enrollment Request for User Certificate admin caSimpleCMCUserCert false This profile is for enrolling token device keys true Token Device Key Enrollment admin caTokenDeviceKeyEnrollment false This profile is for enrolling Token Encryption key true Token User Encryption Certificate Enrollment admin caTokenUserEncryptionKeyEnrollment false This profile is for enrolling Token Signing key true Token User Signing Certificate Enrollment admin caTokenUserSigningKeyEnrollment false This profile is for enrolling token device keys true Temporary Device Certificate Enrollment admin caTempTokenDeviceKeyEnrollment false This profile is for enrolling Token Encryption key true Temporary Token User Encryption Certificate Enrollment admin caTempTokenUserEncryptionKeyEnrollment false This profile is for enrolling Token Signing key true Temporary Token User Signing Certificate Enrollment admin caTempTokenUserSigningKeyEnrollment false This certificate profile is for enrolling Security Domain administrator's certificates with LDAP authentication against the internal LDAP database. true Security Domain Administrator Certificate Enrollment admin caAdminCert false This certificate profile is for enrolling Security Domain server certificates. true Security Domain Server Certificate Enrollment admin caInternalAuthServerCert false This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates. true Security Domain Data Recovery Manager Transport Certificate Enrollment admin caInternalAuthTransportCert false This certificate profile is for enrolling Security Domain DRM storage certificates true Security Domain DRM storage Certificate Enrollment admin caInternalAuthDRMstorageCert false This certificate profile is for enrolling Security Domain subsystem certificates. true Security Domain Subsysem Certificate Enrollment admin caInternalAuthSubsystemCert false This certificate profile is for enrolling Security Domain OCSP Manager certificates. true Security Domain OCSP Manager Signing Certificate Enrollment admin caInternalAuthOCSPCert false This certificate profile is for enrolling audit signing certificates. true Audit Signing Certificate Enrollment admin caInternalAuthAuditSigningCert false This profile is for enrolling Domain Controller Certificate true Domain Controller admin DomainController true This certificate profile is for enrolling user certificates with RA agent authentication. true RA Agent-Authenticated User Certificate Enrollment admin caDualRAuserCert true This certificate profile is for enrolling RA agent user certificates with RA agent authentication. true RA Agent-Authenticated Agent User Certificate Enrollment admin caRAagentCert true This certificate profile is for enrolling server certificates with RA agent authentication. true RA Agent-Authenticated Server Certificate Enrollment admin caRAserverCert true This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension false Manual device Dual-Use Certificate Enrollment to contain UUID in SAN caUUIDdeviceCert true This certificate profile is for renewing SSL client certificates. true Renewal: Self-renew user SSL client certificates admin caSSLClientSelfRenewal true This certificate profile is for renewing a certificate by serial number by using directory based authentication. true Renewal: Directory-Authenticated User Certificate Self-Renew profile admin caDirUserRenewal true This certificate profile is for renewing certificates to be approved manually by agents. true Renewal: Renew certificate to be manually approved by agents admin caManualRenewal true This profile is for enrolling MS Login Certificate true Token User MS Login Certificate Enrollment admin caTokenMSLoginEnrollment false This certificate profile is for renewing a token certificate true smart card token signing cert renewal profile admin caTokenUserSigningKeyRenewal false This certificate profile is for renewing a token encryption certificate true smart card token signing cert renewal profile admin caTokenUserEncryptionKeyRenewal false This is an IPA profile for enrolling Jar Signing certificates. true Manual Jar Signing Certificate Enrollment admin caJarSigningCert false This certificate profile is for enrolling server certificates with IPA-RA agent authentication. true IPA-RA Agent-Authenticated Server Certificate Enrollment admin caIPAserviceCert false 0 certmonger-0.79.19/tests/019-dparse/good.profileReview0000644000175000017500000002740614511314133022066 0ustar gitgit00000000000000 renewal This constraint accepts the subject name that matches .*CN=.* 1 name Subject Name string CN=IPA RA,O=BOS.REDHAT.COM This default populates a User-Supplied Certificate Subject Name to the request. This constraint rejects the validity that is not between 720 days. 2 notBefore Not Before string 2012-06-25 18:21:04 notAfter Not After string 2014-06-15 18:21:04 This default populates a Certificate Validity to the request. The default values are Range=720 in days This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096 3 TYPE readonly Key Type string RSA - 1.2.840.113549.1.1.1 LEN readonly Key Length string 2048 KEY readonly Key string 30:82:01:0A:02:82:01:01:00:DA:3F:78:E3:82:53:1B:\n6F:C1:36:45:70:14:79:78:F7:23:DA:02:BF:46:D3:ED:\n89:A0:A0:8B:6F:50:F7:26:3D:C6:68:E7:BD:61:B9:CE:\nFA:B7:AC:A0:B9:8C:78:68:58:A1:2E:76:87:5A:38:7D:\n23:28:7F:60:F4:0C:C4:06:77:B9:D3:F9:9F:16:00:66:\nAB:99:24:61:90:8E:6E:76:43:1E:D6:E2:70:32:91:B2:\n61:70:54:80:2F:32:71:CE:83:64:DB:C9:49:01:18:1B:\nA5:FC:EF:CC:A9:70:C7:BB:4B:3A:9F:DE:0C:E1:E0:C2:\n59:72:F5:82:73:A9:82:5D:60:65:E0:1A:31:20:3F:22:\nBC:BC:6C:80:71:41:3F:1C:FB:82:24:EE:F1:19:F1:41:\nD0:CD:4B:16:15:F3:C7:61:E8:E8:E7:F3:1D:7A:FB:7F:\nF7:5C:55:02:B6:4F:5F:61:6E:9F:2F:53:D2:DA:80:C4:\n8B:31:1F:9C:57:3E:70:1C:72:70:25:B2:54:CD:55:D3:\n76:EA:8E:4A:FD:C8:07:7F:F5:EC:7F:A0:CC:F3:44:8D:\nAE:69:A6:36:7A:54:7F:36:BD:FA:2F:27:BA:22:55:28:\n4B:89:90:ED:04:36:E5:73:AC:21:1C:E2:AD:B4:18:3C:\n19:6C:84:CE:06:CA:E6:DA:23:02:03:01:00:01\n This default populates a User-Supplied Certificate Key to the request. No Constraint 4 critical readonly Criticality string false keyid readonly Key ID string F9:42:E8:24:38:8E:21:2E:7C:90:C6:64:52:83:20:7A:\n25:70:89:98\n This default populates an Authority Key Identifier Extension (2.5.29.35) to the request. No Constraint 5 authInfoAccessCritical Criticality boolean false authInfoAccessGeneralNames General Names string_list Record #0 Method:1.3.6.1.5.5.7.48.1 Location Type:URIName Location:http://rapier.bos.redhat.com:80/ca/ocsp Enable:true This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true} This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false 6 keyUsageCritical Criticality boolean true keyUsageDigitalSignature Digital Signature boolean true keyUsageNonRepudiation Non-Repudiation boolean true keyUsageKeyEncipherment Key Encipherment boolean true keyUsageDataEncipherment Data Encipherment boolean true keyUsageKeyAgreement Key Agreement boolean false keyUsageKeyCertSign Key CertSign boolean false keyUsageCrlSign CRL Sign boolean false keyUsageEncipherOnly Encipher Only boolean false keyUsageDecipherOnly Decipher Only boolean false This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false No Constraint 7 exKeyUsageCritical Criticality boolean false exKeyUsageOIDs Comma-Separated list of Object Identifiers string_list 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC 8 signingAlg SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA Signing Algorithm choice SHA256withRSA This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA This certificate profile is for enrolling server certificates. cert_request_type Certificate Request Type pkcs10 cert_request_type cert_request Certificate Request MIICbzCCAVcCAQAwKjEXMBUGA1UEChMOQk9TLlJFREhBVC5DT00xDzANBgNVBAMT BklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo/eOOCUxtv wTZFcBR5ePcj2gK/RtPtiaCgi29Q9yY9xmjnvWG5zvq3rKC5jHhoWKEudodaOH0j KH9g9AzEBne50/mfFgBmq5kkYZCObnZDHtbicDKRsmFwVIAvMnHOg2TbyUkBGBul /O/MqXDHu0s6n94M4eDCWXL1gnOpgl1gZeAaMSA/Iry8bIBxQT8c+4Ik7vEZ8UHQ zUsWFfPHYejo5/Mdevt/91xVArZPX2Funy9T0tqAxIsxH5xXPnAccnAlslTNVdN2 6o5K/cgHf/Xsf6DM80SNrmmmNnpUfza9+i8nuiJVKEuJkO0ENuVzrCEc4q20GDwZ bITOBsrm2iMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBsMBkha+NI3Xc921az GKdxj1RvQzq7sm0HoPmswGBUJYmxBsM60/37XbbtBvp/KF0XUwZPOm4k3I4ZgdgK odB57ccUBUMI9RRvrZgoZOvOMBsfKcS23CNPrMiIUeHr4dPQPDW6nDuZiw3LxbRs laeEO60hge9VPUga/KoQ7q+VvRXceABEz7afEGhutvttsUnrBxX4FjYWAvb35WhJ 5pxJkHgSkv1nHTWcBUY4Q/Mpa+55LqluQAHmmw17Ve3OpX5esorEV8wrlk/kHgxQ 8AQaOJbTMI2htR98NcZ/NJjf61QeZe/XZ35ejtBytrbcyJFjlgA4Cz16MlltAtHB pZmJ cert_request requestor_name Requestor Name IPA Installer string requestor_email Requestor Email string requestor_phone Requestor Phone string 0 Mon Jun 25 18:21:04 EDT 2012 10.11.8.156 Manual Server Certificate Enrollment admin caServerCert 10.11.8.156 true 17 pending Mon Jun 25 18:21:04 EDT 2012 pretty_cert pretty_print Certificate Pretty Print b64_cert pretty_print Certificate Base-64 Encoded serverCertSet certmonger-0.79.19/tests/019-dparse/good.profileSubmit.issued0000644000175000017500000000306514511314133023356 0ustar gitgit00000000000000072CN=pillbox.bos.redhat.com,OU=Engineering,O=Red Hat,L=Somerville,ST=Massachusetts,C=US2aMIIDyDCCArCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1MDQxMzIwMDMxMVoXDTE1MTAxMDIwMDMxMVowgYMxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRMwEQYDVQQHDApTb21lcnZpbGxlMRAwDgYDVQQKDAdSZWQgSGF0MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWcGlsbGJveC5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMM9VrTiHmA1bFavmJMj1rY7UjhDPeGTILN5NpyiVb1ZVUwUG4SKNi0L8SSssIBZS14KhSHMlTopKV6uDVtWg5fV/Rq6LwtBrGDoO3lVSW9D7zbgqXkWkviJuuQHS+h8Dz8x9IbV2fXM9FjyXuKB62K47PDu5q+zGtMFMdoy+kOWItrAvRuowjMKfoNaLLJ04Fb9P3NmVW9fvjZ/46pUOCpAik+nRJr/D2PA1d3s8CI34sbJZb04GNSzA+BHLJBE7PC1LDppo//g1IgDWNcp6IHSd6zwasTGzlhyMLVSfKze5qXJKS6JzX0DbbSJaZC/UN0wfzcmXya8Pd6nmvoOT0sCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTaNCP4eABBwBT/3pQoWQ+cxEo9vTBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6Ly9tYWNoZXRlLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdriiDzQIkPqzRY1nUR9jI5oTygHKqNYIj8+1oKHweyKi98L47lv2hZgtREfgUCl7PS7VLLEDAqboUEK4lJH2lstxmz2fHuQ2AOeGv6zr16u4X+woP6ZZLP6Lj/MDaueUAbOEf/qLsaw15i53YzWXOsie3rYvy/sg0Teu4VqO3E10erL8NBJkQeKKonG70f5HuVgcR5sWwIsxJi8YQuRkhW9meftppJIz05VHesguFvdpr2xWSB5vTH4prbfketIZl6g/cRfOVKrVpzilh6++ZIbeFYqd3z4vIMLedjk2hSUwK5A3bPgFlqzYii8j4scn+0mZMAsSesPzyAiutWBAX certmonger-0.79.19/tests/019-dparse/good.profileSubmit.serial.in-range0000644000175000017500000000025614511314133025037 0ustar gitgit000000000000002Request Deferred - defer request 12 certmonger-0.79.19/tests/019-dparse/run.sh0000755000175000017500000000214014511314133017521 0ustar gitgit00000000000000#!/bin/bash -e count=0 for role in agent end-user ; do for good in good.profileSubmit* ; do $toolsdir/dparse submit $role $good count=`expr $count + 1` done for good in good.profileReview* ; do $toolsdir/dparse review $role $good count=`expr $count + 1` done for good in good.checkRequest* ; do $toolsdir/dparse check $role $good count=`expr $count + 1` done for good in good.displayCertFromRequest* ; do $toolsdir/dparse fetch $role $good count=`expr $count + 1` done for good in good.profileList* ; do $toolsdir/dparse profiles $role $good count=`expr $count + 1` done for bad in bad.profileSubmit* ; do $toolsdir/dparse submit $role $bad count=`expr $count + 1` done for bad in bad.profileReview* ; do $toolsdir/dparse review $role $bad count=`expr $count + 1` done for bad in bad.profileProcess* ; do $toolsdir/dparse approve $role $bad count=`expr $count + 1` done for bad in bad.checkRequest* ; do $toolsdir/dparse check $role $bad count=`expr $count + 1` done for bad in bad.displayCertFromRequest* ; do $toolsdir/dparse fetch $role $bad count=`expr $count + 1` done done echo $count samples. certmonger-0.79.19/tests/020-xparse/0000755000175000017500000000000014511314133016375 5ustar gitgit00000000000000certmonger-0.79.19/tests/020-xparse/certmaster-fault.xml0000644000175000017500000000056214511314133022404 0ustar gitgit00000000000000\n \n \n \n \n faultCode\n 1\n \n \n faultString\n <type 'exceptions.AttributeError'>:'NoneType' object has no attribute 'replace'\n \n \n \n \n certmonger-0.79.19/tests/020-xparse/certmaster-rep1.xml0000644000175000017500000000041014511314133022130 0ustar gitgit00000000000000\n \n \n \n \n 0\n \n \n \n \n \n \n certmonger-0.79.19/tests/020-xparse/certmaster-rep2.xml0000644000175000017500000000564414511314133022147 0ustar gitgit00000000000000\n \n \n \n \n 1\n -----BEGIN CERTIFICATE-----\n MIIDdzCCAl+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVU4x\n CzAJBgNVBAgTAkZDMRgwFgYDVQQHEw9DZXJ0bWFzdGVyLXRvd24xEzARBgNVBAoT\n CmNlcnRtYXN0ZXIxEjAQBgNVBAsTCXNsYXZlLWtleTEXMBUGA1UEAxMOcGlsbGJv\n eC1DQS1LRVkxIjAgBgkqhkiG9w0BCQEWE3Jvb3RAcGlsbGJveC1DQS1LRVkwHhcN\n MTIwNjI4MjEzNjAxWhcNMjIwNjI2MjEzNjAxWjBUMQswCQYDVQQGEwJYWDEVMBMG\n A1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRk\n MRAwDgYDVQQDDAdwaWxsYm94MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n AQEA1g9fJTL+md6eBo8XHguQjsGAVUzx7qYx9FeSah245MMmseWLtPCUrdrOuynl\n h3Gjsz80/1R/+1Peu0MF7H7ZPDViQA1HyjCwVzGFjGZRpztxA1BZmh5OUXoX8ib/\n kJejSz89CjYOsdNHMFJbNNHt+ehDVpdJdeVIvfQHPe2sWX2Sn0O/DoXJBOi3epz2\n BY/Nv5MfDm2Ub7ttt3qBmfwDBaEFzXWStqC+Nwto4L3hh5b/+tyAmr9zXXzTPhNA\n KrH6cJlavy2x8/KWJTZZyex4nnw7dKrdJ0jaPk6XXjbtt/pSlMyBuJ4BAPURy9xH\n Nn6f98YVIqqhr9nyak6chpxiGwIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3\n DQEBBQUAA4IBAQAQUbrGIbJPngNSLtHjPrXPEwe02fmEppsn68YD3/aCzkPVUfXK\n cAYtfYBaKjLCyAqKZ+vbSzr7YVP78KsAic4nN3/oPYBIAKFi082gAdrlx7FdmoyV\n gBvY0Kd/mJSwgDLK+PZp/wIKge5La58Mycd08W4MUov2pqQ/fE9ttuGgABFyP689\n 0nLHAMHxjSheELOAlW0gN4wQ9wRQUj08Sv2G+BtCv2AW6F3Z5G2T3SToj2315n4J\n aVDvqM54bCRWtcPY09Eq1R0lj+N/2kXJQSrOHqs6rB1WN1RNGm05ALbWiK4blEAy\n uE0VFNHxlvhSOYhDcru8w3jpiEjdkMSNbPP3\n -----END CERTIFICATE-----\n \n -----BEGIN CERTIFICATE-----\n MIIDxDCCAqygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVU4x\n CzAJBgNVBAgTAkZDMRgwFgYDVQQHEw9DZXJ0bWFzdGVyLXRvd24xEzARBgNVBAoT\n CmNlcnRtYXN0ZXIxEjAQBgNVBAsTCXNsYXZlLWtleTEXMBUGA1UEAxMOcGlsbGJv\n eC1DQS1LRVkxIjAgBgkqhkiG9w0BCQEWE3Jvb3RAcGlsbGJveC1DQS1LRVkwHhcN\n MTEwNDExMTcyODM2WhcNMjEwNDA4MTcyODM2WjCBmjELMAkGA1UEBhMCVU4xCzAJ\n BgNVBAgTAkZDMRgwFgYDVQQHEw9DZXJ0bWFzdGVyLXRvd24xEzARBgNVBAoTCmNl\n cnRtYXN0ZXIxEjAQBgNVBAsTCXNsYXZlLWtleTEXMBUGA1UEAxMOcGlsbGJveC1D\n QS1LRVkxIjAgBgkqhkiG9w0BCQEWE3Jvb3RAcGlsbGJveC1DQS1LRVkwggEiMA0G\n CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwfo2nlmBk5FLuMjxQxP5HS4/GFa2Q\n oXCvRjjGlTQktAxJieqHQAEwbJJVSxPhTFLgUkM8vgSTM2ASe/FJkmtHxXg3n+iI\n 55P0DB4f2EuvlkqCCKiBNbv1a9H/7+MbB63oXYv7lVOra44HvQn8d328u4KLVVx5\n WUjW/7oCkEqJeF7W7vpYho2M+jQa2bp9e7qObjleyaQxZaw17Ol+bcZNMkEaI506\n mMgUAEGWzIJq0NUJXi+MyD4piWBVuxW8qydSp4eRvnYL9xzYYRtu/yejkm0wCOur\n SJXH1v6/eX7HGcZH16ShZf69ha/g0cKT53W4cF73SiSKNpiRZo/hpt7pAgMBAAGj\n EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIa4H0qB0Xxr\n samX/S5yovawF+pJYpFl2Jidtbycsn+Ujj66HgS1X2sZqDTe9nZeseg0nHuaDuKc\n kawkV9Jhyr6iRclxNQY/kKhNr870HXXp1www0N8fKuRQj4DCHXxU7qoHaulPAoPY\n rpzQyGjlFe4g9afMvrN1gJsypYjRM9p6R88sZkgM+J3JMONkE7TQEoLtbxUirNOl\n SnUcmqauS3+HZpHFnWmvgrcAw9KoDgqyjlYInx/QvrgyN9Jqe/RuSQoME70IZbm3\n nTB6fRrM8l4FA9rV66zwslxVY53K4xr+ECoelOkP0GI2xhWB8yyg5fZqihiKCYAI\n OpXl+itr2hs=\n -----END CERTIFICATE-----\n \n \n \n \n \n certmonger-0.79.19/tests/020-xparse/certmaster-req.xml0000644000175000017500000000227014511314133022056 0ustar gitgit00000000000000\r\n \r\n wait_for_cert\r\n \r\n -----BEGIN CERTIFICATE REQUEST-----\n MIICmTCCAYECAQAwVDELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0\n eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UEAwwHcGlsbGJv\n eDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYPXyUy/pnengaPFx4L\n kI7BgFVM8e6mMfRXkmoduOTDJrHli7TwlK3azrsp5Ydxo7M/NP9Uf/tT3rtDBex+\n 2Tw1YkANR8owsFcxhYxmUac7cQNQWZoeTlF6F/Im/5CXo0s/PQo2DrHTRzBSWzTR\n 7fnoQ1aXSXXlSL30Bz3trFl9kp9Dvw6FyQTot3qc9gWPzb+THw5tlG+7bbd6gZn8\n AwWhBc11kragvjcLaOC94YeW//rcgJq/c1180z4TQCqx+nCZWr8tsfPyliU2Wcns\n eJ58O3Sq3SdI2j5Ol1427bf6UpTMgbieAQD1EcvcRzZ+n/fGFSKqoa/Z8mpOnIac\n YhsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBbhv9TESHRQNF/JIMTzjvtaQb5\n yh/Vy0+uLY2OcvD05+vAYYfbHYXQbqC30MbsHTRMJtR5TyF9Ow+1CTHpEgUmuSQN\n iiGMGH1D1tYmCxZU3vdtpxtyg7DhB7dYmbco0VCkcG3od36NyWobwTUOycW6/ffY\n JoLvI/pWB4+G8Fi9CiSXPv8nVO4Gy/7GSglo95wt2YD05QdzgbFTphvw74FvY3YC\n //TmUBtMV9QNGIJOEWeGFo6rSp009VCqJvqjn8484Tp0is1KOKSD6rN/qDFhZjqR\n T2Hb1euQWUtde1987Yx9c2gK8LgQAdp68yzt+hTc45/IAtTlJbFiGj25O2+B\n -----END CERTIFICATE REQUEST-----\n \r\n \r\n \r\n certmonger-0.79.19/tests/020-xparse/ipa-fault.xml0000644000175000017500000000057114511314133021004 0ustar gitgit00000000000000\n \n \n \n \n faultCode\n 4005\n \n \n faultString\n The realm for the principal does not match the realm for this IPA server\n \n \n \n \n certmonger-0.79.19/tests/020-xparse/ipa-rep-new.xml0000644000175000017500000000506714511314133021253 0ustar gitgit00000000000000\n \n \n \n \n \n result\n \n \n certificate\n MIIDpTCCAo2gAwIBAgIBEzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDYyODIwMzQxMloXDTE0MDYyOTIwMzQxMlowOTEXMBUGA1UEChMOQk9TLlJFREhBVC5DT00xHjAcBgNVBAMTFXJhcGllci5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUZHqhLFLVCOgPTwNIEoXVDk2uN07YRB4s4knYEB60T8eZRnaqnlgX2w0nOJaWRyYyhTVaoNcDAfB9aSTlQdKzablocALCyhwkmeQfayr26wBuGLg5s/9ijupytyGmHFyuMe86ac7neDlPNz15gvkVqKCh0oQImhouZsN5mj2Nel9j5zi/2Pd+CdCLJ3o5mdNzkaQ8dBCw/Xo++Nu3V6+JkHfaF4dRm3foIKotaHjvQWt11KEayUt1LOUi/KZkqTw4hDxPKZbI5v7VLPHPEkqx5djUk0nf3+GaYgcbzaxRd+rRUNXeT2K7b+nE0pINkcIYAEwSOpVhlp5MasM6ZXZkCAwEAAaOBtzCBtDAfBgNVHSMEGDAWgBT5QugkOI4hLnyQxmRSgyB6JXCJmDBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9yYXBpZXIuYm9zLnJlZGhhdC5jb206ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTEBGvtAjA6AT5ijY5bl23eIbgKBDANBgkqhkiG9w0BAQsFAAOCAQEAoD4Ec81UTuajxXd9TvC9wIGsugkuzuUFxZuFjOkFJslCbTZOIQrr646ulmzY1ysFNxLBulfRQYwQEyoROCZG259QVUgqI0h7lcvmboscaNG4aFGi4gUxRa0IzHfEswskZr+FXSw2KUkNCUJzfP/9pC2r4hvMoxu6bKRbqPtY5woI/zG7WfB8U5Nk8cnCoGLWdRh3fVItPAVOy3GC3L/1WiQdVeHrT19ee4oYpRMMEIgocwakIdvJF0OXJ/239QuxtQrhlKdDpq0Ad9Yd9lnmOEFYanEE+36L3VjtXaB9giPx5uUcR733+bTy8cBvj8s5/EDo20u8YYhpM5gSBwBbzw==\n \n \n issuer\n CN=Certificate Authority,O=BOS.REDHAT.COM\n \n \n valid_not_before\n Thu Jun 28 20:34:12 2012 UTC\n \n \n valid_not_after\n Sun Jun 29 20:34:12 2014 UTC\n \n \n request_id\n 30\n \n \n serial_number\n 19\n \n \n md5_fingerprint\n 95:2a:e3:78:75:40:aa:0a:8f:21:1b:76:0e:91:a3:f4\n \n \n serial_number_hex\n 0x13\n \n \n sha1_fingerprint\n f0:1e:8e:df:8e:39:dd:67:77:98:53:98:95:8f:4b:27:2d:01:4d:11\n \n \n subject\n CN=rapier.bos.redhat.com,O=BOS.REDHAT.COM\n \n \n \n \n \n \n \n certmonger-0.79.19/tests/020-xparse/ipa-req.xml0000644000175000017500000000261514511314133020461 0ustar gitgit00000000000000\r\n \r\n cert_request\r\n \r\n \r\n MIICpzCCAY8CAQAwYjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEeMBwGA1UEAwwVcmFwaWVyLmJvcy5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRkeqEsUtUI6A9PA0gShdUOTa43TthEHiziSdgQHrRPx5lGdqqeWBfbDSc4lpZHJjKFNVqg1wMB8H1pJOVB0rNpuWhwAsLKHCSZ5B9rKvbrAG4YuDmz/2KO6nK3IaYcXK4x7zppzud4OU83PXmC+RWooKHShAiaGi5mw3maPY16X2PnOL/Y934J0IsnejmZ03ORpDx0ELD9ej7427dXr4mQd9oXh1Gbd+ggqi1oeO9Ba3XUoRrJS3Us5SL8pmSpPDiEPE8plsjm/tUs8c8SSrHl2NSTSd/f4ZpiBxvNrFF36tFQ1d5PYrtv6cTSkg2RwhgATBI6lWGWnkxqwzpldmQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAAMr/GTVLiEYH3zfCZ0X9b7L9uVdHL5ko2clWNL66d47wa+eGLI/b4l0KXyywBzY+X/KvkEMno0W6xLxbP8t8qZqUAfHOmgMF41NWJce4KLPvjBjMQqE562qcYpRQe0+w7tDPxOpZNreVT+9I2PxQM2aK3AerGkJO+tPD09bOM1u3VXxE4BX1OOzSFrDT0kl9c2S+q1b9CXydLhtbKwpU74NpLfERZfQhVq4sOY6ZCuf2TLTSM5lz1LGF/EFgrbSrJkaiSXE+myTrySSZOnYPQ/VaiCVO3PRZCpGY3OvnbIcke5Wl9ckTktLLv7CIqLftHbQ2zBwgCakhHvCnq1XZAc=\r\n \r\n \r\n principal\r\n imap/rapier.bos.redhat.com@BOS.REDHAT.COM\r\n add\r\n 1\r\n \r\n \r\n \r\n certmonger-0.79.19/tests/021-resume/0000755000175000017500000000000014511314133016374 5ustar gitgit00000000000000certmonger-0.79.19/tests/021-resume/expected.out0000644000175000017500000004331014511314133020727 0ustar gitgit00000000000000[NEWLY_ADDED] NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [CA_REJECTED] CA_REJECTED -START- CA_REJECTED -STUCK- (4:0) [CA_UNCONFIGURED] CA_UNCONFIGURED -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [CA_UNREACHABLE] CA_UNREACHABLE -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [CA_WORKING] CA_WORKING -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [GENERATING_CSR] GENERATING_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [GENERATING_KEY_PAIR] GENERATING_KEY_PAIR -(RESET)- NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [GENERATING_SCEP_DATA] GENERATING_SCEP_DATA -(RESET)- NEED_SCEP_DATA -START- GENERATING_SCEP_DATA NEED_SCEP_ENCRYPTION_CERT -STUCK- (4:0) [HAVE_CSR] HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [HAVE_KEYINFO] HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [HAVE_KEY_PAIR] HAVE_KEY_PAIR -START- NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [HAVE_SCEP_DATA] HAVE_SCEP_DATA -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [MONITORING] MONITORING -START- delay=86400 MONITORING -STOP- [NEED_CA] NEED_CA -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_CA_CERT_SAVE_PERMS] NEED_CA_CERT_SAVE_PERMS -(RESET)- NEED_TO_SAVE_CA_CERTS -START- START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_CERTSAVE_PERMS] NEED_CERTSAVE_PERMS -(RESET)- NEED_TO_SAVE_CERT -START- PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_CSR] NEED_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_CSR_GEN_PIN] NEED_CSR_GEN_PIN -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_CSR_GEN_TOKEN] NEED_CSR_GEN_TOKEN -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_GUIDANCE] NEED_GUIDANCE -START- NEED_GUIDANCE -STUCK- (4:0) [NEED_KEY_GEN_PERMS] NEED_KEY_GEN_PERMS -(RESET)- NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_KEY_GEN_PIN] NEED_KEY_GEN_PIN -(RESET)- NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_KEY_GEN_TOKEN] NEED_KEY_GEN_TOKEN -(RESET)- NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_KEYINFO] NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_KEYINFO_READ_PIN] NEED_KEYINFO_READ_PIN -(RESET)- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_KEYINFO_READ_TOKEN] NEED_KEYINFO_READ_TOKEN -(RESET)- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_KEY_PAIR] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_ONLY_CA_CERT_SAVE_PERMS] NEED_ONLY_CA_CERT_SAVE_PERMS -(RESET)- NEED_TO_SAVE_ONLY_CA_CERTS -START- START_SAVING_ONLY_CA_CERTS SAVING_ONLY_CA_CERTS MONITORING -STOP- [NEED_SCEP_DATA] NEED_SCEP_DATA -START- GENERATING_SCEP_DATA NEED_SCEP_ENCRYPTION_CERT -STUCK- (4:0) [NEED_SCEP_ENCRYPTION_CERT] NEED_SCEP_ENCRYPTION_CERT -(RESET)- NEED_SCEP_DATA -START- GENERATING_SCEP_DATA NEED_SCEP_ENCRYPTION_CERT -STUCK- (4:0) [NEED_SCEP_GEN_PIN] NEED_SCEP_GEN_PIN -(RESET)- NEED_SCEP_DATA -START- GENERATING_SCEP_DATA NEED_SCEP_ENCRYPTION_CERT -STUCK- (4:0) [NEED_SCEP_GEN_TOKEN] NEED_SCEP_GEN_TOKEN -(RESET)- NEED_SCEP_DATA -START- GENERATING_SCEP_DATA NEED_SCEP_ENCRYPTION_CERT -STUCK- (4:0) [NEED_SCEP_RSA_CLIENT_KEY] NEED_SCEP_RSA_CLIENT_KEY -(RESET)- NEED_SCEP_DATA -START- GENERATING_SCEP_DATA NEED_SCEP_ENCRYPTION_CERT -STUCK- (4:0) [NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED] NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED -START- NOTIFYING_ISSUED_CA_SAVE_FAILED NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_TO_NOTIFY_ISSUED_SAVED] NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_TO_NOTIFY_ISSUED_SAVE_FAILED] NEED_TO_NOTIFY_ISSUED_SAVE_FAILED -START- NOTIFYING_ISSUED_SAVE_FAILED START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED] NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED -START- NOTIFYING_ONLY_CA_SAVE_FAILED MONITORING -STOP- [NEED_TO_NOTIFY_REJECTION] NEED_TO_NOTIFY_REJECTION -START- NOTIFYING_REJECTION CA_REJECTED -STUCK- (4:0) [NEED_TO_NOTIFY_VALIDITY] NEED_TO_NOTIFY_VALIDITY -(RESET)- MONITORING -START- delay=86400 MONITORING -STOP- [NEED_TO_READ_CERT] NEED_TO_READ_CERT -START- READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_TO_SAVE_CA_CERTS] NEED_TO_SAVE_CA_CERTS -START- START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_TO_SAVE_CERT] NEED_TO_SAVE_CERT -START- PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEED_TO_SAVE_ONLY_CA_CERTS] NEED_TO_SAVE_ONLY_CA_CERTS -START- START_SAVING_ONLY_CA_CERTS SAVING_ONLY_CA_CERTS MONITORING -STOP- [NEED_TO_SUBMIT] NEED_TO_SUBMIT -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NEWLY_ADDED] NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_DECIDING] NEWLY_ADDED_DECIDING -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_NEED_KEYINFO_READ_PIN] NEWLY_ADDED_NEED_KEYINFO_READ_PIN -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN] NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_READING_CERT] NEWLY_ADDED_READING_CERT -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_READING_KEYINFO] NEWLY_ADDED_READING_KEYINFO -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_START_READING_CERT] NEWLY_ADDED_START_READING_CERT -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NEWLY_ADDED_START_READING_KEYINFO] NEWLY_ADDED_START_READING_KEYINFO -(RESET)- NEWLY_ADDED -START- NEWLY_ADDED_START_READING_KEYINFO NEWLY_ADDED_READING_KEYINFO NEWLY_ADDED_START_READING_CERT NEWLY_ADDED_READING_CERT NEWLY_ADDED_DECIDING MONITORING -STOP- [NOTIFYING_ISSUED_CA_SAVE_FAILED] NOTIFYING_ISSUED_CA_SAVE_FAILED -(RESET)- NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED -START- NOTIFYING_ISSUED_CA_SAVE_FAILED NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NOTIFYING_ISSUED_SAVED] NOTIFYING_ISSUED_SAVED -(RESET)- NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NOTIFYING_ISSUED_SAVE_FAILED] NOTIFYING_ISSUED_SAVE_FAILED -(RESET)- NEED_TO_NOTIFY_ISSUED_SAVE_FAILED -START- NOTIFYING_ISSUED_SAVE_FAILED START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [NOTIFYING_ONLY_CA_SAVE_FAILED] NOTIFYING_ONLY_CA_SAVE_FAILED -(RESET)- NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED -START- NOTIFYING_ONLY_CA_SAVE_FAILED MONITORING -STOP- [NOTIFYING_REJECTION] NOTIFYING_REJECTION -(RESET)- NEED_TO_NOTIFY_REJECTION -START- NOTIFYING_REJECTION CA_REJECTED -STUCK- (4:0) [NOTIFYING_VALIDITY] NOTIFYING_VALIDITY -(RESET)- NEED_TO_NOTIFY_VALIDITY -START- NOTIFYING_VALIDITY delay=86400 MONITORING -STOP- [POST_SAVED_CERT] POST_SAVED_CERT -(RESET)- NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- [PRE_SAVE_CERT] PRE_SAVE_CERT -(RESET)- NEED_TO_SAVE_CERT -START- PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [READING_CERT] READING_CERT -(RESET)- NEED_TO_READ_CERT -START- READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [READING_KEYINFO] READING_KEYINFO -(RESET)- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [SAVED_CERT] SAVED_CERT -START- NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [SAVING_CA_CERTS] SAVING_CA_CERTS -(RESET)- NEED_TO_SAVE_CA_CERTS -START- START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [SAVING_CERT] SAVING_CERT -(RESET)- NEED_TO_SAVE_CERT -START- PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [SAVING_ONLY_CA_CERTS] SAVING_ONLY_CA_CERTS -(RESET)- NEED_TO_SAVE_ONLY_CA_CERTS -START- START_SAVING_ONLY_CA_CERTS SAVING_ONLY_CA_CERTS MONITORING -STOP- [START_SAVING_CA_CERTS] START_SAVING_CA_CERTS -(RESET)- NEED_TO_SAVE_CA_CERTS -START- START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [START_SAVING_CERT] START_SAVING_CERT -(RESET)- NEED_TO_SAVE_CERT -START- PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- [START_SAVING_ONLY_CA_CERTS] START_SAVING_ONLY_CA_CERTS -(RESET)- NEED_TO_SAVE_ONLY_CA_CERTS -START- START_SAVING_ONLY_CA_CERTS SAVING_ONLY_CA_CERTS MONITORING -STOP- [SUBMITTING] SUBMITTING -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT PRE_SAVE_CERT START_SAVING_CERT SAVING_CERT SAVED_CERT NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT READING_CERT POST_SAVED_CERT NEED_TO_NOTIFY_ISSUED_SAVED NOTIFYING_ISSUED_SAVED MONITORING -STOP- Test complete. certmonger-0.79.19/tests/021-resume/run.sh0000755000175000017500000001244114511314133017541 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions SAVED_CONFIG_DIR="$CERTMONGER_CONFIG_DIR" CERTMONGER_CONFIG_DIR=`pwd` cat > $tmpdir/notify.sh << EOF #!/bin/sh echo \$CERTMONGER_NOTIFICATION | sed s@"$tmpdir"@'\$tmpdir'@g EOF chmod u+x $tmpdir/notify.sh cat > certmonger.conf << EOF [defaults] notify_ttls = 30s enroll_ttls = 30s notification_method=command notification_destination=$tmpdir/notify.sh [selfsign] validity_period = 10y EOF cat > ca << EOF id=SelfSign ca_type=INTERNAL:SELF EOF # Run NEWLY_ADDED first, to get a certificate and key in place. We need to # check resumption from ALL known last-state values. for state in \ NEWLY_ADDED \ \ CA_REJECTED \ CA_UNCONFIGURED \ CA_UNREACHABLE \ CA_WORKING \ GENERATING_CSR \ GENERATING_KEY_PAIR \ GENERATING_SCEP_DATA \ HAVE_CSR \ HAVE_KEYINFO \ HAVE_KEY_PAIR \ HAVE_SCEP_DATA \ MONITORING \ NEED_CA \ NEED_CA_CERT_SAVE_PERMS \ NEED_CERTSAVE_PERMS \ NEED_CSR \ NEED_CSR_GEN_PIN \ NEED_CSR_GEN_TOKEN \ NEED_GUIDANCE \ NEED_KEY_GEN_PERMS \ NEED_KEY_GEN_PIN \ NEED_KEY_GEN_TOKEN \ NEED_KEYINFO \ NEED_KEYINFO_READ_PIN \ NEED_KEYINFO_READ_TOKEN \ NEED_KEY_PAIR \ NEED_ONLY_CA_CERT_SAVE_PERMS \ NEED_SCEP_DATA \ NEED_SCEP_ENCRYPTION_CERT \ NEED_SCEP_GEN_PIN \ NEED_SCEP_GEN_TOKEN \ NEED_SCEP_RSA_CLIENT_KEY \ NEED_TO_NOTIFY_ISSUED_CA_SAVE_FAILED \ NEED_TO_NOTIFY_ISSUED_SAVED \ NEED_TO_NOTIFY_ISSUED_SAVE_FAILED \ NEED_TO_NOTIFY_ONLY_CA_SAVE_FAILED \ NEED_TO_NOTIFY_REJECTION \ NEED_TO_NOTIFY_VALIDITY \ NEED_TO_READ_CERT \ NEED_TO_SAVE_CA_CERTS \ NEED_TO_SAVE_CERT \ NEED_TO_SAVE_ONLY_CA_CERTS \ NEED_TO_SUBMIT \ NEWLY_ADDED \ NEWLY_ADDED_DECIDING \ NEWLY_ADDED_NEED_KEYINFO_READ_PIN \ NEWLY_ADDED_NEED_KEYINFO_READ_TOKEN \ NEWLY_ADDED_READING_CERT \ NEWLY_ADDED_READING_KEYINFO \ NEWLY_ADDED_START_READING_CERT \ NEWLY_ADDED_START_READING_KEYINFO \ NOTIFYING_ISSUED_CA_SAVE_FAILED \ NOTIFYING_ISSUED_SAVED \ NOTIFYING_ISSUED_SAVE_FAILED \ NOTIFYING_ONLY_CA_SAVE_FAILED \ NOTIFYING_REJECTION \ NOTIFYING_VALIDITY \ POST_SAVED_CERT \ PRE_SAVE_CERT \ READING_CERT \ READING_KEYINFO \ SAVED_CERT \ SAVING_CA_CERTS \ SAVING_CERT \ SAVING_ONLY_CA_CERTS \ START_SAVING_CA_CERTS \ START_SAVING_CERT \ START_SAVING_ONLY_CA_CERTS \ SUBMITTING \ ; do cat > entry << EOF id=Test ca_name=SelfSign state=$state key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile post_certsave_command=sleep 0 post_certsave_uid=$UID pre_certsave_command=sleep 0 pre_certsave_uid=$UID csr=-----BEGIN CERTIFICATE REQUEST----- MIIChzCCAW8CAQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0 eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAOh7lm16/Pu9naEhm1bn5qI7w+sBtZp8oY8EC4NHZheL H4vpsC72WZK+kJPM5wnIU8P2q8i5PQHcAOcxPyrz4DQOTXUNMAoA8cR44tZ53NlQ oFFx9boRYNYL7N7TZCO8ID+aQwLxgml9NTocdsKrdttXMeAXUB7qm+07IuwgjA+Z eOkJoetenmO4YPLgrw2lmaTh8zCayR+xhsBYpoMstFHR1SUKYRIkpIU2A1LQXivO +/UYy5Qj/4An6sO2owPfhjwYRPO14ORUozgsnfh5cz3be8zDPXVn/eOkrkvV8ySV ySHFkfR/jJIR4GrOKi23L7a6qHgoGsq/bwAxIDI5CZECAwEAAaAAMA0GCSqGSIb3 DQEBBQUAA4IBAQAL2wJHstZFF4p8L19Zxo3KUHdmqIQSyo1C4ZoI0WICIS2+htgQ 8b5DCwwD/Sv/rx/NZtrIVfQIlGxENo7lS/OyvtZSd19wmbrWA0ZTtlcf8K2PMaWN lqhXNtqPI5lEMlcYfbV9wycAfVasJdKGLYkemX2Hl+aeWZ4+3bx3LM+67PE4er5O 06Ag3gFY29pybQCdFQ4eE5inQ6UH6vZavUDNypaakRfLZBxNBvArHSfSlQjyWT/T lQl3PmmpFKLkwakTI1czUsezQCAkAU22VGWmy1iq4EpDXN9nzrtF0Ol9sZcUMIWd K+MWdtm/7jrBfPolQwYYTwXpDXIfFyKOuomW -----END CERTIFICATE REQUEST----- EOF cat > $tmpdir/keyfile << EOF -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDoe5Ztevz7vZ2h IZtW5+aiO8PrAbWafKGPBAuDR2YXix+L6bAu9lmSvpCTzOcJyFPD9qvIuT0B3ADn MT8q8+A0Dk11DTAKAPHEeOLWedzZUKBRcfW6EWDWC+ze02QjvCA/mkMC8YJpfTU6 HHbCq3bbVzHgF1Ae6pvtOyLsIIwPmXjpCaHrXp5juGDy4K8NpZmk4fMwmskfsYbA WKaDLLRR0dUlCmESJKSFNgNS0F4rzvv1GMuUI/+AJ+rDtqMD34Y8GETzteDkVKM4 LJ34eXM923vMwz11Z/3jpK5L1fMklckhxZH0f4ySEeBqziotty+2uqh4KBrKv28A MSAyOQmRAgMBAAECggEAPZQWuTL9dXS5Huf27GMKfOhVsZbHUn82j9ojbodn7E6G cZnZd+b6vNrLEssQW0/7mAlrYQRnu2lZt+McdzUXqtIrBBkVI2EyqLbYZrTqoYkw ncIQs1NNEgUgnbjianC3HgGvREVSJLzsb1MAxfmCxwBmjpO+PiIoYQLr8h2A29Rq oHC6eTnQFveqcPT68t7Zx/i8ckQ8VAzx3RNC7/6I/o+0wqw+4/HPREl1dopr/e9c Z+kir+wTMs35B6hx0eBmq2A7D2FTnryaPmOcrPMhQM1LM1gEw9Dt88h6dPTDZuVC /YRNJFa7c264vvIix5xBC3Hwb17zVtRk9DHfK2fvXQKBgQD6nL8YGas4JC6GqwlG 3z5UL4CYI8XA85QbxxdAZfFVRK4f9VMTci1oy6OFlP2iTccm2mWwVqo2QhbtUW7i 9HUuDyDM6OLfXi+UFASiHNh3X0w+op8s1VdW4dnDHU+dbldcjiccsFof4Qw2zXZc fbnA2zSqgPqNCOITrjsT5rh7hwKBgQDtexCNiUHiUj3lxj/3pWcwHyUIXIghV4b3 WpJY3gSC20hwU0HU+UA60umMeWHZdcasZcGBe6O2DtAte+7NOZMvySwrb3CkDdjU hT2LJmpuJd6u31L5jEsVv9nHz6MDYdl3FH39RZ9u0AxPnb4vFT69VTRSoDEvlWuC kawkui4IJwKBgHIM3YZZQCt3g9jzg3BGbnYffBVAymFKOI//pdw/yHl2nQucOKdz 4ah8bDmBmX/Ah65t27NJbYLtxsNPuPf+KknAxruaDI18rohkJ8ui9vw0WV1z4p6j pHC8rb5222GY8pcDdlc/BnTVlRpnnMLw0JUs7SXfNqbycPhl5SrkZ/aHAoGAFMGM 0NIOUBmgD1UkgiCSxEH0mqZ7v25G/ZeM8vd0rXs8+ZRNTK/8TSfiAcUaKEeC9c5u +0IzLNZem5sZZBaEJskOcz1qOux65xg+KMtSwg3NSLt8JRN9/IioIC6lsMX8m8vO tzQ+mxDUAqFm3fadZS7tQ8t8gQwuOVtCEHO1UkECgYEAo9/E3SYRxEZVh6uVqlH1 LE6J0LZP6srcjAhBO1trEvb4+d5y4CE8G7Hd3HwdbfOt5xQtul+NCdIw3gozCjYh p5GMs+J0kQYUN5eg5FJob/NO5KkhwCKL1qi81MNrpNy6c12yqXJmEtpI2Ztdh20B R+ZCDmP9ibR2p8qmiVGnTDg= -----END PRIVATE KEY----- EOF echo "["$state"]" $toolsdir/iterate ca entry "" MONITORING echo "" done CERTMONGER_CONFIG_DIR="$SAVED_CONFIG_DIR" echo Test complete. certmonger-0.79.19/tests/022-base64/0000755000175000017500000000000014511314133016161 5ustar gitgit00000000000000certmonger-0.79.19/tests/022-base64/expected.out0000644000175000017500000000000414511314133020505 0ustar gitgit00000000000000OK. certmonger-0.79.19/tests/022-base64/run.sh0000755000175000017500000000174714511314133017335 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" middle=40 top=200 for length in `seq $top` ; do dd if=/dev/urandom bs=1 count=$length of=raw.$length base64 < raw.$length > encoded1.$length base64 -d -i < encoded1.$length > decoded1.$length $toolsdir/base64 -e < raw.$length > encoded2.$length $toolsdir/base64 -d < encoded2.$length > decoded2.$length $toolsdir/base64 -d < encoded1.$length > decoded3.$length if test $length -le $middle ; then if ! cmp -s $tmpdir/encoded1.$length $tmpdir/encoded2.$length ; then echo Encodings differ: od -Ad -t x1c $tmpdir/raw.$length diff -u $tmpdir/encoded1.$length $tmpdir/encoded2.$length exit 1 fi fi if ! cmp -s $tmpdir/decoded1.$length $tmpdir/decoded2.$length ; then echo Decodings differ: diff -u $tmpdir/decoded1.$length $tmpdir/decoded2.$length exit 1 fi if ! cmp -s $tmpdir/decoded1.$length $tmpdir/decoded3.$length ; then echo Decodings differ: diff -u $tmpdir/decoded1.$length $tmpdir/decoded3.$length exit 1 fi done echo OK. certmonger-0.79.19/tests/023-cadata/0000755000175000017500000000000014511314133016313 5ustar gitgit00000000000000certmonger-0.79.19/tests/023-cadata/expected.out0000644000175000017500000000674614511314133020662 0ustar gitgit00000000000000[missing] CA helper provided data. Error 255 [i] id=CADataRetrievalTest ca_aka=Best. CA. Ever. ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh [r] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_required_renewal_attributes=template-principal [e] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_required_enroll_attributes=template-profile,template-principal [d] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_default_profile=DefaultTemplate [p] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_profiles=DefaultTemplate,OtherTemplate,ThirdTemplate [c] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_root_certs=Root 1 -----BEGIN CERTIFICATE----- This is a certificate. Not a real one. -----END CERTIFICATE----- Root 2 -----BEGIN CERTIFICATE----- This is a second certificate. Not a real one. -----END CERTIFICATE----- ca_other_root_certs=Other Root 1 -----BEGIN CERTIFICATE----- This is a third certificate. Not a real one. -----END CERTIFICATE----- Other Root 2 -----BEGIN CERTIFICATE----- This is a fourth certificate. Not a real one. -----END CERTIFICATE----- ca_other_certs=Other Random Certificate 1 -----BEGIN CERTIFICATE----- This is a fifth certificate. Not a real one. -----END CERTIFICATE----- Other Random Certificate 2 -----BEGIN CERTIFICATE----- This is a sixth certificate. Not a real one. -----END CERTIFICATE----- [s] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_encryption_cert=-----BEGIN CERTIFICATE----- This is a certificate. Not a real one. -----END CERTIFICATE----- ca_encryption_issuer_cert=-----BEGIN CERTIFICATE----- This is a second certificate. Not a real one. -----END CERTIFICATE----- [C] id=CADataRetrievalTest ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_capabilities=GetNextCACert,POSTPKIOperation,Renewal,SHA-512,SHA-256,SHA-1,DES3 [all] id=CADataRetrievalTest ca_aka=Best. CA. Ever. ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/helper.sh ca_root_certs=Root 1 -----BEGIN CERTIFICATE----- This is a certificate. Not a real one. -----END CERTIFICATE----- Root 2 -----BEGIN CERTIFICATE----- This is a second certificate. Not a real one. -----END CERTIFICATE----- ca_other_root_certs=Other Root 1 -----BEGIN CERTIFICATE----- This is a third certificate. Not a real one. -----END CERTIFICATE----- Other Root 2 -----BEGIN CERTIFICATE----- This is a fourth certificate. Not a real one. -----END CERTIFICATE----- ca_other_certs=Other Random Certificate 1 -----BEGIN CERTIFICATE----- This is a fifth certificate. Not a real one. -----END CERTIFICATE----- Other Random Certificate 2 -----BEGIN CERTIFICATE----- This is a sixth certificate. Not a real one. -----END CERTIFICATE----- ca_required_enroll_attributes=template-profile,template-principal ca_required_renewal_attributes=template-principal ca_profiles=DefaultTemplate,OtherTemplate,ThirdTemplate ca_default_profile=DefaultTemplate ca_capabilities=GetNextCACert,POSTPKIOperation,Renewal,SHA-512,SHA-256,SHA-1,DES3 ca_encryption_cert=-----BEGIN CERTIFICATE----- This is a certificate. Not a real one. -----END CERTIFICATE----- ca_encryption_issuer_cert=-----BEGIN CERTIFICATE----- This is a second certificate. Not a real one. -----END CERTIFICATE----- OK. certmonger-0.79.19/tests/023-cadata/run.sh0000755000175000017500000000456114511314133017464 0ustar gitgit00000000000000#!/bin/bash -e cd $tmpdir cat > $tmpdir/ca <<- EOF id=Lostie ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh EOF echo '['missing']' $toolsdir/cadata -c $tmpdir/ca || echo Error $? cat > $tmpdir/helper.sh << EOF #!/bin/bash case "\$CERTMONGER_OPERATION" in IDENTIFY) echo Best. CA. Ever. exit 0 ;; GET-DEFAULT-TEMPLATE) echo DefaultTemplate exit 0 ;; GET-SUPPORTED-TEMPLATES) echo DefaultTemplate,OtherTemplate echo ThirdTemplate exit 0 ;; GET-RENEW-REQUEST-REQUIREMENTS) echo CERTMONGER_REQ_PRINCIPAL exit 0 ;; GET-NEW-REQUEST-REQUIREMENTS) echo CERTMONGER_CA_PROFILE echo CERTMONGER_REQ_PRINCIPAL,CERTMONGER_SPKI exit 0 ;; FETCH-ROOTS) echo Root 1 echo -----BEGIN CERTIFICATE----- echo This is a certificate. Not a real one. echo -----END CERTIFICATE----- echo Root 2 echo -----BEGIN CERTIFICATE----- echo This is a second certificate. Not a real one. echo -----END CERTIFICATE----- echo echo Other Root 1 echo -----BEGIN CERTIFICATE----- echo This is a third certificate. Not a real one. echo -----END CERTIFICATE----- echo Other Root 2 echo -----BEGIN CERTIFICATE----- echo This is a fourth certificate. Not a real one. echo -----END CERTIFICATE----- echo echo Other Random Certificate 1 echo -----BEGIN CERTIFICATE----- echo This is a fifth certificate. Not a real one. echo -----END CERTIFICATE----- echo Other Random Certificate 2 echo -----BEGIN CERTIFICATE----- echo This is a sixth certificate. Not a real one. echo -----END CERTIFICATE----- exit 0 ;; FETCH-SCEP-CA-CERTS) echo -----BEGIN CERTIFICATE----- echo This is a certificate. Not a real one. echo -----END CERTIFICATE----- echo -----BEGIN CERTIFICATE----- echo This is a second certificate. Not a real one. echo -----END CERTIFICATE----- exit 0 ;; FETCH-SCEP-CA-CAPS) echo GetNextCACert echo POSTPKIOperation echo Renewal echo SHA-512 echo SHA-256 echo SHA-1 echo DES3 exit 0 ;; esac exit 6 EOF chmod +x $tmpdir/helper.sh for flag in i r e d p c s C; do cat > $tmpdir/ca <<- EOF id=CADataRetrievalTest ca_type=EXTERNAL ca_external_helper=$tmpdir/helper.sh EOF echo '['"$flag"']' $toolsdir/cadata -$flag $tmpdir/ca cat $tmpdir/ca done echo '['all']' cat > $tmpdir/ca <<- EOF id=CADataRetrievalTest ca_type=EXTERNAL ca_external_helper=$tmpdir/helper.sh EOF for flag in i r e d p c s C ; do $toolsdir/cadata -$flag $tmpdir/ca done cat $tmpdir/ca echo OK. certmonger-0.79.19/tests/024-citerate/0000755000175000017500000000000014511314133016677 5ustar gitgit00000000000000certmonger-0.79.19/tests/024-citerate/expected.out0000644000175000017500000003601114511314133021232 0ustar gitgit00000000000000[identify:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [identify:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_aka=Test ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [identify:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [identify:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [identify:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [identify:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [identify:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_aka=Test ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [certs:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [certs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_SAVE_DATA -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_root_certs=Root -----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE----- [certs:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [certs:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [certs:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- ANALYZING IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [certs:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [certs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_SAVE_DATA START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_root_certs=Root -----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE----- [profiles:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [profiles:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_profiles=None [profiles:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [profiles:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [profiles:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [profiles:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [profiles:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_profiles=None [default_profile:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [default_profile:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_default_profile=None [default_profile:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [default_profile:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [default_profile:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [default_profile:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [default_profile:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_default_profile=None [enrollment_reqs:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [enrollment_reqs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [enrollment_reqs:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [enrollment_reqs:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [enrollment_reqs:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [enrollment_reqs:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [enrollment_reqs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [renewal_reqs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [capabilities:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [capabilities:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_capabilities=None [capabilities:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [capabilities:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [capabilities:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- IDLE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [capabilities:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [capabilities:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_capabilities=None [encryption_certs:IDLE] IDLE -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [encryption_certs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_encryption_cert=-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE----- [encryption_certs:UNREACHABLE] UNREACHABLE -START- NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [encryption_certs:NEED_TO_SAVE_DATA] NEED_TO_SAVE_DATA -START- START_SAVING_DATA SAVING_DATA NEED_POST_SAVE_DATA SAVED_DATA NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [encryption_certs:NEED_TO_ANALYZE] NEED_TO_ANALYZE -START- ANALYZING delay=15768000 NEED_TO_REFRESH -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [encryption_certs:DISABLED] DISABLED -START- -STUCK- (4:0) id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data [encryption_certs:NEED_TO_REFRESH] NEED_TO_REFRESH -START- REFRESHING NEED_TO_ANALYZE -STOP- id=Test CA ca_is_default=0 ca_type=EXTERNAL ca_external_helper=${tmpdir}/ca-data ca_encryption_cert=-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE----- Test complete. certmonger-0.79.19/tests/024-citerate/run.sh0000755000175000017500000000566214511314133020053 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions cat > ca-data << EOF #!/bin/sh cert="-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE-----" case "\$CERTMONGER_OPERATION" in IDENTIFY) echo Test ;; FETCH-ROOTS) echo Root echo "\$cert" ;; GET-SUPPORTED-TEMPLATES) echo None ;; GET-DEFAULT-TEMPLATE) echo None ;; GET-NEW-REQUEST-REQUIREMENTS) echo None ;; GET-RENEW-REQUEST-REQUIREMENTS) echo None ;; FETCH-SCEP-CA-CERTS) echo "\$cert" ;; FETCH-SCEP-CA-CAPS) echo None ;; esac exit 0 EOF chmod +x $tmpdir/ca-data for phase in identify certs profiles default_profile enrollment_reqs renewal_reqs capabilities encryption_certs ; do # These cover parts of the process, forcing it to stop if any phase needs # to be tried again, so that we don't hit infinite loops. for state in IDLE NEED_TO_REFRESH,REFRESHING UNREACHABLE NEED_TO_SAVE_DATA,PRE_SAVE_DATA,START_SAVING_DATA,SAVING_DATA,NEED_POST_SAVE_DATA,POST_SAVE_DATA,SAVED_DATA NEED_TO_ANALYZE,ANALYZING DISABLED NEED_TO_REFRESH,REFRESHING,NEED_TO_SAVE_DATA,PRE_SAVE_DATA,START_SAVING_DATA,SAVING_DATA,NEED_POST_SAVE_DATA,POST_SAVE_DATA,SAVED_DATA ; do init=`echo $state | cut -f1 -d,` cat > ca << EOF id=Test CA ca_type=EXTERNAL ca_external_helper=$tmpdir/ca-data EOF cat > entry << EOF id=Test ca_name=Test CA state=NEED_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile notification_method=STDOUT EOF echo '['"$phase":"$init"']' $toolsdir/citerate ca entry $phase $init $state cat ca echo done done echo Test complete. certmonger-0.79.19/tests/025-casave-dbm/0000755000175000017500000000000014511314133017102 5ustar gitgit00000000000000certmonger-0.79.19/tests/025-casave-dbm/expected.out0000644000175000017500000000663014511314133021441 0ustar gitgit00000000000000[(CAB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Root Certificate D1 CT,C,C [(CAD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(CAD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Root Certificate D3 CT,C,C [(EntryB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Per-certificate Signing Authority D1 CT,C,C [db2] [db3] [dba] Per-certificate Signing Authority D1 CT,C,C [(EntryD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] [dba] [(EntryD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Per-certificate Signing Authority D3 ,, [dba] Per-certificate Signing Authority D3 ,, [(EntryCB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Per-certificate Signing Authority CD1 CT,C,C Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Per-certificate Signing Authority CD1 CT,C,C Root Certificate D1 CT,C,C [(EntryCD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(EntryCD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, Per-certificate Signing Authority CD3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Per-certificate Signing Authority CD3 ,, Root Certificate D3 CT,C,C [(EntryCAB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Root Certificate D1 CT,C,C [(EntryCAD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(EntryCAD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Root Certificate D3 CT,C,C OK. certmonger-0.79.19/tests/025-casave-dbm/run.sh0000755000175000017500000000007114511314133020243 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm ../025-casave/run.sh certmonger-0.79.19/tests/025-casave-sql/0000755000175000017500000000000014511314133017137 5ustar gitgit00000000000000certmonger-0.79.19/tests/025-casave-sql/expected.out0000644000175000017500000000663014511314133021476 0ustar gitgit00000000000000[(CAB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Root Certificate D1 CT,C,C [(CAD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(CAD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Root Certificate D3 CT,C,C [(EntryB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Per-certificate Signing Authority D1 CT,C,C [db2] [db3] [dba] Per-certificate Signing Authority D1 CT,C,C [(EntryD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] [dba] [(EntryD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Per-certificate Signing Authority D3 ,, [dba] Per-certificate Signing Authority D3 ,, [(EntryCB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Per-certificate Signing Authority CD1 CT,C,C Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Per-certificate Signing Authority CD1 CT,C,C Root Certificate D1 CT,C,C [(EntryCD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(EntryCD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, Per-certificate Signing Authority CD3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Per-certificate Signing Authority CD3 ,, Root Certificate D3 CT,C,C [(EntryCAB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Root Certificate D1 CT,C,C [(EntryCAD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(EntryCAD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Root Certificate D3 CT,C,C OK. certmonger-0.79.19/tests/025-casave-sql/run.sh0000755000175000017500000000007114511314133020300 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql ../025-casave/run.sh certmonger-0.79.19/tests/025-casave/0000755000175000017500000000000014511314133016342 5ustar gitgit00000000000000certmonger-0.79.19/tests/025-casave/expected.out0000644000175000017500000000663014511314133020701 0ustar gitgit00000000000000[(CAB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(CAD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Root Certificate D1 CT,C,C [(CAD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(CAD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Root Certificate D3 CT,C,C [(EntryB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Per-certificate Signing Authority D1 CT,C,C [db2] [db3] [dba] Per-certificate Signing Authority D1 CT,C,C [(EntryD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] [dba] [(EntryD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Per-certificate Signing Authority D3 ,, [dba] Per-certificate Signing Authority D3 ,, [(EntryCB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Per-certificate Signing Authority CD1 CT,C,C Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Per-certificate Signing Authority CD1 CT,C,C Root Certificate D1 CT,C,C [(EntryCD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(EntryCD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, Per-certificate Signing Authority CD3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Per-certificate Signing Authority CD3 ,, Root Certificate D3 CT,C,C [(EntryCAB1)] [bundle1] 2 [bundle2] 0 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAB2)] [bundle1] 0 [bundle2] 1 [bundle3] 0 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAB3)] [bundle1] 0 [bundle2] 0 [bundle3] 2 [bundle-all] 6 [db1] [db2] [db3] [dba] [(EntryCAD1)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] Root Certificate D1 CT,C,C [db2] [db3] [dba] Other Certificate D1 ,, Other Root Certificate D1 CT,C,C Root Certificate D1 CT,C,C [(EntryCAD2)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] Other Root Certificate D2 CT,C,C [db3] [dba] Other Certificate D2 ,, Other Root Certificate D2 CT,C,C Root Certificate D2 CT,C,C [(EntryCAD3)] [bundle1] 0 [bundle2] 0 [bundle3] 0 [bundle-all] 0 [db1] [db2] [db3] Other Certificate D3 ,, [dba] Other Certificate D3 ,, Other Root Certificate D3 CT,C,C Root Certificate D3 CT,C,C OK. certmonger-0.79.19/tests/025-casave/run.sh0000755000175000017500000012265714511314133017522 0ustar gitgit00000000000000#!/bin/bash -e cd $tmpdir scheme="${scheme:-sql}" cat > $tmpdir/entrycb1 <<- EOF id=EntryCB1 ca_name=CAB1 cert_roots=Per-certificate Signing Authority CB1 -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRAO1VmyXYM0f7pbXVdEGtRPMwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Vk NTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0NGYzMB4XDTE1MDQyODE3MDk0 OFoXDTE2MDQyODE3MDk0OFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2VkNTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0 NGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c/LhlyBs0UUiDSy nrC+Q0WJkWZeQ/kqwniru+GlXgb3g+7VvyAfdZ45NiBdo/6xXyCLphK0g8oZLyi8 OwQQoUyVMn9gsGXbjlwSzjXKx3wdUM+lFpenx8iQS9aCfVQJ4tzFgM1pQBQ2AiHs jvU18xSFSZApjT5UIK35kyH22D8LhCGGYLaU3xFEfHvd0AOuXwm5Nsiu/HTsSV4N peUdFEmFzQwUEUdV2jKOPcXnOArV82vfpdp1nSCX3kruEb9G93VsmQ+9ebKXQRQE Ltd65e/EYtXvihuTtElLYuyYZlYJdbTZeLXB4YLvElgNkS9JK7RKHlCm0KYQmcmd GZSh8QIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBRLxeFy3+RS FloygyjlXa6YEv8ltzAfBgNVHSMEGDAWgBRLxeFy3+RSFloygyjlXa6YEv8ltzAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAH9A9ePIqZGF4VEo5D4j MuOJ1J4uTRxHoEGXCDRcuCn3RvT0civWEPpRNo1YVgAWFODpt/HSi3lCVtTb7FwJ hfHkxCpAuHmv3sfT8jcCwTTAXL1BLpCO6d0zz0RrFMNK+vGyZu/7LXhaYVu590Q5 1DMybHmln7i+Tw/eYb4Avk1FWGOEpNdf3ZjUazcDlkO4EwA6BnZUC8gFvz0OI73D AJsGq/UsJvMH30ga1rZ/9LiHEMSEys5amk98yMRvi/R1qI02kjANdZ0ID/7cJSw2 rVCCs61jgYppWv3JHVKYmm6+cVPAUcuRdsUzDpAQDdvGAaZJENE6suulRVEaBEdS 8gM= -----END CERTIFICATE----- EOF cat > $tmpdir/entrycb2 <<- EOF id=EntryCB2 ca_name=CAB2 EOF cat > $tmpdir/entrycb3 <<- EOF id=EntryCB3 ca_name=CAB3 cert_chain=Per-certificate Signing Authority CB3 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQOGalAgIuTw2xnRdbwbq4kTANBgkqhkiG9w0BAQsFADBQ MSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhvcml0eTEsMCoGA1UEAwwjMzg2 NmE1MDItMDIyZTRmMGQtYjE5ZDE3NWItYzFiYWI4OTEwHhcNMTUwNDI4MTcxMjQw WhcNMTYwNDI4MTcxMjQwWjBQMSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhv cml0eTEsMCoGA1UEAwwjMzg2NmE1MDItMDIyZTRmMGQtYjE5ZDE3NWItYzFiYWI4 OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvWaesX7JlJsCn0emr ydLU7IwxQr9j+vbAEQW9haDQaUkQQLd5ScGZLJ6ZXFsoll0JOx22CUttmgqBInb/ NceFnTVo8xcm3asF9iqLBTLN8Vhu8U3FF4fQFzM3QoqCL/z6JtN8axAhO6J1TRS4 pKE1xQ3AYGL+l+1q29x3BE9ni61uqiF2b7Uw8VGxSg1LJxA8tubG+Umtep5fyptS wS0Py8NTRsxBMDq67nKx7uwBDTWBCoIPWYu4VnzAQjsFdFX/F9wg4gJzq3CKqBXI ycfmP+bH9GFbwZcSQxE9OEkMhwLpDo+SArb68uZfrW/k01RvDHVYXzHo6Ig4/eDl ydJtAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAQEwHQYDVR0OBBYEFJZM1+zJme6Z P6/kbs9Q/8Vqr6LgMB8GA1UdIwQYMBaAFJZM1+zJme6ZP6/kbs9Q/8Vqr6LgMA4G A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAjGVYzofkU9+PtOd43ny1 2dj4y8iDh7qMmZAaaAaFsiyxG50cfMYfaVRfdsgfghXrydRwKb2BNss/0V2beb3F v4AMTHZEwoCud7aS3YAC1z3FjH/UTsNwhwb9B8KDxYEAbKBN/1Bq/5sW4iY5GoJe AICdVUqLfJ3s16uUoDcS9Imq8RBi55JbgTxAgQqO1NFNezZzKY8+x5mNXLKqcy30 BbBJ2PyF8MTvOLCEszU3lDAznjrNZRafU2KdDvwX/aTocUk6/b/5hVkNlxZb+vCJ fXgKIxmK2m3LEV868g+uJok3/FesYOpAAIcuJs76Io1zqqcRTLbsT5zWlRsXZSTD Ig== -----END CERTIFICATE----- EOF cat > $tmpdir/entrycd1 <<- EOF id=EntryCD1 ca_name=CAD1 cert_roots=Per-certificate Signing Authority CD1 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQefKZEYyjRsOZR2XeYUv1EzANBgkqhkiG9w0BAQsFADBQ MSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhvcml0eTEsMCoGA1UEAwwjNzlm Mjk5MTEtOGNhMzQ2YzMtOTk0NzY1ZGUtNjE0YmY1MTMwHhcNMTUwNDI4MTcxMjU1 WhcNMTYwNDI4MTcxMjU1WjBQMSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhv cml0eTEsMCoGA1UEAwwjNzlmMjk5MTEtOGNhMzQ2YzMtOTk0NzY1ZGUtNjE0YmY1 MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC60etRVQebs98gHe9/ rm29aVml0CxovpSQ5Ipi9ySy8qkEJHY2nMGjVuud/axJfuCFSS4ffqv9oG70K3a7 18CAzTHiSTQhUsmK7Gy5p4xiV7317RSKSC1qvNrj7XZe7/eOBFIamd2r6F+hZ/2w DfxxpHJgGHd84wFqLCp+lkNhEZzekGem0p8s89ZfwuX5cWPsVsWPsao22d3CFk3/ G+OZ1EGlBdJ6q4MdWVLHs0I4wGtX6KFXvSCyB0bM1BBHggO0NclLqHlB9WYAvhMX okA/ik414nXbXYGcESo9iUtrmJqn5VEwHnj9ZAaErj8XawRSV2eTXKmKMPLr5X+r VW8BAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAQEwHQYDVR0OBBYEFAEnAni9wefR dNdmJ22delvO3vVuMB8GA1UdIwQYMBaAFAEnAni9wefRdNdmJ22delvO3vVuMA4G A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAZIrRUVp/Gr+v/pnAb0s7 jcH4re7SzQjE009kxRmKQEKPFjzuVftJEaDEaEmI100v0cejZCQh1b0DEnhUWtrn by/NLWfQakgqodzE7/tywFak0oqq2nVSw80K3XkD0CHL/gb3HEKt5V04jla2jV4p l66esGiZUyVRdBXycEhysDW15fnPRQcKmZwuJjRoqvYOi/YbhhhsxUSIG9is2vWE BsUkbMWp2eE4q1+01rI0V/gl/QkqxICszDwhrtEIAuVOewyOiqjBPGZVtyH9XCDJ 44onL7lItQAyHz8/Qh1rsJQP/pdEdCn3dBLQ8jhG0XhgrIssXUY1ee75qydKp9wl hw== -----END CERTIFICATE----- EOF cat > $tmpdir/entrycd2 <<- EOF id=EntryCD2 ca_name=CAD2 EOF cat > $tmpdir/entrycd3 <<- EOF id=EntryCD3 ca_name=CAD3 cert_chain=Per-certificate Signing Authority CD3 -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRAMFmZfTvCkoKo36mAOtfXicwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Mx NjY2NWY0LWVmMGE0YTBhLWEzN2VhNjAwLWViNWY1ZTI3MB4XDTE1MDQyODE3MTMx N1oXDTE2MDQyODE3MTMxN1owUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2MxNjY2NWY0LWVmMGE0YTBhLWEzN2VhNjAwLWViNWY1 ZTI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNJx6MUl8FCawLDu OphSzG/G6slTti8IDvt2+2Fe1Tpn1fYRblKBTa2FiVBkh+htWiT/n6BsH2wlAZet mbX+7ZaVXe5Nto4jwBQ1fukcIAJguM9vOTeeJ8dv2MKKdtx/oJDs9q6my5CCRgqY 2SU+TOlcp071WMGJsVaf/yZ4XEmpq0hMMtLuGs6gGBDl/+2MoJFADyq9gOMIsbDm ovAIubargRUC+PCsDIGUukQQ0W7r9eWnnQU9gAm2R0dWlNGkb3LD22ll3qQJtnxL WjAdWX9l6/GrGBQsM5rT514f9wKbEjAGViFC4303yR1+9i7zRQVGLG5LDRCPC3Lv EqVMMwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBTo8m0mIapN 76ti/j/eNKCob4W30DAfBgNVHSMEGDAWgBTo8m0mIapN76ti/j/eNKCob4W30DAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBABpsw1f6Rcwe6fSq3LQ9 au/kF8NuZVuZpGz7zMPACkhMRtz57H9IPHA/xo1y80BZ+GR6eM7z580y/TMLyqwX BuRV3Ecdr4Q4Y4SgMg4qwO0Lyv8xHeKUy6/aIp8wAgwMB3OWhXp1z2nIc+PfKCOY wgoDWGH6Xykl563eB7FHHasi+QgNo3WUttnWxCarNHWC9uI9ViaegJyd8olcYfZ9 Za5zEjLP6kKvvL9K+oJqD3OPwuIvyG2iaMjpeA86Eq1Xq3UYu+idIRpVyd0/wDWy xQSVPzyJ8CXadgOXq8JMpzee5K7FJfdy7ZJ81exKSdageSCDJFnZBf0AMagoEe7T oB0= -----END CERTIFICATE----- EOF cat > $tmpdir/entryb1 <<- EOF id=EntryB1 root_cert_files=$tmpdir/bundle1,$tmpdir/bundle-all other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs= other_cert_dbs= cert_roots=Per-certificate Signing Authority B1 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQcy6K0zk7T+KHmpn1Kn5fIzANBgkqhkiG9w0BAQsFADBQ MSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhvcml0eTEsMCoGA1UEAwwjNzMy ZThhZDMtMzkzYjRmZTItODc5YTk5ZjUtMmE3ZTVmMjMwHhcNMTUwNDI4MTcyODIx WhcNMTYwNDI4MTcyODIxWjBQMSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhv cml0eTEsMCoGA1UEAwwjNzMyZThhZDMtMzkzYjRmZTItODc5YTk5ZjUtMmE3ZTVm MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTA0bSIotriPnrNGKx MTjYTyOfo+hVhU1pbBFy4Jw65J4CaRs+VDD261naIYocuBRDuex6qzbEH6zjZaIr SRgCy1GvNFc0qbwmbk/bwn+CzuluAGp6T8hwKkFvgouzlVvv4Wm9djYUwNIHiKZS WSL5u0huOP0L494ZjSDQZjzE16+S3K8VSM87gPoVs3pyFoJLoXrk0bDKJgFQTUal RZBrL81Hy1iYH/1TRDer+HJ2Tp6yBVXrTvfr0nI5F3gjqtg0ptTEL0glveA8/N4P WdcHytzjyi48oV8u7UjY8JJn69xl4YHAj7GPACcmumzsk20ShukF+75V9kiZXKda BJHdAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAQEwHQYDVR0OBBYEFMp0soG+y9sG P3OWYDkFX7Mi6OraMB8GA1UdIwQYMBaAFMp0soG+y9sGP3OWYDkFX7Mi6OraMA4G A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAEVG8I00ag4U0AtugUJvC pyqcCRXu/hFW5N/bhsrSjDbmJ/PkgkuLlyhomQNHqKQ7MFgiXLJUSw80b4tgzX9m WPrk7G4sowTRAsuDGggfEYn/mM9avl+67xmINhu9UzIVpHk4RIupB0fpFkWnKq79 c1OiqadkPckGzrS1c/OJeUGtbqFSjcJg9567usoNCeoP6ynKmzBScPFYfuviDlHe HverVItW9tiiDJekXdtqyYw6CjY6BED1b7Yiq+rNiyT+htSUwup4Kpk0z9uD9LdJ gDacgbTcTGY9u2hxRcmro12Y9N0nFUu2DWRzd/0F9pwkVACGkwrdedihPyOTB9+q aQ== -----END CERTIFICATE----- EOF cat > $tmpdir/entryb2 <<- EOF id=EntryB2 root_cert_files= other_root_cert_files=$tmpdir/bundle2,$tmpdir/bundle-all other_cert_files= root_cert_dbs= other_root_cert_dbs= other_cert_dbs= EOF cat > $tmpdir/entryb3 <<- EOF id=EntryB3 root_cert_files= other_root_cert_files= other_cert_files=$tmpdir/bundle3,$tmpdir/bundle-all root_cert_dbs= other_root_cert_dbs= other_cert_dbs= cert_chain=Per-certificate Signing Authority B3 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIQCUTKr/c7QTynRTku+4+EoTANBgkqhkiG9w0BAQsFADBQ MSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhvcml0eTEsMCoGA1UEAwwjMDk0 NGNhYWYtZjczYjQxM2MtYTc0NTM5MmUtZmI4Zjg0YTEwHhcNMTUwNDI4MTcyODA0 WhcNMTYwNDI4MTcyODA0WjBQMSAwHgYDVQQDDBdMb2NhbCBTaWduaW5nIEF1dGhv cml0eTEsMCoGA1UEAwwjMDk0NGNhYWYtZjczYjQxM2MtYTc0NTM5MmUtZmI4Zjg0 YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC84quLtADkpI6SiB5P 84GInvqiS/Z+bgU6PmTRYAaz+qaT3XMvpRU5/m6A/7YPQhtb40leP/rYy2waKJIJ qsyf94RZzT+q3LJsaEOkTszzIKvhreyWGX9hoKHyujw/g4wNnEDUCEuM441/oWV8 FEacLJmM83vtzJFSvisyC84wyfMKls4esX0LviCv2xKk2PTZe1FMDv1laINaPiQ/ KrDeQ4p8dpgjKFvdH64GdFRuYMGk3lmh+7p2NgIH0tJAa+bmkK6MgA3tn3Q0WHFe IvDNFKD15vHlAjGxyA8Tsb6lBqxx3/IBI5HaXaOC2G2Ykpk6YviZvk4SklgI0SEH APsRAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAQEwHQYDVR0OBBYEFFmBY6w+pKKj qX/XwhSMPFfA8ShFMB8GA1UdIwQYMBaAFFmBY6w+pKKjqX/XwhSMPFfA8ShFMA4G A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEADC9L0KDCDkTtOX7NusI7 ReR5RA/Jv2KR/ccSEr+OJi2wSh4X05zCwK/+VyQ4t6UuiRY5oCXTQvVz1yfyEtXR LRC8gyNiKARdceN3d0C1PD9+hupzrosV5ZxahKiq34Exxseo48EQwuymAYGvEtLY F8uLe16qsw/JXSA7J02fYH5zgftqXoI0xBaO9ilu2sNhosGHYsQTCJNaoUA9CSWk g9nIZJ0B0WwefxnSK1rRObDRzlRf/HdjERVGpnDDk84vrQ9RxvyYVa0dLmnaaV+P /rxVSC6pHhCcPOOmgP8UHiN+lv5yx7kbmcbSiNV6oCzsKVr4BLdv75q4nfAzkGdt dg== -----END CERTIFICATE----- EOF cat > $tmpdir/entryd1 <<- EOF id=EntryD1 root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs=$scheme:$tmpdir/db1,$scheme:$tmpdir/dba other_root_cert_dbs= other_cert_dbs= cert_roots=Per-certificate Signing Authority D1 -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRAIJ7pK4n4k0wlywp5+Qf0+UwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMIzgy N2JhNGFlLTI3ZTI0ZDMwLTk3MmMyOWU3LWU0MWZkM2U1MB4XDTE1MDQyODE3NTA0 MloXDTE2MDQyODE3NTA0MlowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMIzgyN2JhNGFlLTI3ZTI0ZDMwLTk3MmMyOWU3LWU0MWZk M2U1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsk9/knrBbt7TXSy Z0syp71ttOzLAc/r58aFPfeKcigc7aNxrZLC8CBq/6eHfvvxGtJtprvMTj1YchU6 u/swCXeuGnvom43ctIOciZ9ZDbUtV6faPm4Wx6GafA3fZTlpnph+a/6Xu6sHjxru MbZ063zwBYVtgDREMcqgjBNGkqtHxcnn1x9uJ9jAzf/w96Pd3TUZXfaK/LWniQZV 5t6weHTycKQdHdzMCSIK9tvrBX2zJoLyhdw9Ho3RND9N0o0nElsWPaVAENqY28lg DGQYDT9T0gqLFSFrK7jwvC2/XL27u26HraqNGbm923PSc+6qI67/jd/wVP1+ZiOC S+gjMQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBQzDtXEERJI RUXIib9KvQB4KHw8WTAfBgNVHSMEGDAWgBQzDtXEERJIRUXIib9KvQB4KHw8WTAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAJl8jG5musQ0Jby+LVLw OsdbgZicblDFnId4tYNANbZmy1q9Ou0fkV8TAQMbKWizSKkwhn2QFUsr5cyLpcMV zbVwyedE95QWL63NfWOfAWUs9yZcIjxC9xFsQ0dVisFM52X5fVmzxyM9qaZ2kIUD I/k3dt6GX/btw5LWiKarzOUvHnIcgUd8Ve06RTsfNzLKpSjSVHxv2Fx2q1i7E2Wh jiGcdiYdICM2ZL9AiiXF8l0juXU2LchwCkrmpNQKptKLzTXuOava3weWscubGU6r T0Q44wD5uQgN3DzJR3Ds4mD5astMjkOzqCCmOIsbuvXjoFKX6y3kq6pd08D+Gr/s kfY= -----END CERTIFICATE----- EOF cat > $tmpdir/entryd2 <<- EOF id=EntryD2 root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs=$scheme:$tmpdir/db2,$scheme:$tmpdir/dba other_cert_dbs= EOF cat > $tmpdir/entryd3 <<- EOF id=EntryD3 root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs= other_cert_dbs=$scheme:$tmpdir/db3,$scheme:$tmpdir/dba cert_chain=Per-certificate Signing Authority D3 -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Ji OTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0MjM1MB4XDTE1MDQyODE3NTEx OFoXDTE2MDQyODE3NTExOFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2JiOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0 MjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhejaX5gRYuQLRFm 8Tq97akBa/asJPlxUrh1Vh+lKeXH+yqlPnkWoHaURn0UKj8Q26yTh3ENrqESoUrW JM8iR1tN4e7t1M3GGvscQOoVq7zdQ1CrGbwvd+Pdz0QTHzIEwzts2hfh6T65a0HG phGpS6EAxS5G8Sz8ppbqxgfynqLAYes2tBHvio0KFYpejbVzbxibE2NtMDULyF2p Nn18Vv8aoD1I9TbSmAKsp5ToUwc4P2xKCaZ0nzlVGZaH2UXdblKc1Y8wNRs+fQ0G PBzjDSLYCkU52jDSFf6+lNBybHJkDDntOlRje0B0Yb+AfDO7Yl/G4h5Yth9F17mB 68R/0wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBQ7Udp0Ln9Z Tac97VONJO6RYcZ4jTAfBgNVHSMEGDAWgBQ7Udp0Ln9ZTac97VONJO6RYcZ4jTAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAMHg38+LFUh86abJXZ5P rZE4i7Jn6mT+fIboQgZsrxn0vLXOGFBNSNhmNBp3scDY/+CzO+lE27jfGphFtJ2z R/vocPjS34BbNWkEBkCPv4lUYNL2yyPWM1SeOi7f/znyi7CbaAfvMz82mS8KAXep Ysd+GvmZCMcClOXjyoSYV+3757o1n7OvOQIBnbymH+DjLE/Dcg09oahUBtV/NS0D eGXlp39JJu6MxuAeooHDdsOPTaociNDMbJiXTC1RGqjhSXyaneZp3B01SQgMD/8N 8nOg4kHgV181Zg4imvWK4qnaoHZeTcTgkd8MNjXeAq/OSppGQw5W5vuZ1dOTSUPR 44A= -----END CERTIFICATE----- EOF cat > $tmpdir/entrycab1 <<- EOF id=EntryCAB1 ca_name=CAB1 root_cert_files=$tmpdir/bundle1,$tmpdir/bundle-all other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs= other_cert_dbs= EOF cat > $tmpdir/entrycab2 <<- EOF id=EntryCAB2 ca_name=CAB2 root_cert_files= other_root_cert_files=$tmpdir/bundle2,$tmpdir/bundle-all other_cert_files= root_cert_dbs= other_root_cert_dbs= other_cert_dbs= EOF cat > $tmpdir/entrycab3 <<- EOF id=EntryCAB3 ca_name=CAB3 root_cert_files= other_root_cert_files= other_cert_files=$tmpdir/bundle3,$tmpdir/bundle-all root_cert_dbs= other_root_cert_dbs= other_cert_dbs= EOF cat > $tmpdir/entrycad1 <<- EOF id=EntryCAD1 ca_name=CAD1 root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs=$scheme:$tmpdir/db1,$scheme:$tmpdir/dba other_root_cert_dbs= other_cert_dbs= EOF cat > $tmpdir/entrycad2 <<- EOF id=EntryCAD2 ca_name=CAD2 root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs=$scheme:$tmpdir/db2,$scheme:$tmpdir/dba other_cert_dbs= EOF cat > $tmpdir/entrycad3 <<- EOF id=EntryCAD3 ca_name=CAD3 root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs= other_cert_dbs=$scheme:$tmpdir/db3,$scheme:$tmpdir/dba EOF cat > $tmpdir/cab1 <<- EOF id=CAB1 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files=$tmpdir/bundle1,$tmpdir/bundle-all ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs= ca_other_root_cert_dbs= ca_other_cert_dbs= ca_root_certs=Root Certificate B1 -----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH 2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs 2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+ 8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE DNuxUCAKGkq6ahq97BvIxYSazQ== -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate B1 -----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV 6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH 1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF 62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6 IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/ iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh 4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY= -----END CERTIFICATE----- ca_other_certs=Other Certificate B1 -----BEGIN CERTIFICATE----- MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G 87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i 2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no xqE= -----END CERTIFICATE----- EOF cat > $tmpdir/cab2 <<- EOF id=CAB2 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files=$tmpdir/bundle2,$tmpdir/bundle-all ca_other_cert_files= ca_root_cert_dbs= ca_other_root_cert_dbs= ca_other_cert_dbs= ca_root_certs=Root Certificate B2 -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate B2 -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp 6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= -----END CERTIFICATE----- ca_other_certs=Other Certificate B2 -----BEGIN CERTIFICATE----- MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D 0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE----- EOF cat > $tmpdir/cab3 <<- EOF id=CAB3 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files=$tmpdir/bundle3,$tmpdir/bundle-all ca_root_cert_dbs= ca_other_root_cert_dbs= ca_other_cert_dbs= ca_root_certs=Root Certificate B3 -----BEGIN CERTIFICATE----- MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2 MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym 1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb 2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate B3 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55 IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm /qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+ eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL rosot4LKGAfmt1t06SAZf7IbiVQ= -----END CERTIFICATE----- ca_other_certs=Other Certificate B3 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ 4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE----- EOF cat > $tmpdir/cad1 <<- EOF id=CAD1 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=$scheme:$tmpdir/db1,$scheme:$tmpdir/dba ca_other_root_cert_dbs=$scheme:$tmpdir/dba ca_other_cert_dbs=$scheme:$tmpdir/dba ca_root_certs=Root Certificate D1 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate D1 -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0 ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B 5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3 WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+ DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho -----END CERTIFICATE----- ca_other_certs=Other Certificate D1 -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg Q2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzEL MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD VQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKxifZg isRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//z NIqeKNc0n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI +MkcVyzwPX6UvCWThOiaAJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2R hzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+ mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQD AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFP Bdy7pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27s EzNxZy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2 mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yC e/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4okoyeYZdow dXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915 -----END CERTIFICATE----- EOF cat > $tmpdir/cad2 <<- EOF id=CAD2 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=$scheme:$tmpdir/dba ca_other_root_cert_dbs=$scheme:$tmpdir/db2,$scheme:$tmpdir/dba ca_other_cert_dbs=$scheme:$tmpdir/dba ca_root_certs=Root Certificate D2 -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6 yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag= -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate D2 -----BEGIN CERTIFICATE----- MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2 MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6 dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO 76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj 2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE= -----END CERTIFICATE----- ca_other_certs=Other Certificate D2 -----BEGIN CERTIFICATE----- MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB ZQ== -----END CERTIFICATE----- EOF cat > $tmpdir/cad3 <<- EOF id=CAD3 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=,$scheme:$tmpdir/dba ca_other_root_cert_dbs=,$scheme:$tmpdir/dba, ca_other_cert_dbs=$scheme:$tmpdir/db3,$scheme:$tmpdir/dba ca_root_certs=Root Certificate D3 -----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate D3 -----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q 130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG 9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE----- ca_other_certs=Other Certificate D3 -----BEGIN CERTIFICATE----- MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 l7+ijrRU -----END CERTIFICATE----- EOF cat > $tmpdir/cada <<- EOF id=CADA ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files=$tmpdir/bundle-all ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=$scheme:$tmpdir/dba ca_other_root_cert_dbs=,$scheme:$tmpdir/dba ca_other_cert_dbs=,$scheme:$tmpdir/dba ca_root_certs=Root Certificate DA -----BEGIN CERTIFICATE----- MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== -----END CERTIFICATE----- EOF entries=" -e entryb1 -e entryb2 -e entryb3 -e entryd1 -e entryd2 -e entryd3" centries=" -e entrycb1 -e entrycb2 -e entrycb3 -e entrycd1 -e entrycd2 -e entrycd3" caentries=" -e entrycab1 -e entrycab2 -e entrycab3 -e entrycad1 -e entrycad2 -e entrycad3" cas=" -c cab1 -c cab2 -c cab3 -c cad1 -c cad2 -c cad3 -c cada" for which in CAB1 CAB2 CAB3 CAD1 CAD2 CAD3 EntryB1 EntryB2 EntryB3 EntryD1 EntryD2 EntryD3 EntryCB1 EntryCB2 EntryCB3 EntryCD1 EntryCD2 EntryCD3 EntryCAB1 EntryCAB2 EntryCAB3 EntryCAD1 EntryCAD2 EntryCAD3 ; do echo "[($which)]" rm -f $tmpdir/bundle1 $tmpdir/bundle2 $tmpdir/bundle3 $tmpdir/bundle-all rm -fr $tmpdir/db1 $tmpdir/db2 $tmpdir/db3 $tmpdir/dba mkdir $tmpdir/db1 $tmpdir/db2 $tmpdir/db3 $tmpdir/dba $toolsdir/casave $entries $centries $caentries $cas $which for bundle in 1 2 3 -all ; do echo "[bundle$bundle]" touch "bundle$bundle" cat "bundle$bundle" > "oldbundle$bundle" if test `grep 'BEGIN CERTIFICATE-----' "bundle$bundle" | wc -l` \ -ne `grep 'END CERTIFICATE-----' "bundle$bundle" | wc -l` ; then echo Storage error: possibly-truncated certs in "bundle$bundle". cat "bundle$bundle" exit 1 fi grep 'BEGIN CERTIFICATE-----' "bundle$bundle" | wc -l done for db in 1 2 3 a ; do echo "[db$db]" certutil -L -d "$scheme:db$db" 2> /dev/null | \ grep , | grep -v JAR/XPI | sed -r 's, +, ,g' | \ env LANG=C sort | tee "olddblist$db" done $toolsdir/casave $entries $centries $caentries $cas $which for bundle in 1 2 3 -all ; do diff -u "bundle$bundle" "oldbundle$bundle" done for db in 1 2 3 a ; do certutil -L -d "$scheme:db$db" 2> /dev/null | \ grep , | grep -v JAR/XPI | sed -r 's, +, ,g' | \ env LANG=C sort > "dblist$db" diff -u "olddblist$db" "dblist$db" done echo done echo OK. certmonger-0.79.19/tests/026-local/0000755000175000017500000000000014511314133016173 5ustar gitgit00000000000000certmonger-0.79.19/tests/026-local/expected.openssl10000644000175000017500000000444714511314133021473 0ustar gitgit00000000000000[key] OK. [csr] Certificate Request: Data: Version: 1 (0x0) Subject: CN=Babs Jensen's Signer Attributes: friendlyName :unable to print attribute Requested Extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Alternative Name: email:root@localhost, email:root@localhost.localdomain X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:(160 bits) X509v3 Subject Key Identifier: (160 bits) Authority Information Access: OCSP - URI:http://ocsp-1.example.com:12345 OCSP - URI:http://ocsp-2.example.com:12345 OCSP No Check: [issue] [issuer] Certificate: Data: Version: 3 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Local Signing Authority, CN=$UUID Subject: CN=Local Signing Authority, CN=$UUID X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: (160 bits) X509v3 Authority Key Identifier: keyid:(160 bits) X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign [subject] Certificate: Data: Version: 3 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Local Signing Authority, CN=$UUID Subject: CN=Babs Jensen's Signer X509v3 extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Alternative Name: email:root@localhost, email:root@localhost.localdomain X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:(160 bits) X509v3 Subject Key Identifier: (160 bits) Authority Information Access: OCSP - URI:http://ocsp-1.example.com:12345 OCSP - URI:http://ocsp-2.example.com:12345 OCSP No Check: [verify] cert: OK cert cipher: OK key cipher: OK CA constraint: OK OK. certmonger-0.79.19/tests/026-local/expected.openssl30000644000175000017500000000451414511314133021470 0ustar gitgit00000000000000[key] OK. [csr] Certificate Request: Data: Version: 1 (0x0) Subject: CN=Babs Jensen's Signer Attributes: friendlyName :unable to print attribute Requested Extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Alternative Name: email:root@localhost, email:root@localhost.localdomain X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: (160 bits) X509v3 Subject Key Identifier: (160 bits) Authority Information Access: OCSP - URI:http://ocsp-1.example.com:12345 OCSP - URI:http://ocsp-2.example.com:12345 OCSP No Check: [issue] [issuer] Certificate: Data: Version: 3 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Local Signing Authority, CN=$UUID Subject: CN=Local Signing Authority, CN=$UUID X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: (160 bits) X509v3 Authority Key Identifier: (160 bits) X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign [subject] Certificate: Data: Version: 3 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Local Signing Authority, CN=$UUID Subject: CN=Babs Jensen's Signer X509v3 extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Alternative Name: email:root@localhost, email:root@localhost.localdomain X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: (160 bits) X509v3 Subject Key Identifier: (160 bits) Authority Information Access: OCSP - URI:http://ocsp-1.example.com:12345 OCSP - URI:http://ocsp-2.example.com:12345 OCSP No Check: [verify] cert: OK cert cipher: OK key cipher: OK CA constraint: OK OK. certmonger-0.79.19/tests/026-local/expected.out0000644000175000017500000000002214511314133020517 0ustar gitgit00000000000000# purposely empty certmonger-0.79.19/tests/026-local/run.sh0000755000175000017500000000513214511314133017337 0ustar gitgit00000000000000#!/bin/bash openssl cmp -h > /dev/null 2>&1 if [ $? == 1 ]; then cp expected.openssl1 expected.out else cp expected.openssl3 expected.out fi set -e cd $tmpdir cat > request <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key cert_storage_type=FILE cert_storage_location=$tmpdir/cert template_subject=CN=Babs Jensen's Signer template_email=root@localhost,root@localhost.localdomain template_ku=1000011 template_is_ca=1 template_certfname=Babs Jensen's Signer template_ocsp=http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345 template_nscomment=certmonger generated this request template_no_ocsp_check=1 EOF filter() { sed -re 's,Version: 0 \(0x0\),Version: 1 (0x0),g' |\ sed -re 's,CN = ,CN=,g' |\ sed -re 's,CN=[[:xdigit:]]{8}-[[:xdigit:]]{8}-[[:xdigit:]]{8}-[[:xdigit:]]{8},CN=$UUID,g' |\ sed -re 's,[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2},(160 bits),g' |\ sed s,'^ Signature Algorithm, Signature Algorithm,g' } dumpreq() { openssl req -in "$@" -text -noout -reqopt no_serial,no_pubkey,no_sigdump,no_validity | filter } dumpcert() { openssl x509 -in "$@" -text -noout -certopt no_serial,no_pubkey,no_sigdump,no_validity | filter } echo "[key]" $toolsdir/keygen request echo "[csr]" $toolsdir/csrgen request > csr dumpreq csr echo "[issue]" $builddir/../src/local-submit -d $tmpdir csr > cert echo "[issuer]" openssl pkcs12 -in creds -passin pass: -nodes | openssl x509 > ca-cert dumpcert ca-cert echo "[subject]" dumpcert cert echo "[verify]" openssl verify -CAfile $tmpdir/ca-cert cert # Check the encryption used in the creds file certenc=`openssl pkcs12 -info -in $tmpdir/creds -passin pass: -nodes 2>&1 | grep "PKCS7 Encrypted data:" | awk '{ print $6 }' | sed 's/,//'` keyenc=`openssl pkcs12 -info -in $tmpdir/creds -passin pass: -nokeys 2>&1 | grep "Shrouded Keybag:" | awk '{ print $5 }' | sed 's/,//'` if [ $certenc != "AES-128-CBC" ]; then echo "Fail, cert cipher is $certenc" else echo "cert cipher: OK" fi if [ $keyenc != "AES-128-CBC" ]; then echo "Fail, key cipher is $keyenc" else echo "key cipher: OK" fi openssl pkcs12 -nokeys -in $tmpdir/creds -passin pass: -nodes > $tmpdir/ca.pem openssl asn1parse -in $tmpdir/ca.pem -strictpem 2>&1 | grep -q 30030101FF if [ $? -eq 0 ]; then echo "CA constraint: OK" else echo "Unexpected DER encoding of CA constraint" fi echo OK. certmonger-0.79.19/tests/027-hooks/0000755000175000017500000000000014511314133016225 5ustar gitgit00000000000000certmonger-0.79.19/tests/027-hooks/expected.out0000644000175000017500000000475614511314133020573 0ustar gitgit00000000000000[EntryCB1 -B] Starting pre-save for entry EntryCB1. Running pre-save for CAB1 Running pre-save for EntryCAB1 [EntryCB1 -C] Starting post-save for entry EntryCB1. Running post-save for CAB1 Running post-save for EntryCAB1 [EntryCB2 -B] Starting pre-save for entry EntryCB2. Running pre-save for EntryCAB2 [EntryCB2 -C] Starting post-save for entry EntryCB2. Running post-save for EntryCAB2 [EntryCD1 -B] Starting pre-save for entry EntryCD1. Running pre-save for CAD1 Running pre-save for EntryCAD1 [EntryCD1 -C] Starting post-save for entry EntryCD1. Running post-save for CAD1 Running post-save for EntryCAD1 [EntryCD2 -B] Starting pre-save for entry EntryCD2. Running pre-save for EntryCAD2 [EntryCD2 -C] Starting post-save for entry EntryCD2. Running post-save for EntryCAD2 [CAB1 -B] Starting pre-save for CA CAB1. Running pre-save for CAB1 Running pre-save for CAB2 Running pre-save for CAB3 Running pre-save for CADA Running pre-save for EntryCAB1 [CAB1 -C] Starting post-save for CA CAB1. Running post-save for CAB1 Running post-save for CAB2 Running post-save for CAB3 Running post-save for CADA Running post-save for EntryCAB1 [CAB2 -B] Starting pre-save for CA CAB2. Running pre-save for CAB1 Running pre-save for CAB2 Running pre-save for CAB3 Running pre-save for CADA [CAB2 -C] Starting post-save for CA CAB2. Running post-save for CAB1 Running post-save for CAB2 Running post-save for CAB3 Running post-save for CADA [CAD1 -B] Starting pre-save for CA CAD1. Running pre-save for CAD1 Running pre-save for CAD2 Running pre-save for CAD3 Running pre-save for CADA Running pre-save for EntryCAD1 [CAD1 -C] Starting post-save for CA CAD1. Running post-save for CAD1 Running post-save for CAD2 Running post-save for CAD3 Running post-save for CADA Running post-save for EntryCAD1 [CAD2 -B] Starting pre-save for CA CAD2. Running pre-save for CAD1 Running pre-save for CAD2 Running pre-save for CAD3 Running pre-save for CADA [CAD2 -C] Starting post-save for CA CAD2. Running post-save for CAD1 Running post-save for CAD2 Running post-save for CAD3 Running post-save for CADA [CADA -B] Starting pre-save for CA CADA. Running pre-save for CAB1 Running pre-save for CAB2 Running pre-save for CAB3 Running pre-save for CAD1 Running pre-save for CAD2 Running pre-save for CAD3 Running pre-save for CADA [CADA -C] Starting post-save for CA CADA. Running post-save for CAB1 Running post-save for CAB2 Running post-save for CAB3 Running post-save for CAD1 Running post-save for CAD2 Running post-save for CAD3 Running post-save for CADA OK. certmonger-0.79.19/tests/027-hooks/run.sh0000755000175000017500000007264014511314133017401 0ustar gitgit00000000000000#!/bin/bash -e cd $tmpdir cat > $tmpdir/note <<- EOF echo "\$@" >> $tmpdir/log EOF chmod +x $tmpdir/note cat > $tmpdir/entrycb1 <<- EOF id=EntryCB1 ca_name=CAB1 other_root_cert_files=$tmpdir/bundle1 pre_certsave_command=$tmpdir/note Running pre-save for EntryCAB1 pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCAB1 post_certsave_uid=$UID EOF cat > $tmpdir/entrycb2 <<- EOF id=EntryCB2 ca_name=CAB2 pre_certsave_command=$tmpdir/note Running pre-save for EntryCAB2 pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCAB2 post_certsave_uid=$UID EOF cat > $tmpdir/entrycb3 <<- EOF id=EntryCB3 ca_name=CAB3 pre_certsave_command=$tmpdir/note Running pre-save for EntryCAB3 pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCAB3 post_certsave_uid=$UID EOF cat > $tmpdir/entrycd1 <<- EOF id=EntryCD1 ca_name=CAD1 root_cert_dbs=$tmpdir/db1 pre_certsave_command=$tmpdir/note Running pre-save for EntryCAD1 pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCAD1 post_certsave_uid=$UID EOF cat > $tmpdir/entrycd2 <<- EOF id=EntryCD2 ca_name=CAD2 pre_certsave_command=$tmpdir/note Running pre-save for EntryCAD2 pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCAD2 post_certsave_uid=$UID EOF cat > $tmpdir/entrycd3 <<- EOF id=EntryCD3 ca_name=CAD3 pre_certsave_command=$tmpdir/note Running pre-save for EntryCAD3 pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCAD3 post_certsave_uid=$UID EOF cat > $tmpdir/entrycda <<- EOF id=EntryCDA ca_name=CADA pre_certsave_command=$tmpdir/note Running pre-save for EntryCADA pre_certsave_uid=$UID post_certsave_command=$tmpdir/note Running post-save for EntryCADA post_certsave_uid=$UID EOF cat > $tmpdir/cab1 <<- EOF id=CAB1 ca_type=EXTERNAL ca_root_cert_files=$tmpdir/bundle1,$tmpdir/bundle-all ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs= ca_other_root_cert_dbs= ca_other_cert_dbs= ca_root_certs=Root Certificate B1 -----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH 2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs 2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+ 8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE DNuxUCAKGkq6ahq97BvIxYSazQ== -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate B1 IN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV 6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH 1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF 62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6 IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/ iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh 4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY= -----END CERTIFICATE----- ca_other_certs=Other Certificate B1 -----BEGIN CERTIFICATE----- MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G 87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i 2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no xqE= -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CAB1 ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CAB1 ca_post_save_uid=$UID EOF cat > $tmpdir/cab2 <<- EOF id=CAB2 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files=$tmpdir/bundle2,$tmpdir/bundle-all ca_other_cert_files= ca_root_cert_dbs= ca_other_root_cert_dbs= ca_other_cert_dbs= ca_root_certs=Root Certificate B2 -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate B2 -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp 6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= -----END CERTIFICATE----- ca_other_certs=Other Certificate B2 -----BEGIN CERTIFICATE----- MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D 0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CAB2 ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CAB2 ca_post_save_uid=$UID EOF cat > $tmpdir/cab3 <<- EOF id=CAB3 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files=$tmpdir/bundle3,$tmpdir/bundle-all ca_root_cert_dbs= ca_other_root_cert_dbs= ca_other_cert_dbs= ca_root_certs=Root Certificate B3 -----BEGIN CERTIFICATE----- MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2 MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym 1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb 2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate B3 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55 IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm /qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+ eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL rosot4LKGAfmt1t06SAZf7IbiVQ= -----END CERTIFICATE----- ca_other_certs=Other Certificate B3 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ 4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CAB3 ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CAB3 ca_post_save_uid=$UID EOF cat > $tmpdir/cad1 <<- EOF id=CAD1 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=$tmpdir/db1,$tmpdir/dba ca_other_root_cert_dbs=$tmpdir/dba ca_other_cert_dbs=$tmpdir/dba ca_root_certs=Root Certificate D1 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate D1 -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0 ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B 5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3 WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+ DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho -----END CERTIFICATE----- ca_other_certs=Other Certificate D1 -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg Q2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzEL MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD VQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKxifZg isRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//z NIqeKNc0n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI +MkcVyzwPX6UvCWThOiaAJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2R hzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+ mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQD AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFP Bdy7pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27s EzNxZy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2 mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yC e/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4okoyeYZdow dXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915 -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CAD1 ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CAD1 ca_post_save_uid=$UID EOF cat > $tmpdir/cad2 <<- EOF id=CAD2 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=$tmpdir/dba ca_other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba ca_other_cert_dbs=$tmpdir/dba ca_root_certs=Root Certificate D2 -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6 yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag= -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate D2 -----BEGIN CERTIFICATE----- MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2 MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6 dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO 76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj 2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE= -----END CERTIFICATE----- ca_other_certs=Other Certificate D2 -----BEGIN CERTIFICATE----- MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB ZQ== -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CAD2 ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CAD2 ca_post_save_uid=$UID EOF cat > $tmpdir/cad3 <<- EOF id=CAD3 ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=,$tmpdir/dba ca_other_root_cert_dbs=,$tmpdir/dba, ca_other_cert_dbs=$tmpdir/db3,$tmpdir/dba ca_root_certs=Root Certificate D3 -----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- ca_other_root_certs=Other Root Certificate D3 -----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q 130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG 9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE----- ca_other_certs=Other Certificate D3 -----BEGIN CERTIFICATE----- MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 l7+ijrRU -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CAD3 ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CAD3 ca_post_save_uid=$UID EOF cat > $tmpdir/cada <<- EOF id=CADA ca_type=EXTERNAL ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files=$tmpdir/bundle-all ca_other_root_cert_files= ca_other_cert_files= ca_root_cert_dbs=$tmpdir/dba ca_other_root_cert_dbs=,$tmpdir/dba ca_other_cert_dbs=,$tmpdir/dba ca_root_certs=Root Certificate DA -----BEGIN CERTIFICATE----- MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== -----END CERTIFICATE----- ca_pre_save_command=$tmpdir/note Running pre-save for CADA ca_pre_save_uid=$UID ca_post_save_command=$tmpdir/note Running post-save for CADA ca_post_save_uid=$UID EOF run="$toolsdir/hooks -e entrycb1 -e entrycb2 -e entrycb3 -e entrycd1 -e entrycd2 -e entrycd3 -c cab1 -c cab2 -c cab3 -c cad1 -c cad2 -c cad3 -c cada" for target in EntryCB1 EntryCB2 EntryCD1 EntryCD2 CAB1 CAB2 CAD1 CAD2 CADA ; do : > $tmpdir/log echo '['$target' -B]' $run -B $target cat $tmpdir/log : > $tmpdir/log echo '['$target' -C]' $run -C $target cat $tmpdir/log done echo OK. certmonger-0.79.19/tests/028-dbus/0000755000175000017500000000000014511314133016040 5ustar gitgit00000000000000certmonger-0.79.19/tests/028-dbus/bogus-entry0000644000175000017500000000004014511314133020233 0ustar gitgit00000000000000Hah, this is just invalid data. certmonger-0.79.19/tests/028-dbus/entry0000644000175000017500000000115614511314133017127 0ustar gitgit00000000000000id=Buddy key_type=RSA key_gen_type=RSA key_size=512 key_gen_size=512 key_storage_type=FILE key_storage_location=@tmpdir@/test.key cert_storage_type=FILE cert_storage_location=@tmpdir@/test.crt template_subject=CN=localhost template_hostname=localhost template_principal=host/localhost@LOCALHOST template_eku=id-kp-serverAuth template_ku=1001 template_is_ca=0 template_ca_path_length=0 template_no_ocsp_check=0 template_ns_comment=Comments For Everyone template_profile=SomeProfileName pre_certsave_command=echo Pre pre_certsave_uid=0 post_certsave_command=echo Post post_certsave_uid=0 ca_name=local autorenew=1 monitor=1 certmonger-0.79.19/tests/028-dbus/expected.out0000644000175000017500000011725414511314133020404 0ustar gitgit00000000000000Certificate in file "${tmpdir}/test.crt" issued by CA and saved. Certificate in file "${tmpdir}/test.crt" issued by CA and saved. [[ getcert ]] State MONITORING, stuck: no. Number of certificates and requests being tracked: 1. Request ID 'Buddy': status: MONITORING stuck: no key pair storage: type=FILE,location='$tmpdir/test.key' certificate: type=FILE,location='$tmpdir/test.crt' CA: local issuer: CN=$UUID,CN=Local Signing Authority subject: CN=localhost issued: sometime expires: sometime dns: localhost principal name: host/localhost@LOCALHOST key usage: digitalSignature,dataEncipherment eku: id-kp-serverAuth certificate template/profile: SomeProfileName profile: SomeProfileName pre-save command: echo Pre post-save command: echo Post track: yes auto-renew: yes CA 'local': is-default: no ca-type: EXTERNAL helper-location: $tmpdir/local-submit CA 'SelfSign': is-default: no ca-type: INTERNAL:SELF next-serial-number: 01 CA 'IPA': is-default: no ca-type: EXTERNAL helper-location: $libexecdir/ipa-submit CA 'dogtag-ipa-renew-agent': is-default: no ca-type: EXTERNAL helper-location: $libexecdir/dogtag-ipa-renew-agent-submit [[ API ]] [ simpleprop.py ] /org/fedorahosted/certmonger/cas/CA5 /org/fedorahosted/certmonger/cas/CA5 : -> : -k admin@localhost -> : 0 -> 1 -> 0 [ walk.py ] [ /: org.freedesktop.DBus.Introspectable.Introspect ] [ /org: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.add_known_ca ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.add_request ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.find_ca_by_nickname ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.find_request_by_nickname ] OK [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ] dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4')], signature=dbus.Signature('o')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ] dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ] dbus.Array([dbus.String('RSA'), dbus.String('DSA'), dbus.String('EC')], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ] dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ] dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_request ] OK [ /org/fedorahosted/certmonger/requests: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/requests/Request2: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_nickname ] Buddy [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_autorenew ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_data ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ] (dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ] recently [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ] (dbus.String('FILE'), dbus.String('$tmpdir/test.crt')) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ] (dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s'))) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin_file ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ] (dbus.String('FILE'), dbus.String('$tmpdir/test.key')) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ] (dbus.String('RSA'), dbus.Int64(512)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ] (dbus.String('stdout'), dbus.String('daemon.notice')) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ] (dbus.String('MONITORING'), dbus.Boolean(False)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ] /org/fedorahosted/certmonger/cas/CA1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_submitted_cookie ] None [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca_error ] None [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_submitted_date ] recently [ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ] 1 on /org/fedorahosted/certmonger/requests/Request2 After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.resubmit ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.refresh ] 0 [ /org/fedorahosted/certmonger/cas: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/local [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_nickname ] local [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_type ] EXTERNAL [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_serial ] None [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_location ] $tmpdir/local-submit [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.refresh ] 1 [ /org/fedorahosted/certmonger/cas/CA2: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/20180327134236 [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_nickname ] SelfSign [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_type ] INTERNAL:SELF [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_serial ] 01 [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_location ] /org/fedorahosted/certmonger/cas/CA2: warning: property org.fedorahosted.certmonger.ca.external-helper not settable on this object [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.refresh ] 1 /org/fedorahosted/certmonger/cas/CA2: property org.fedorahosted.certmonger.ca.scep-cipher not set: (, x) [ /org/fedorahosted/certmonger/cas/CA3: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/20180327134236-1 [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_nickname ] IPA [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_type ] EXTERNAL [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_serial ] None [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_location ] $libexecdir/ipa-submit [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.refresh ] 1 [ /org/fedorahosted/certmonger/cas/CA4: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/20180327134236-3 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ] dogtag-ipa-renew-agent [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_type ] EXTERNAL [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_serial ] None [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ] $libexecdir/dogtag-ipa-renew-agent-submit [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ] 1 certmonger-0.79.19/tests/028-dbus/expected.out.nodsa0000644000175000017500000011723014511314133021501 0ustar gitgit00000000000000Certificate in file "${tmpdir}/test.crt" issued by CA and saved. Certificate in file "${tmpdir}/test.crt" issued by CA and saved. [[ getcert ]] State MONITORING, stuck: no. Number of certificates and requests being tracked: 1. Request ID 'Buddy': status: MONITORING stuck: no key pair storage: type=FILE,location='$tmpdir/test.key' certificate: type=FILE,location='$tmpdir/test.crt' CA: local issuer: CN=$UUID,CN=Local Signing Authority subject: CN=localhost issued: sometime expires: sometime dns: localhost principal name: host/localhost@LOCALHOST key usage: digitalSignature,dataEncipherment eku: id-kp-serverAuth certificate template/profile: SomeProfileName profile: SomeProfileName pre-save command: echo Pre post-save command: echo Post track: yes auto-renew: yes CA 'local': is-default: no ca-type: EXTERNAL helper-location: $tmpdir/local-submit CA 'SelfSign': is-default: no ca-type: INTERNAL:SELF next-serial-number: 01 CA 'IPA': is-default: no ca-type: EXTERNAL helper-location: $libexecdir/ipa-submit CA 'dogtag-ipa-renew-agent': is-default: no ca-type: EXTERNAL helper-location: $libexecdir/dogtag-ipa-renew-agent-submit [[ API ]] [ simpleprop.py ] /org/fedorahosted/certmonger/cas/CA5 /org/fedorahosted/certmonger/cas/CA5 : -> : -k admin@localhost -> : 0 -> 1 -> 0 [ walk.py ] [ /: org.freedesktop.DBus.Introspectable.Introspect ] [ /org: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.add_known_ca ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.add_request ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.find_ca_by_nickname ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.find_request_by_nickname ] OK [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ] dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4')], signature=dbus.Signature('o')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ] dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ] dbus.Array([dbus.String('RSA'), dbus.String('EC')], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ] dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ] dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ] OK [ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_request ] OK [ /org/fedorahosted/certmonger/requests: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/requests/Request2: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_nickname ] Buddy [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_autorenew ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_data ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ] (dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ] recently [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ] (dbus.String('FILE'), dbus.String('$tmpdir/test.crt')) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ] (dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s'))) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin_file ] [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ] (dbus.String('FILE'), dbus.String('$tmpdir/test.key')) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ] (dbus.String('RSA'), dbus.Int64(512)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ] (dbus.String('stdout'), dbus.String('daemon.notice')) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ] (dbus.String('MONITORING'), dbus.Boolean(False)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ] /org/fedorahosted/certmonger/cas/CA1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_submitted_cookie ] None [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca_error ] None [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_submitted_date ] recently [ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ] 1 on /org/fedorahosted/certmonger/requests/Request2 After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.resubmit ] 1 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.refresh ] 0 [ /org/fedorahosted/certmonger/cas: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/local [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_nickname ] local [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_type ] EXTERNAL [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_serial ] None [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_location ] $tmpdir/local-submit [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA1: org.fedorahosted.certmonger.ca.refresh ] 1 [ /org/fedorahosted/certmonger/cas/CA2: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/20180327134236 [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_nickname ] SelfSign [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_type ] INTERNAL:SELF [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_serial ] 01 [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_location ] /org/fedorahosted/certmonger/cas/CA2: warning: property org.fedorahosted.certmonger.ca.external-helper not settable on this object [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.refresh ] 1 /org/fedorahosted/certmonger/cas/CA2: property org.fedorahosted.certmonger.ca.scep-cipher not set: (, x) [ /org/fedorahosted/certmonger/cas/CA3: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/20180327134236-1 [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_nickname ] IPA [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_type ] EXTERNAL [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_serial ] None [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_location ] $libexecdir/ipa-submit [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.refresh ] 1 [ /org/fedorahosted/certmonger/cas/CA4: org.freedesktop.DBus.Introspectable.Introspect ] [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ] $tmpdir/cas/20180327134236-3 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ] dogtag-ipa-renew-agent [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ] 0 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_type ] EXTERNAL [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_serial ] None [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ] $libexecdir/dogtag-ipa-renew-agent-submit [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ] dbus.Array([], signature=dbus.Signature('s')) [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ] 1 certmonger-0.79.19/tests/028-dbus/prequal.sh0000755000175000017500000000121614511314133020050 0ustar gitgit00000000000000#!/bin/bash DBUSSEND=`which dbus-send 2> /dev/null` if test -z "$DBUSSEND" ; then echo dbus-send not found exit 1 fi DBUSDAEMON=`which dbus-daemon 2> /dev/null` if test -z "$DBUSDAEMON" ; then echo dbus-daemon not found exit 1 fi PYTHON=${PYTHON:-python3} if ! $PYTHON -c 'import os' 2> /dev/null ; then echo $PYTHON not found exit 1 fi if ! $PYTHON -c 'import dbus' 2> /dev/null ; then echo $PYTHON-dbus not found exit 1 fi if ! $PYTHON -c 'import xml' 2> /dev/null ; then echo $PYTHON-xml not found exit 1 fi if ! $PYTHON -c 'import xml.etree.ElementTree' 2> /dev/null ; then echo $PYTHON-xml does not include etree.ElementTree exit 1 fi certmonger-0.79.19/tests/028-dbus/run.sh0000755000175000017500000000322114511314133017201 0ustar gitgit00000000000000#!/bin/bash -e . prequal.sh mkdir -p $tmpdir/requests $tmpdir/cas "$tmpdir/local" $tmpdir/config export CERTMONGER_TMPDIR="$tmpdir" export CERTMONGER_REQUESTS_DIR="$tmpdir/requests" export CERTMONGER_CAS_DIR="$tmpdir/cas" export CERTMONGER_CONFIG_DIR="$tmpdir/config" export CERTMONGER_LOCAL_CA_DIR="$tmpdir/local" libexecdir=`$toolsdir/libexecdir` cp ../certmonger.conf "$tmpdir"/config/ cp prequal.sh runsub.sh *.py "$tmpdir"/ ln -s "$toolsdir"/../../src/getcert "$tmpdir"/ ln -s "$toolsdir"/../../src/local-submit "$tmpdir"/ for entry in entry bogus-entry ; do sed "s|@tmpdir@|$tmpdir|g" $entry > "$tmpdir"/requests/$entry done cat > "$tmpdir"/cas/local << EOF id=local ca_is_default=0 ca_type=EXTERNAL ca_external_helper=$tmpdir/local-submit EOF $DBUSDAEMON --session --print-address=3 --print-pid=4 --fork 3> $tmpdir/address 4> $tmpdir/pid if test -s $tmpdir/pid ; then env DBUS_SESSION_BUS_ADDRESS=`cat $tmpdir/address` \ $toolsdir/../../src/certmonger-session -n -c $tmpdir/runsub.sh fi kill `cat $tmpdir/pid` cat $tmpdir/runsub.err > /dev/stderr now=`date +%s` for i in `seq 240` ; do recently=$(($now-$i)) tomorrow=$(($now-$i+24*60*60)) sed -i -e s/^$recently'$/recently/g' -e s/"("$recently")"/'(recently)'/g \ -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow")"/'(tomorrow)'/g $tmpdir/runsub.out done cat $tmpdir/runsub.out | \ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \ -e '/^-----BEGIN/,/^-----END/d' \ -e "s|$libexecdir|\$libexecdir|g" \ -e "s|$tmpdir|\$tmpdir|g" \ -e "s|issued:.*|issued: sometime|g" \ -e "s|expires:.*|expires: sometime|g" \ -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \ certmonger-0.79.19/tests/028-dbus/runsub.sh0000755000175000017500000000100314511314133017707 0ustar gitgit00000000000000#!/bin/bash PYTHON=${PYTHON:-python3} exec > "$TMPDIR"/runsub.out 2> "$TMPDIR"/runsub.err for i in `seq 60` ; do if test -s "$TMPDIR"/test.crt ; then break fi sleep 1 done cd "$TMPDIR" source prequal.sh echo "[[ getcert ]]" for i in `seq 60` ; do if "$TMPDIR"/getcert status -s -i Buddy ; then break fi sleep 1 done "$TMPDIR"/getcert status -s -v -i Buddy "$TMPDIR"/getcert list -s "$TMPDIR"/getcert list-cas -s echo "" echo "[[ API ]]" for i in ./*.py ; do echo "[" `basename "$i"` "]" $PYTHON $i done certmonger-0.79.19/tests/028-dbus/simpleprop.py0000644000175000017500000000326114511314133020606 0ustar gitgit00000000000000import dbus # Get a handle for the main certmonger interface. bus = dbus.SessionBus() o = bus.get_object('org.fedorahosted.certmonger', '/org/fedorahosted/certmonger') cm = dbus.Interface(o, 'org.fedorahosted.certmonger') try: (status, path) = cm.add_known_ca('certmonger-test', ':', []) print(path) except: pass path = cm.find_ca_by_nickname('certmonger-test') print(path) # Get a handle for the CA interface. o = bus.get_object('org.fedorahosted.certmonger', path) ca = dbus.Interface(o, 'org.freedesktop.DBus.Properties') # Toggle the helper a couple of times. ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') print(ca_ext_h, "-> ", end='') if ca_ext_h.split()[0] == ca_ext_h: ca_ext_h += ' -k admin@localhost' else: ca_ext_h = ca_ext_h.split()[0] ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h) ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') print(ca_ext_h, "-> ", end='') if ca_ext_h.split()[0] == ca_ext_h: ca_ext_h += ' -k admin@localhost' else: ca_ext_h = ca_ext_h.split()[0] ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h) ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper') print(ca_ext_h) # Toggle the "is-default" value a couple of times. isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') print(isdef, "-> ", end='') ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef) isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') print(isdef, "-> ", end='') ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef) isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default') print(isdef) cm.remove_known_ca(path) certmonger-0.79.19/tests/028-dbus/walk.py0000644000175000017500000001750614511314133017361 0ustar gitgit00000000000000import dbus import xml.etree.ElementTree import os import sys import time bus = dbus.SessionBus() # Check that reading a property directly produces the same value as reading it via GetAll(). def check_props(objpath, interface): o = bus.get_object('org.fedorahosted.certmonger', objpath) i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') props = i.GetAll(interface) for prop in props.keys(): value = props[prop] if value != i.Get(interface, prop): print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop))) return False return True # Try to call the method. def examine_method(objpath, interface, method, idata): in_args = 0 out_args = 0 o = bus.get_object('org.fedorahosted.certmonger', objpath) i = dbus.Interface(o, interface) for child in idata: if child.tag == 'arg': if child.get('direction') != 'out': in_args = in_args + 1 else: out_args = out_args + 1 if in_args == 0: # Takes no inputs, so just call it. m = i.get_dbus_method(method) if out_args == 0: m() print("[ %s: %s.%s ]\n" % (objpath, interface, method)) elif out_args == 1: result = m() print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) else: result = m() print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result)) elif method == 'Get' or method == 'Set' or method == 'GetAll': # We check on properties elsewhere. return True # Per-method exercise. elif method == 'add_known_ca' or method == 'remove_known_ca': (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', []) if not result: print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method)) return False result = i.remove_known_ca(path) if not result: print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method)) return False print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) elif method == 'add_request' or method == 'remove_request': tmpdir = os.getenv('TMPDIR') if not tmpdir or tmpdir == '': tmpdir = '/tmp' properties = { 'nickname': 'foo', 'cert-storage': 'file', 'cert-file': tmpdir + "/028-certfile", 'key-storage': 'file', 'key-file': tmpdir + "/028-keyfile", 'template-email': ['root@localhost', 'toor@localhost'], } (result, path) = i.add_request(properties) if not result: print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method)) return False result = i.remove_request(path) if not result: print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method)) return False print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) elif method == 'find_ca_by_nickname': capath = i.find_ca_by_nickname('local') o = bus.get_object('org.fedorahosted.certmonger', capath) i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local': print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname'))) return False print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) elif method == 'find_request_by_nickname': reqpath = i.find_request_by_nickname('Buddy') o = bus.get_object('org.fedorahosted.certmonger', reqpath) i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy': print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname'))) return False print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method)) elif method == 'modify': mods = {} propname = "template-eku" propval = '1.2.3.4.5.6.7.8.9.10' mods[propname] = [propval,] status, path = i.modify(mods) if not status: print("[ %s : %s.%s ] error\n" % (objpath, interface, method)) return False print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path)) props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') prop = props.Get(interface, 'template-eku') print("After setting %s to %s, we got %s\n" % (propname, propval, prop)) else: # We're in FIXME territory. print('FIXME: need support for "%s"' % method) return False # If we caused things to start churning, wait for them to settle. if method == 'resubmit': props = dbus.Interface(o, 'org.freedesktop.DBus.Properties') prop = props.Get(interface, 'status') while prop != 'MONITORING': time.sleep(1) prop = props.Get(interface, 'status') return True def iget(child, proxy, interface, prop): value = proxy.Get(interface, prop) if not value: if child.get('type') == 'b': value = False elif child.get('type') == 'n' or child.get('type') == 'x': value = 0 elif child.get('type') == 's': value = '' elif child.get('type') == 'as': value = [''] else: print("%s.%s: %s" % (interface, prop, child.get('type'))) return False return value def examine_interface(objpath, interface, idata): o = bus.get_object('org.fedorahosted.certmonger', objpath) i = dbus.Interface(o, 'org.freedesktop.DBus.Properties') for child in idata: if child.tag == 'property': prop = child.get('name') if child.get('access') == 'read': # Check that we can read it. value = i.Get(interface, prop) elif child.get('access') == 'readwrite': if prop == 'external-helper' or prop == 'scep-ca-identifier': cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca') if cai.get_type() != 'EXTERNAL': print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop)) continue # Check that we can read it, tweak it, and then reset it. value = iget(child, i, interface, prop) i.Set(interface, prop, value) newvalue = None if child.get('type') == 'b': newvalue = not value elif child.get('type') == 'n' or child.get('type') == 'x': newvalue = value + 1 elif child.get('type') == 's': newvalue = 'x' + value elif child.get('type') == 'as': newvalue = ['x'] + value else: print("%s.%s: %s" % (interface, prop, child.get('type'))) return False if newvalue: if newvalue == value: print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value)) return False i.Set(interface, prop, newvalue) if newvalue != iget(child, i, interface, prop): print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue)) return False i.Set(interface, prop, value) if value != iget(child, i, interface, prop): print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value)) return False elif child.tag == 'method': method = child.get('name') if not examine_method(objpath, interface, method, child): return False elif child.tag == 'signal': continue else: print("FIXME: handle child tag %s" % child.tag) return False return True def examine_object(objpath): o = bus.get_object('org.fedorahosted.certmonger', objpath) i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable') idata = i.Introspect() x = xml.etree.ElementTree.XML(idata) # Check if the object supports properties interfaces. props = False for child in x: if child.tag == 'interface': if child.get('name') == 'org.freedesktop.DBus.Properties': props = True # Look at the interfaces and child nodes. for child in x: if child.tag == 'interface': if props and not check_props(objpath, child.get('name')): return False if not examine_interface(objpath, child.get('name'), child): return False elif child.tag == 'node': if objpath == '/': childpath = '/' + child.get('name') else: childpath = objpath + '/' + child.get('name') examine_object(childpath) else: print("FIXME: handle child tag %s" % child.tag) return False return True if not examine_object('/'): sys.exit(1) sys.exit(0) certmonger-0.79.19/tests/029-canonize/0000755000175000017500000000000014511314133016712 5ustar gitgit00000000000000certmonger-0.79.19/tests/029-canonize/expected.out0000644000175000017500000000144314511314133021246 0ustar gitgit00000000000000"${tmpdir}": "${tmpdir}" ".": "${tmpdir}" "subdir": "${tmpdir}/subdir" "subdir/": "${tmpdir}/subdir" "subdir/..": "${tmpdir}" "subdir/../subdir": "${tmpdir}/subdir" "otherdir": "${tmpdir}/otherdir" "otherdir/": "${tmpdir}/otherdir" "otherdir//": "${tmpdir}/otherdir" "otherdir/..": "${tmpdir}" "otherdir//../subdir": "${tmpdir}/subdir" "${tmpdir}/otherdir//../subdir": "${tmpdir}/subdir" "subdir/../otherdir": "${tmpdir}/otherdir" "subdir/file": "${tmpdir}/subdir/file" "subdir/../subdir/file": "${tmpdir}/subdir/file" "otherdir/file": "${tmpdir}/otherdir/file" "otherdir/../subdir/file": "${tmpdir}/subdir/file" "subdir/../otherdir/file": "${tmpdir}/otherdir/file" "not-there": "${tmpdir}/not-there" "subdir/not-there": "${tmpdir}/subdir/not-there" "otherdir/not-there": "${tmpdir}/otherdir/not-there" certmonger-0.79.19/tests/029-canonize/run.sh0000755000175000017500000000147514511314133020064 0ustar gitgit00000000000000#!/bin/bash -e cd $tmpdir mkdir subdir ln -s subdir otherdir touch subdir/file canon() { for loc in "$@" ; do $toolsdir/canon "$loc" | sed -r "s|$tmpdir|"'${tmpdir}'"|g" if `$toolsdir/canon dbm:"$loc"` != dbm:`$toolsdir/canon "$loc"` ; then echo `$toolsdir/canon dbm:"$loc"` -ne dbm:`$toolsdir/canon "$loc"` exit 1 fi if `$toolsdir/canon sql:"$loc"` != sql:`$toolsdir/canon "$loc"` ; then echo `$toolsdir/canon sql:"$loc"` -ne sql:`$toolsdir/canon "$loc"` exit 1 fi done } for loc in `pwd` . subdir subdir/ subdir/.. subdir/../subdir otherdir otherdir/ otherdir// otherdir/.. otherdir//../subdir `pwd`/otherdir//../subdir subdir/../otherdir subdir/file subdir/../subdir/file otherdir/file otherdir/../subdir/file subdir/../otherdir/file not-there subdir/not-there otherdir/not-there ; do canon $loc done certmonger-0.79.19/tests/030-rekey/0000755000175000017500000000000014511314133016213 5ustar gitgit00000000000000certmonger-0.79.19/tests/030-rekey/expected.out0000644000175000017500000002176714511314133020562 0ustar gitgit00000000000000[ Begin pass (preserve=1,pin=""). ] (prep NSS) key_issued_count=0 key_requested_count=0 (submit NSS) key_issued_count=0 key_requested_count=1 (prep OpenSSL) key_issued_count=0 key_requested_count=0 (submit OpenSSL) key_issued_count=0 key_requested_count=1 NSS keys before re-keygen (preserve=1,pin=""): <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_requested_count=1 OK. NSS keys after re-keygen (preserve=1,pin=""): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit NSS) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 NSS certs before saving (preserve=1,pin=""): i2048 u,u,u serial=1234 NSS keys before saving (preserve=1,pin=""): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 NSS Signing: NSS Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 NSS certs after saving (preserve=1,pin=""): i2048 u,u,u serial=1235 NSS keys after saving (preserve=1,pin=""): <-> rsa hexhexhexhexhex NSS Certificate DB:i2048 <-> rsa originalhex (orphan) NSS Signing: NSS Verify: This is the plaintext. PEM keys before re-keygen (preserve=1,pin=""): ${tmpdir}/keyi2048 key_issued_count=0 key_requested_count=1 OK. PEM keys after re-keygen (preserve=1,pin=""): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit OpenSSL) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 PEM certs before saving (preserve=1,pin=""): ${tmpdir}/certi2048 serial=1234 PEM keys before saving (preserve=1,pin=""): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key OpenSSL Signing: OpenSSL Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 PEM certs after saving (preserve=1,pin=""): ${tmpdir}/certi2048 serial=1235 PEM keys after saving (preserve=1,pin=""): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.1234.key OpenSSL Signing: OpenSSL Verify: This is the plaintext. [ End pass (preserve=1,pin=""). ] [ Begin pass (preserve=1,pin="password"). ] (prep NSS) key_issued_count=0 key_requested_count=0 (submit NSS) key_issued_count=0 key_requested_count=1 (prep OpenSSL) key_issued_count=0 key_requested_count=0 (submit OpenSSL) key_issued_count=0 key_requested_count=1 NSS keys before re-keygen (preserve=1,pin="password"): <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_requested_count=1 OK. NSS keys after re-keygen (preserve=1,pin="password"): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit NSS) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 NSS certs before saving (preserve=1,pin="password"): i2048 u,u,u serial=1234 NSS keys before saving (preserve=1,pin="password"): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 NSS Signing: NSS Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 NSS certs after saving (preserve=1,pin="password"): i2048 u,u,u serial=1235 NSS keys after saving (preserve=1,pin="password"): <-> rsa hexhexhexhexhex NSS Certificate DB:i2048 <-> rsa originalhex (orphan) NSS Signing: NSS Verify: This is the plaintext. PEM keys before re-keygen (preserve=1,pin="password"): ${tmpdir}/keyi2048 key_issued_count=0 key_requested_count=1 OK. PEM keys after re-keygen (preserve=1,pin="password"): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit OpenSSL) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 PEM certs before saving (preserve=1,pin="password"): ${tmpdir}/certi2048 serial=1234 PEM keys before saving (preserve=1,pin="password"): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key OpenSSL Signing: OpenSSL Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 PEM certs after saving (preserve=1,pin="password"): ${tmpdir}/certi2048 serial=1235 PEM keys after saving (preserve=1,pin="password"): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.1234.key OpenSSL Signing: OpenSSL Verify: This is the plaintext. [ End pass (preserve=1,pin="password"). ] [ Begin pass (preserve=0,pin=""). ] (prep NSS) key_issued_count=0 key_requested_count=0 (submit NSS) key_issued_count=0 key_requested_count=1 (prep OpenSSL) key_issued_count=0 key_requested_count=0 (submit OpenSSL) key_issued_count=0 key_requested_count=1 NSS keys before re-keygen (preserve=0,pin=""): <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_requested_count=1 OK. NSS keys after re-keygen (preserve=0,pin=""): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit NSS) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 NSS certs before saving (preserve=0,pin=""): i2048 u,u,u serial=1234 NSS keys before saving (preserve=0,pin=""): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 NSS Signing: NSS Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 NSS certs after saving (preserve=0,pin=""): i2048 u,u,u serial=1235 NSS keys after saving (preserve=0,pin=""): <-> rsa hexhexhexhexhex NSS Certificate DB:i2048 NSS Signing: NSS Verify: This is the plaintext. PEM keys before re-keygen (preserve=0,pin=""): ${tmpdir}/keyi2048 key_issued_count=0 key_requested_count=1 OK. PEM keys after re-keygen (preserve=0,pin=""): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit OpenSSL) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 PEM certs before saving (preserve=0,pin=""): ${tmpdir}/certi2048 serial=1234 PEM keys before saving (preserve=0,pin=""): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key OpenSSL Signing: OpenSSL Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 PEM certs after saving (preserve=0,pin=""): ${tmpdir}/certi2048 serial=1235 PEM keys after saving (preserve=0,pin=""): ${tmpdir}/keyi2048 OpenSSL Signing: OpenSSL Verify: This is the plaintext. [ End pass (preserve=0,pin=""). ] [ Begin pass (preserve=0,pin="password"). ] (prep NSS) key_issued_count=0 key_requested_count=0 (submit NSS) key_issued_count=0 key_requested_count=1 (prep OpenSSL) key_issued_count=0 key_requested_count=0 (submit OpenSSL) key_issued_count=0 key_requested_count=1 NSS keys before re-keygen (preserve=0,pin="password"): <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_requested_count=1 OK. NSS keys after re-keygen (preserve=0,pin="password"): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit NSS) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 NSS certs before saving (preserve=0,pin="password"): i2048 u,u,u serial=1234 NSS keys before saving (preserve=0,pin="password"): <-> rsa hexhexhexhexhex i2048 (candidate (next)) <-> rsa originalhex NSS Certificate DB:i2048 NSS Signing: NSS Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 NSS certs after saving (preserve=0,pin="password"): i2048 u,u,u serial=1235 NSS keys after saving (preserve=0,pin="password"): <-> rsa hexhexhexhexhex NSS Certificate DB:i2048 NSS Signing: NSS Verify: This is the plaintext. PEM keys before re-keygen (preserve=0,pin="password"): ${tmpdir}/keyi2048 key_issued_count=0 key_requested_count=1 OK. PEM keys after re-keygen (preserve=0,pin="password"): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key key_issued_count=0 key_next_requested_count=0 key_requested_count=1 (submit OpenSSL) key_issued_count=0 key_next_requested_count=1 key_requested_count=1 PEM certs before saving (preserve=0,pin="password"): ${tmpdir}/certi2048 serial=1234 PEM keys before saving (preserve=0,pin="password"): ${tmpdir}/keyi2048 ${tmpdir}/keyi2048.(next).key OpenSSL Signing: OpenSSL Verify: This is the plaintext. (saving) key_issued_count=1 key_requested_count=1 PEM certs after saving (preserve=0,pin="password"): ${tmpdir}/certi2048 serial=1235 PEM keys after saving (preserve=0,pin="password"): ${tmpdir}/keyi2048 OpenSSL Signing: OpenSSL Verify: This is the plaintext. [ End pass (preserve=0,pin="password"). ] Test complete. certmonger-0.79.19/tests/030-rekey/run.sh0000755000175000017500000002444514511314133017367 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" issuetime=`date +%s` function setupca() { cat > ca.self <<- EOF id=self_signer ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=1235 ca_internal_issue_time=$issuetime EOF } for preserve in 1 0 ; do for pin in "" password ; do echo "[ Begin pass (preserve=$preserve,pin=\"$pin\"). ]" size=2048 rm -f "$tmpdir"/*.db touch "$tmpdir"/keyi "$tmpdir"/certi rm -f "$tmpdir"/keyi* "$tmpdir"/certi* "$tmpdir"/pubkey* initnssdb "$tmpdir" $pin echo "$pin" > pinfile # Build a self-signed certificate. run_certutil -d "$tmpdir" -S -g $size -n "i$size" \ -s "cn=T$size" -c "cn=T$size" \ -x -t u -m 4660 -f pinfile # Export the certificate and key. pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir" -k pinfile -o $size.p12 -W "" -n "i$size" > /dev/null 2>&1 openssl pkcs12 -in $size.p12 -passin pass: -nocerts -passout pass:${pin:- -nodes} | awk '/^-----BEGIN/,/^-----END/{print}' > keyi$size openssl pkcs12 -in $size.p12 -passin pass: -nokeys -nodes | awk '/^-----BEGIN/,/^-----END/{print}' > certi$size # Grab a copy of the public key. openssl x509 -pubkey -noout -in "$tmpdir"/certi$size > "$tmpdir"/pubkey.old # Read info about that key using NSS cat > entry.nss.$size <<- EOF ca_name=self_signer key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=i$size key_preserve=$preserve cert_storage_type=NSSDB cert_storage_location=$tmpdir cert_nickname=i$size template_subject=CN=T$size EOF echo key_pin_file=`pwd`/pinfile >> entry.nss.$size $toolsdir/keyiread entry.nss.$size > /dev/null 2>&1 # Read info about that key using OpenSSL cat > entry.openssl.$size <<- EOF ca_name=self_signer key_storage_type=FILE key_storage_location=$tmpdir/keyi$size key_preserve=$preserve cert_storage_type=FILE cert_storage_location=$tmpdir/certi$size EOF echo key_pin_file=`pwd`/pinfile >> entry.openssl.$size $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 # Use that NSS key to generate a self-signed certificate. echo '(prep NSS)' cat > entry.nss.$size <<- EOF ca_name=self_signer key_storage_type=NSSDB key_storage_location=$tmpdir key_nickname=i$size key_preserve=$preserve cert_storage_type=NSSDB cert_storage_location=$tmpdir cert_nickname=i$size template_subject=CN=T$size EOF echo key_pin_file=`pwd`/pinfile >> entry.nss.$size $toolsdir/keyiread entry.nss.$size > /dev/null 2>&1 $toolsdir/csrgen entry.nss.$size > csr.nss.$size setupca grep ^key.\*count= entry.nss.$size | LANG=C sort echo '(submit NSS)' $toolsdir/submit ca.self entry.nss.$size > cert.nss.$size grep ^key.\*count= entry.nss.$size | LANG=C sort # Use that OpenSSL key to generate a self-signed certificate. echo '(prep OpenSSL)' cat > entry.openssl.$size <<- EOF ca_name=self_signer key_storage_type=FILE key_storage_location=$tmpdir/keyi$size key_preserve=$preserve cert_storage_type=FILE cert_storage_location=$tmpdir/certi$size template_subject=CN=T$size EOF echo key_pin_file=`pwd`/pinfile >> entry.openssl.$size $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size setupca grep ^key.\*count= entry.openssl.$size | LANG=C sort echo '(submit OpenSSL)' $toolsdir/submit ca.self entry.openssl.$size > cert.openssl.$size grep ^key.\*count= entry.openssl.$size | LANG=C sort # Now generate new keys, CSRs, and certificates (NSS). echo "NSS keys before re-keygen (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.nss.$size | cut -f2- -d=` firstid=`run_certutil -K -d $tmpdir -f pinfile | grep -v 'Checking token' | sed -r 's,< *0>,<->,g' | awk '{print $3}' | env LANG=C sort` run_certutil -K -d $tmpdir -f pinfile | grep -v 'Checking token' | env LANG=C sort 1>&2 echo firstid="$firstid" 1>&2 run_certutil -K -d $tmpdir -f pinfile | grep -v 'Checking token' | sed -e s,"${marker:-////////}","(next)", -e "s,$firstid,originalhex,g" | sed -r -e 's,[0123456789abcdef]{8},hex,g' -e 's,< 0>,<->,g' -e 's,< 1>,<->,g' | env LANG=C sort grep ^key.\*count= entry.nss.$size | LANG=C sort $toolsdir/keygen entry.nss.$size echo "NSS keys after re-keygen (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.nss.$size | cut -f2- -d=` run_certutil -K -d $tmpdir -f pinfile | grep -v 'Checking token' | sed -e s,"${marker:-////////}","(next)", -e "s,$firstid,originalhex,g" | sed -r -e 's,[0123456789abcdef]{8},hex,g' -e 's,< 0>,<->,g' -e 's,< 1>,<->,g' | env LANG=C sort $toolsdir/keyiread entry.nss.$size > /dev/null 2>&1 $toolsdir/csrgen entry.nss.$size > csr.nss.$size setupca grep ^key.\*count= entry.nss.$size | LANG=C sort echo '(submit NSS)' $toolsdir/submit ca.self entry.nss.$size > cert.nss.$size grep ^key.\*count= entry.nss.$size | LANG=C sort # Verify that we can still sign using the old key and cert using the right name (NSS). echo "NSS certs before saving (preserve=$preserve,pin=\"$pin\"):" run_certutil -L -d $tmpdir | grep -v SSL,S/MIME | grep -v '^$' | grep -v 'Trust' run_certutil -L -d $tmpdir -n i$size -a | openssl x509 -noout -serial echo "NSS keys before saving (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.nss.$size | cut -f2- -d=` run_certutil -K -d $tmpdir -f pinfile | grep -v 'Checking token' | sed -e s,"${marker:-////////}","(next)", -e "s,$firstid,originalhex,g" | sed -r -e 's,[0123456789abcdef]{8},hex,g' -e 's,< 0>,<->,g' -e 's,< 1>,<->,g' | env LANG=C sort echo "This is the plaintext." > plain.txt echo "NSS Signing:" certutil -M -d $tmpdir -n i$size -t P,P,P -f pinfile cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed -f pinfile echo "NSS Verify:" cmsutil -D -d $tmpdir -f pinfile -i signed -f pinfile certutil -M -d $tmpdir -n i$size -t ,, -f pinfile # Go and save the new certs and keys (NSS). echo '(saving)' $toolsdir/certsave entry.nss.$size grep ^key.\*count= entry.nss.$size | LANG=C sort # Grab a copy of the public key (NSS). certutil -L -d $tmpdir -n i$size -a | openssl x509 -pubkey -noout > "$tmpdir"/pubkey.nss # Verify that we can sign using the new key and cert using the right name (NSS). echo "NSS certs after saving (preserve=$preserve,pin=\"$pin\"):" run_certutil -L -d $tmpdir | grep -v SSL,S/MIME | grep -v '^$' | grep -v 'Trust' run_certutil -L -d $tmpdir -n i$size -a | openssl x509 -noout -serial echo "NSS keys after saving (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.nss.$size | cut -f2- -d=` run_certutil -K -d $tmpdir -f pinfile | grep -v 'Checking token' | sed -e s,"${marker:-////////}","(next)", -e "s,$firstid,originalhex,g" | sed -r -e 's,[0123456789abcdef]{8},hex,g' -e 's,< 0>,<->,g' -e 's,< 1>,<->,g' | env LANG=C sort echo "This is the plaintext." > plain.txt echo "NSS Signing:" certutil -M -d $tmpdir -n i$size -t P,P,P -f pinfile cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed -f pinfile echo "NSS Verify:" cmsutil -D -d $tmpdir -f pinfile -i signed -f pinfile certutil -M -d $tmpdir -n i$size -t ,, -f pinfile # Now generate new keys, CSRs, and certificates (OpenSSL). echo "PEM keys before re-keygen (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.openssl.$size | cut -f2- -d=` find $tmpdir -name "keyi${size}*" -print | sed -e s,"${marker:-////////}","(next)", | env LANG=C sort grep ^key.\*count= entry.openssl.$size | LANG=C sort $toolsdir/keygen entry.openssl.$size echo "PEM keys after re-keygen (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.openssl.$size | cut -f2- -d=` find $tmpdir -name "keyi${size}*" -print | sed -e s,"${marker:-////////}","(next)", | env LANG=C sort $toolsdir/keyiread entry.openssl.$size > /dev/null 2>&1 $toolsdir/csrgen entry.openssl.$size > csr.openssl.$size setupca grep ^key.\*count= entry.openssl.$size | LANG=C sort echo '(submit OpenSSL)' $toolsdir/submit ca.self entry.openssl.$size > cert.openssl.$size grep ^key.\*count= entry.openssl.$size | LANG=C sort # Verify that we can still sign using the old key and cert (OpenSSL). echo "PEM certs before saving (preserve=$preserve,pin=\"$pin\"):" find $tmpdir -name "certi${size}*" -print | env LANG=C sort find $tmpdir -name "certi${size}*" -print | xargs -n 1 openssl x509 -noout -serial -in echo "PEM keys before saving (preserve=$preserve,pin=\"$pin\"):" marker=`grep ^key_next_marker= entry.openssl.$size | cut -f2- -d=` find $tmpdir -name "keyi${size}*" -print | sed -e s,"${marker:-////////}","(next)", | env LANG=C sort echo "This is the plaintext." > plain.txt echo "OpenSSL Signing:" openssl smime -sign -signer certi$size -binary -nodetach -inkey keyi$size -passin pass:$pin -in plain.txt -outform PEM -out signed echo "OpenSSL Verify:" openssl smime -verify -CAfile certi$size -inform PEM -in signed # Go and save the new certs and keys (OpenSSL). echo '(saving)' $toolsdir/certsave entry.openssl.$size grep ^key.\*count= entry.openssl.$size | LANG=C sort # Grab a copy of the public key (OpenSSL). openssl x509 -pubkey -noout -in "$tmpdir"/certi$size > "$tmpdir"/pubkey.openssl # Verify that we can sign using the new key and cert (OpenSSL). echo "PEM certs after saving (preserve=$preserve,pin=\"$pin\"):" find $tmpdir -name "certi${size}*" -print | env LANG=C sort find $tmpdir -name "certi${size}*" -print | xargs -n 1 openssl x509 -noout -serial -in echo "PEM keys after saving (preserve=$preserve,pin=\"$pin\"):" find $tmpdir -name "keyi${size}*" -print | env LANG=C sort echo "This is the plaintext." > plain.txt echo "OpenSSL Signing:" openssl smime -sign -signer certi$size -binary -nodetach -inkey keyi$size -passin pass:$pin -in plain.txt -outform PEM -out signed echo "OpenSSL Verify:" openssl smime -verify -CAfile certi$size -inform PEM -in signed # Double-check that the keys were changed. if ! test -s "$tmpdir"/pubkey.old ; then echo Error reading old pubkey. fi if ! test -s "$tmpdir"/pubkey.nss ; then echo Error reading NSS pubkey. fi if ! test -s "$tmpdir"/pubkey.openssl ; then echo Error reading OpenSSL pubkey. fi if cmp -s "$tmpdir"/pubkey.old "$tmpdir"/pubkey.nss ; then echo NSS key not changed. fi if cmp -s "$tmpdir"/pubkey.old "$tmpdir"/pubkey.openssl ; then echo OpenSSL key not changed. fi if cmp -s "$tmpdir"/pubkey.nss "$tmpdir"/pubkey.openssl ; then echo Rekey produced the same keys. fi echo "[ End pass (preserve=$preserve,pin=\"$pin\"). ]" done done cat cert.nss.$size 1>&2 echo Test complete. certmonger-0.79.19/tests/031-pkcs7/0000755000175000017500000000000014511314133016124 5ustar gitgit00000000000000certmonger-0.79.19/tests/031-pkcs7/expected.out0000644000175000017500000002612514511314133020464 0ustar gitgit00000000000000[dercert] TOP: LEAF: -----BEGIN CERTIFICATE----- MIIFYzCCBEugAwIBAgITHQAAAANgXaDHI7LEzAAAAAAAAzANBgkqhkiG9w0BAQUF ADBqMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0 MRMwEQYKCZImiZPyLGQBGRYDYm9zMRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4G A1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAxNzAwNTBaFw0xNzAxMTkxNzAwNTBaMCUx CzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1DQVRTLU1TQ0VQLVJBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1HPRNKcrL1p7ukeePb6J6ERlIj7pkghJ6vF 8s4axv9nCWiYiyTKjQKOcUdd0JBnR+kiBQ0D3R8Hlt6Lpepw011Fq6e0pLV3/TkG hlghs4S3E3yWLfPmxStKUwcOSuBftsGz3oHFcCFciPKpPHIdzix4H0hRIyvuAbt6 nYHJ5/6j8Q/9QgwnDWtz9IwzdT/kLRHTdp00B4twuGnvUo0gZ1V4/FOtlK+JOHYK 3F/nF3Zd3G5huVXnaUv4IYCVfzGmvuY+TDBXySbPMlZ9ProOw/w1pmD5EvSr45w7 3Qs02VERrmlumsRfHVClgZDpu7e0AMKzTY/JV2F0kqfyfLPP6QIDAQABo4ICRTCC AkEwOwYJKwYBBAGCNxQCBC4eLABFAG4AcgBvAGwAbABtAGUAbgB0AEEAZwBlAG4A dABPAGYAZgBsAGkAbgBlMBUGA1UdJQQOMAwGCisGAQQBgjcUAgEwDgYDVR0PAQH/ BAQDAgeAMB0GA1UdDgQWBBQ4+YLunQJ6VvBEBZIbvDq8uSBXOTAfBgNVHSMEGDAW gBRgkc2jH5B+ictDORzWc8Jl3x0BKjCB0AYDVR0fBIHIMIHFMIHCoIG/oIG8hoG5 bGRhcDovLy9DTj1jYXRzLWNhLENOPWNhdHMsQ049Q0RQLENOPVB1YmxpYyUyMEtl eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Y2F0 cyxEQz1ib3MsREM9cmVkaGF0LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccGCCsG AQUFBwEBBIG6MIG3MIG0BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049Y2F0cy1jYSxD Tj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049 Q29uZmlndXJhdGlvbixEQz1jYXRzLERDPWJvcyxEQz1yZWRoYXQsREM9Y29tP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y aXR5MA0GCSqGSIb3DQEBBQUAA4IBAQDbwjN+OpqCmTA7Jvc+SVa22lMgOkocRqHg FTxgs1wHFFzP+fRxJRWqAMC2+jfa5K9N/O/ftZa4tPJwahhH85HLhxX/xQlgbjq+ BDaVp27+sxMXTs7CFiKCm7pcUN+kZrDk9KpQbUchsjf405f32wh7hGpxW8YQvPkY 6XwxPHRU5o5xWaqB3rE2VxFJf47F2O8iZZOrgtF0rlbDMXfIahKw2vweWa3IQAZE SAIRO1wEYrabyn5nJPuGi4WvEdqYEOH0ohYaBNX6Z6CG4n0/20k422HxFsNA8fJ5 hkwu1JZ5HT4ZsguDFO1Ch6b1LQk7lCw7TyOJTg+5NrdcEzZ3O/mY -----END CERTIFICATE----- [derpkcs7] TOP: -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQcfwiT1pZpoNOkPWmM0Ix9jANBgkqhkiG9w0BAQUFADBq MRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0MRMw EQYKCZImiZPyLGQBGRYDYm9zMRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4GA1UE AxMHY2F0cy1jYTAeFw0xNTAxMjAxNjQ5MjlaFw0yMDAxMjAxNjU5MjlaMGoxEzAR BgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZyZWRoYXQxEzARBgoJ kiaJk/IsZAEZFgNib3MxFDASBgoJkiaJk/IsZAEZFgRjYXRzMRAwDgYDVQQDEwdj YXRzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OyoxZGu3tQX QwR9fCqIZ8NSURIGXdG9r6jdp33iJxqYItKlMF4l2z1WPJsPSV1u4SvKh525Gypi ds6uZXPiYZau2Q3hi2HWhpRctSyZWP3DCKJh/cWfG9O/kVsJxg+nPDbldZOS4Ghq sO+QcH16nPAdDJz5dFDMp3SChgJBR42ynSXVtibX0oOC9Z4Lyix6EuNWNOMtJh49 DUCRkcRaEG9ffFWC2KBbVZZhJDc8fpihQP0pA8U2l14JqZBKAegdYqOX50DrDMdw /AzLzrSbvjfhLDXAKb07hfu9I5MFDSVEzwLPrROD9jhMKwcxq6w8fILxKGR0IADi NKgmEY/ePQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAd BgNVHQ4EFgQUYJHNox+QfonLQzkc1nPCZd8dASowEAYJKwYBBAGCNxUBBAMCAQAw DQYJKoZIhvcNAQEFBQADggEBACZQClL3/6qebCPcryb7AmmEioNzfPGRt/1bzEYW Kgm1GG2gza7HCiucGJvaZ0VUnWW/X/YtNJuqEDKyoyiCACwvsp/QGCjqtv/gedrO 0sXCw23uTTWs8oWmS2tT4ilc9FX0Gcq41KS40MFbbSrqDuoCbAOB8IrC78j6qBUK FHgs4rBh67Fzn7DZOgnIbhEl/Fgh1gfpX+1ldUeh3azx1bCpKH0f0Viqs8wWrGrC uB0lk54BgneRAOPeJWp2ZfDkDyjuYtqZB0wRE2o7wU4m+gRA7T9F3WyiueKWu4PX Pb51TbuJAVlN1zoXscuXSNzkYFDxd4r6PDuDYF4hmXjqO7E= -----END CERTIFICATE----- LEAF: -----BEGIN CERTIFICATE----- MIIFUTCCBDmgAwIBAgITHQAAAATxxD/uqD1cPwAAAAAABDANBgkqhkiG9w0BAQUF ADBqMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0 MRMwEQYKCZImiZPyLGQBGRYDYm9zMRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4G A1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAxNzAwNTBaFw0xNzAxMTkxNzAwNTBaMCUx CzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1DQVRTLU1TQ0VQLVJBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskLdYKcg6nqfcR1Esaxtcuf7mEW4V3/QfHuW 84jPnrIuqN04/fIRe2N0EajBVj5YKbPAnsTPasCUYOTEQm6x/nf0nQlz1sSu7Q04 wxTVHeIipNCmAa/NNzwKkXW25Lv6Y0N4h5QC0SaDc3Dre3GglmmLekxHRaelXsbr 9zcAsdW1C/5pcZCEvwRohuaPC9utNBwxr0MPGJsuim+hTXfMab8T1D3XvWL/8uPT wZWATylAJC5CLeQRB77EOkrip9URk3/8J62kjZ7WsFbcNOtC3SIHJUBozYcv2tzT 7Rd++Wqevyf4ycN+7MiAp8mk7il14Q99dOxetclUYO6HZxdlnQIDAQABo4ICMzCC Ai8wKQYJKwYBBAGCNxQCBBweGgBDAEUAUABFAG4AYwByAHkAcAB0AGkAbwBuMBUG A1UdJQQOMAwGCisGAQQBgjcUAgEwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSj cljfx7t241rUq23YBU0RANSpiDAfBgNVHSMEGDAWgBRgkc2jH5B+ictDORzWc8Jl 3x0BKjCB0AYDVR0fBIHIMIHFMIHCoIG/oIG8hoG5bGRhcDovLy9DTj1jYXRzLWNh LENOPWNhdHMsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Y2F0cyxEQz1ib3MsREM9cmVkaGF0 LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xh c3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccGCCsGAQUFBwEBBIG6MIG3MIG0Bggr BgEFBQcwAoaBp2xkYXA6Ly8vQ049Y2F0cy1jYSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1j YXRzLERDPWJvcyxEQz1yZWRoYXQsREM9Y29tP2NBQ2VydGlmaWNhdGU/YmFzZT9v YmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA A4IBAQBCOr7Zl+MQAvHR0RAXrqy0EP49HIo1IUgjY3Rx5Dvje5zSfkvd/C8ftpLc 5fJD2pBcnhy8rlG1upRwAxMKpofYu5Ul9MDnbpdZ33j9pdS2ZVT/TckwWEaW9IQn rXgnIFCbZnLTIi38ISgHIj6lenvk49nDF2a4fAG+FSRGGwh/eK7TiqB6EWIO+rL2 Qq+Y4++V+w5nz6vMQh087/b/1AX2GUQrrmzRtk+QIQZAT6EWTm1ye4RxkDJuzcoO Lq36M2ZukDd+hdhCS1iUjWTfubmbjYEsmn5NFQaLHd0/oP5YoXVJ+ET1A+5DQGuv Hq46MMroxN5L7Jhiu/Q9x3E6UJZv -----END CERTIFICATE----- 1: -----BEGIN CERTIFICATE----- MIIFYzCCBEugAwIBAgITHQAAAANgXaDHI7LEzAAAAAAAAzANBgkqhkiG9w0BAQUF ADBqMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0 MRMwEQYKCZImiZPyLGQBGRYDYm9zMRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4G A1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAxNzAwNTBaFw0xNzAxMTkxNzAwNTBaMCUx CzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1DQVRTLU1TQ0VQLVJBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1HPRNKcrL1p7ukeePb6J6ERlIj7pkghJ6vF 8s4axv9nCWiYiyTKjQKOcUdd0JBnR+kiBQ0D3R8Hlt6Lpepw011Fq6e0pLV3/TkG hlghs4S3E3yWLfPmxStKUwcOSuBftsGz3oHFcCFciPKpPHIdzix4H0hRIyvuAbt6 nYHJ5/6j8Q/9QgwnDWtz9IwzdT/kLRHTdp00B4twuGnvUo0gZ1V4/FOtlK+JOHYK 3F/nF3Zd3G5huVXnaUv4IYCVfzGmvuY+TDBXySbPMlZ9ProOw/w1pmD5EvSr45w7 3Qs02VERrmlumsRfHVClgZDpu7e0AMKzTY/JV2F0kqfyfLPP6QIDAQABo4ICRTCC AkEwOwYJKwYBBAGCNxQCBC4eLABFAG4AcgBvAGwAbABtAGUAbgB0AEEAZwBlAG4A dABPAGYAZgBsAGkAbgBlMBUGA1UdJQQOMAwGCisGAQQBgjcUAgEwDgYDVR0PAQH/ BAQDAgeAMB0GA1UdDgQWBBQ4+YLunQJ6VvBEBZIbvDq8uSBXOTAfBgNVHSMEGDAW gBRgkc2jH5B+ictDORzWc8Jl3x0BKjCB0AYDVR0fBIHIMIHFMIHCoIG/oIG8hoG5 bGRhcDovLy9DTj1jYXRzLWNhLENOPWNhdHMsQ049Q0RQLENOPVB1YmxpYyUyMEtl eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Y2F0 cyxEQz1ib3MsREM9cmVkaGF0LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccGCCsG AQUFBwEBBIG6MIG3MIG0BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049Y2F0cy1jYSxD Tj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049 Q29uZmlndXJhdGlvbixEQz1jYXRzLERDPWJvcyxEQz1yZWRoYXQsREM9Y29tP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y aXR5MA0GCSqGSIb3DQEBBQUAA4IBAQDbwjN+OpqCmTA7Jvc+SVa22lMgOkocRqHg FTxgs1wHFFzP+fRxJRWqAMC2+jfa5K9N/O/ftZa4tPJwahhH85HLhxX/xQlgbjq+ BDaVp27+sxMXTs7CFiKCm7pcUN+kZrDk9KpQbUchsjf405f32wh7hGpxW8YQvPkY 6XwxPHRU5o5xWaqB3rE2VxFJf47F2O8iZZOrgtF0rlbDMXfIahKw2vweWa3IQAZE SAIRO1wEYrabyn5nJPuGi4WvEdqYEOH0ohYaBNX6Z6CG4n0/20k422HxFsNA8fJ5 hkwu1JZ5HT4ZsguDFO1Ch6b1LQk7lCw7TyOJTg+5NrdcEzZ3O/mY -----END CERTIFICATE----- [other] TOP: LEAF: -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2Nh bGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAG A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT7+Ba zrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOHir1tUXIDZN2j+nF4 U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/fsoPhvKA6cBeWUWwpdtRn FjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwIDAQABMA0GCSqGSIb3DQEBCwUA A4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3QwJzjmXgwGUp5QryUIBZc9Kc5ceMUJ /Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5 aI7vbFEfB80Xd0O9O06ckxr7QBScWc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- [other2] TOP: LEAF: -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2Nh bGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAG A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT7+Ba zrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOHir1tUXIDZN2j+nF4 U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/fsoPhvKA6cBeWUWwpdtRn FjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwIDAQABMA0GCSqGSIb3DQEBCwUA A4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3QwJzjmXgwGUp5QryUIBZc9Kc5ceMUJ /Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5 aI7vbFEfB80Xd0O9O06ckxr7QBScWc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- [other3] TOP: LEAF: -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2Nh bGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAG A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT7+Ba zrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOHir1tUXIDZN2j+nF4 U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/fsoPhvKA6cBeWUWwpdtRn FjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwIDAQABMA0GCSqGSIb3DQEBCwUA A4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3QwJzjmXgwGUp5QryUIBZc9Kc5ceMUJ /Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5 aI7vbFEfB80Xd0O9O06ckxr7QBScWc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- [bundle] TOP: LEAF: 1: -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2Nh bGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAG A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT7+Ba zrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOHir1tUXIDZN2j+nF4 U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/fsoPhvKA6cBeWUWwpdtRn FjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwIDAQABMA0GCSqGSIb3DQEBCwUA A4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3QwJzjmXgwGUp5QryUIBZc9Kc5ceMUJ /Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5 aI7vbFEfB80Xd0O9O06ckxr7QBScWc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- 2: -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2Nh bGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAG A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC88Y0X CyeM/Q32FPZzASZCvnc7/8c1APYUpnI458WL2NEnQARuN+JRuDMCRxfhyplNxBwY IYGF1ufjjH7tk3Yap+g5b3cZ0054/45FOZvOJ9TdjWLWGMQPBrtDleqR9IsL5hZc riAPm3lh6F0uqtAnpNo5OV3OtxPStE5DzX02RQIDAQABMA0GCSqGSIb3DQEBCwUA A4GBAGWOrfPaXb3JH9EYl2H0mxw4camJSKfpDDfdEGzfbnmaQwQ1M/rtLGb6/sLj DqlRPATPtQOIaH1MPGNvE0nO/m4Hg7gE2QiSkoqEPrwAVFMvGtiyFnXa/LMa2Kzs umCWvvu9E12n0jz7hSnEdgF5qYtIUtiKBX9jNzQZeC/b2L+v -----END CERTIFICATE----- Decrypted CSR: MIIBwjCCASsCAQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQC394oITlJchLbXLUAYJ+IGpvr3YfyQlQb3u95p3s0gEemx/+Dy3ViJW7WhMuc/FHJSV5gh LflkTRLfUdS18LGBkfkREBJVWfELhgm5ZHqiGzCvTmg01tgvouKj+8kFNJIaWsEm8mBaSoJzk8+v OQsnXjrZAKAFY7WrVryilh4cQQIDAQABoG4wKwYJKoZIhvcNAQkUMR4eHAAyADAAMQA1ADAAMQAy ADIAMgAzADIANQAxADMwPwYJKoZIhvcNAQkOMTIwMDAMBgNVHRMBAf8EAjAAMCAGA1UdDgEBAAQW BBQfjVS9H0rXGb4SFB9bkzTpHHUH2jANBgkqhkiG9w0BAQsFAAOBgQAliHNkTQ35679h9RWudkBB n5aRnp+AoRPVyPMoqr8vl4SyrMiqg+U71hbju5fEnrFi8kDHYgq0otbbrjLR8fyXjJzhoUgY1two mdFeLvfd1Dk2DClEKGqye8rTQaatL3tq29NjqASSge1zc9gcIfqK9dgYShx5Iy0Rshend17aBw== Encoded issuer-and-subject: MCwwFDESMBAGA1UEAxMJbG9jYWxob3N0MBQxEjAQBgNVBAMTCWxvY2FsaG9zdA== Decrypted issuer-and-subject: MCwwFDESMBAGA1UEAxMJbG9jYWxob3N0MBQxEjAQBgNVBAMTCWxvY2FsaG9zdA== Encrypted plaintext, OpenSSL key: payload:VGhpcyBpcyBzb21lIHBsYWludGV4dC4NCg== Encrypted plaintext, NSS key: pk12util: PKCS12 IMPORT SUCCESSFUL payload:VGhpcyBpcyBzb21lIHBsYWludGV4dC4NCg== certmonger-0.79.19/tests/031-pkcs7/prequal.sh0000755000175000017500000000014114511314133020130 0ustar gitgit00000000000000#!/bin/bash test -x $toolsdir/pk7parse && test -x $toolsdir/pk7env && test -x $toolsdir/addcinfo certmonger-0.79.19/tests/031-pkcs7/run.sh0000755000175000017500000003452414511314133017277 0ustar gitgit00000000000000#!/bin/bash cd "$tmpdir" source "$srcdir"/functions initnssdb "$tmpdir" base64 -i -d > dercert << EOF MIIFYzCCBEugAwIBAgITHQAAAANgXaDHI7LEzAAAAAAAAzANBgkqhkiG9w0BAQUF ADBqMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0 MRMwEQYKCZImiZPyLGQBGRYDYm9zMRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4G A1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAxNzAwNTBaFw0xNzAxMTkxNzAwNTBaMCUx CzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1DQVRTLU1TQ0VQLVJBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1HPRNKcrL1p7ukeePb6J6ERlIj7pkghJ6vF 8s4axv9nCWiYiyTKjQKOcUdd0JBnR+kiBQ0D3R8Hlt6Lpepw011Fq6e0pLV3/TkG hlghs4S3E3yWLfPmxStKUwcOSuBftsGz3oHFcCFciPKpPHIdzix4H0hRIyvuAbt6 nYHJ5/6j8Q/9QgwnDWtz9IwzdT/kLRHTdp00B4twuGnvUo0gZ1V4/FOtlK+JOHYK 3F/nF3Zd3G5huVXnaUv4IYCVfzGmvuY+TDBXySbPMlZ9ProOw/w1pmD5EvSr45w7 3Qs02VERrmlumsRfHVClgZDpu7e0AMKzTY/JV2F0kqfyfLPP6QIDAQABo4ICRTCC AkEwOwYJKwYBBAGCNxQCBC4eLABFAG4AcgBvAGwAbABtAGUAbgB0AEEAZwBlAG4A dABPAGYAZgBsAGkAbgBlMBUGA1UdJQQOMAwGCisGAQQBgjcUAgEwDgYDVR0PAQH/ BAQDAgeAMB0GA1UdDgQWBBQ4+YLunQJ6VvBEBZIbvDq8uSBXOTAfBgNVHSMEGDAW gBRgkc2jH5B+ictDORzWc8Jl3x0BKjCB0AYDVR0fBIHIMIHFMIHCoIG/oIG8hoG5 bGRhcDovLy9DTj1jYXRzLWNhLENOPWNhdHMsQ049Q0RQLENOPVB1YmxpYyUyMEtl eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Y2F0 cyxEQz1ib3MsREM9cmVkaGF0LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccGCCsG AQUFBwEBBIG6MIG3MIG0BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049Y2F0cy1jYSxD Tj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049 Q29uZmlndXJhdGlvbixEQz1jYXRzLERDPWJvcyxEQz1yZWRoYXQsREM9Y29tP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y aXR5MA0GCSqGSIb3DQEBBQUAA4IBAQDbwjN+OpqCmTA7Jvc+SVa22lMgOkocRqHg FTxgs1wHFFzP+fRxJRWqAMC2+jfa5K9N/O/ftZa4tPJwahhH85HLhxX/xQlgbjq+ BDaVp27+sxMXTs7CFiKCm7pcUN+kZrDk9KpQbUchsjf405f32wh7hGpxW8YQvPkY 6XwxPHRU5o5xWaqB3rE2VxFJf47F2O8iZZOrgtF0rlbDMXfIahKw2vweWa3IQAZE SAIRO1wEYrabyn5nJPuGi4WvEdqYEOH0ohYaBNX6Z6CG4n0/20k422HxFsNA8fJ5 hkwu1JZ5HT4ZsguDFO1Ch6b1LQk7lCw7TyOJTg+5NrdcEzZ3O/mY EOF base64 -i -d > derpkcs7 << EOF MIIOmgYJKoZIhvcNAQcCoIIOizCCDocCAQExADALBgkqhkiG9w0BBwGggg5vMIIFYzCCBEugAwIB AgITHQAAAANgXaDHI7LEzAAAAAAAAzANBgkqhkiG9w0BAQUFADBqMRMwEQYKCZImiZPyLGQBGRYD Y29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0MRMwEQYKCZImiZPyLGQBGRYDYm9zMRQwEgYKCZIm iZPyLGQBGRYEY2F0czEQMA4GA1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAxNzAwNTBaFw0xNzAxMTkx NzAwNTBaMCUxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1DQVRTLU1TQ0VQLVJBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1HPRNKcrL1p7ukeePb6J6ERlIj7pkghJ6vF8s4axv9nCWiY iyTKjQKOcUdd0JBnR+kiBQ0D3R8Hlt6Lpepw011Fq6e0pLV3/TkGhlghs4S3E3yWLfPmxStKUwcO SuBftsGz3oHFcCFciPKpPHIdzix4H0hRIyvuAbt6nYHJ5/6j8Q/9QgwnDWtz9IwzdT/kLRHTdp00 B4twuGnvUo0gZ1V4/FOtlK+JOHYK3F/nF3Zd3G5huVXnaUv4IYCVfzGmvuY+TDBXySbPMlZ9ProO w/w1pmD5EvSr45w73Qs02VERrmlumsRfHVClgZDpu7e0AMKzTY/JV2F0kqfyfLPP6QIDAQABo4IC RTCCAkEwOwYJKwYBBAGCNxQCBC4eLABFAG4AcgBvAGwAbABtAGUAbgB0AEEAZwBlAG4AdABPAGYA ZgBsAGkAbgBlMBUGA1UdJQQOMAwGCisGAQQBgjcUAgEwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQW BBQ4+YLunQJ6VvBEBZIbvDq8uSBXOTAfBgNVHSMEGDAWgBRgkc2jH5B+ictDORzWc8Jl3x0BKjCB 0AYDVR0fBIHIMIHFMIHCoIG/oIG8hoG5bGRhcDovLy9DTj1jYXRzLWNhLENOPWNhdHMsQ049Q0RQ LENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24s REM9Y2F0cyxEQz1ib3MsREM9cmVkaGF0LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0 P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccGCCsGAQUFBwEBBIG6MIG3 MIG0BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049Y2F0cy1jYSxDTj1BSUEsQ049UHVibGljJTIwS2V5 JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jYXRzLERDPWJvcyxE Qz1yZWRoYXQsREM9Y29tP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0 aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQDbwjN+OpqCmTA7Jvc+SVa22lMgOkocRqHg FTxgs1wHFFzP+fRxJRWqAMC2+jfa5K9N/O/ftZa4tPJwahhH85HLhxX/xQlgbjq+BDaVp27+sxMX Ts7CFiKCm7pcUN+kZrDk9KpQbUchsjf405f32wh7hGpxW8YQvPkY6XwxPHRU5o5xWaqB3rE2VxFJ f47F2O8iZZOrgtF0rlbDMXfIahKw2vweWa3IQAZESAIRO1wEYrabyn5nJPuGi4WvEdqYEOH0ohYa BNX6Z6CG4n0/20k422HxFsNA8fJ5hkwu1JZ5HT4ZsguDFO1Ch6b1LQk7lCw7TyOJTg+5NrdcEzZ3 O/mYMIIFUTCCBDmgAwIBAgITHQAAAATxxD/uqD1cPwAAAAAABDANBgkqhkiG9w0BAQUFADBqMRMw EQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0MRMwEQYKCZImiZPyLGQB GRYDYm9zMRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4GA1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAx NzAwNTBaFw0xNzAxMTkxNzAwNTBaMCUxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1DQVRTLU1TQ0VQ LVJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskLdYKcg6nqfcR1Esaxtcuf7mEW4 V3/QfHuW84jPnrIuqN04/fIRe2N0EajBVj5YKbPAnsTPasCUYOTEQm6x/nf0nQlz1sSu7Q04wxTV HeIipNCmAa/NNzwKkXW25Lv6Y0N4h5QC0SaDc3Dre3GglmmLekxHRaelXsbr9zcAsdW1C/5pcZCE vwRohuaPC9utNBwxr0MPGJsuim+hTXfMab8T1D3XvWL/8uPTwZWATylAJC5CLeQRB77EOkrip9UR k3/8J62kjZ7WsFbcNOtC3SIHJUBozYcv2tzT7Rd++Wqevyf4ycN+7MiAp8mk7il14Q99dOxetclU YO6HZxdlnQIDAQABo4ICMzCCAi8wKQYJKwYBBAGCNxQCBBweGgBDAEUAUABFAG4AYwByAHkAcAB0 AGkAbwBuMBUGA1UdJQQOMAwGCisGAQQBgjcUAgEwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSj cljfx7t241rUq23YBU0RANSpiDAfBgNVHSMEGDAWgBRgkc2jH5B+ictDORzWc8Jl3x0BKjCB0AYD VR0fBIHIMIHFMIHCoIG/oIG8hoG5bGRhcDovLy9DTj1jYXRzLWNhLENOPWNhdHMsQ049Q0RQLENO PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9 Y2F0cyxEQz1ib3MsREM9cmVkaGF0LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccGCCsGAQUFBwEBBIG6MIG3MIG0 BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049Y2F0cy1jYSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIw U2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jYXRzLERDPWJvcyxEQz1y ZWRoYXQsREM9Y29tP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9u QXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBCOr7Zl+MQAvHR0RAXrqy0EP49HIo1IUgjY3Rx 5Dvje5zSfkvd/C8ftpLc5fJD2pBcnhy8rlG1upRwAxMKpofYu5Ul9MDnbpdZ33j9pdS2ZVT/Tckw WEaW9IQnrXgnIFCbZnLTIi38ISgHIj6lenvk49nDF2a4fAG+FSRGGwh/eK7TiqB6EWIO+rL2Qq+Y 4++V+w5nz6vMQh087/b/1AX2GUQrrmzRtk+QIQZAT6EWTm1ye4RxkDJuzcoOLq36M2ZukDd+hdhC S1iUjWTfubmbjYEsmn5NFQaLHd0/oP5YoXVJ+ET1A+5DQGuvHq46MMroxN5L7Jhiu/Q9x3E6UJZv MIIDrzCCApegAwIBAgIQcfwiT1pZpoNOkPWmM0Ix9jANBgkqhkiG9w0BAQUFADBqMRMwEQYKCZIm iZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVkaGF0MRMwEQYKCZImiZPyLGQBGRYDYm9z MRQwEgYKCZImiZPyLGQBGRYEY2F0czEQMA4GA1UEAxMHY2F0cy1jYTAeFw0xNTAxMjAxNjQ5Mjla Fw0yMDAxMjAxNjU5MjlaMGoxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZy ZWRoYXQxEzARBgoJkiaJk/IsZAEZFgNib3MxFDASBgoJkiaJk/IsZAEZFgRjYXRzMRAwDgYDVQQD EwdjYXRzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OyoxZGu3tQXQwR9fCqI Z8NSURIGXdG9r6jdp33iJxqYItKlMF4l2z1WPJsPSV1u4SvKh525Gypids6uZXPiYZau2Q3hi2HW hpRctSyZWP3DCKJh/cWfG9O/kVsJxg+nPDbldZOS4GhqsO+QcH16nPAdDJz5dFDMp3SChgJBR42y nSXVtibX0oOC9Z4Lyix6EuNWNOMtJh49DUCRkcRaEG9ffFWC2KBbVZZhJDc8fpihQP0pA8U2l14J qZBKAegdYqOX50DrDMdw/AzLzrSbvjfhLDXAKb07hfu9I5MFDSVEzwLPrROD9jhMKwcxq6w8fILx KGR0IADiNKgmEY/ePQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUYJHNox+QfonLQzkc1nPCZd8dASowEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF BQADggEBACZQClL3/6qebCPcryb7AmmEioNzfPGRt/1bzEYWKgm1GG2gza7HCiucGJvaZ0VUnWW/ X/YtNJuqEDKyoyiCACwvsp/QGCjqtv/gedrO0sXCw23uTTWs8oWmS2tT4ilc9FX0Gcq41KS40MFb bSrqDuoCbAOB8IrC78j6qBUKFHgs4rBh67Fzn7DZOgnIbhEl/Fgh1gfpX+1ldUeh3azx1bCpKH0f 0Viqs8wWrGrCuB0lk54BgneRAOPeJWp2ZfDkDyjuYtqZB0wRE2o7wU4m+gRA7T9F3WyiueKWu4PX Pb51TbuJAVlN1zoXscuXSNzkYFDxd4r6PDuDYF4hmXjqO7ExAA== EOF cat > bundle << EOF [!p[?3;4l> -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOHir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/fsoPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3QwJzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBScWc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- Blah blah blah. -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFowFDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC88Y0XCyeM/Q32FPZzASZCvnc7/8c1APYUpnI458WL2NEnQARuN+JRuDMCRxfhyplNxBwYIYGF1ufjjH7tk3Yap+g5b3cZ0054/45FOZvOJ9TdjWLWGMQPBrtDleqR9IsL5hZcriAPm3lh6F0uqtAnpNo5OV3OtxPStE5DzX02RQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAGWOrfPaXb3JH9EYl2H0mxw4camJSKfpDDfdEGzfbnmaQwQ1M/rtLGb6/sLjDqlRPATPtQOIaH1MPGNvE0nO/m4Hg7gE2QiSkoqEPrwAVFMvGtiyFnXa/LMa2KzsumCWvvu9E12n0jz7hSnEdgF5qYtIUtiKBX9jNzQZeC/b2L+v -----END CERTIFICATE----- Blah blah blah. EOF cat > recipient << EOF -----BEGIN CERTIFICATE----- MIIB0TCCATqgAwIBAgICEjUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJbG9j YWxob3N0MB4XDTcwMDEwMTExMTExMVoXDTcxMDEwMTExMTExMVowFDESMBAGA1UE AxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC394oITlJc hLbXLUAYJ+IGpvr3YfyQlQb3u95p3s0gEemx/+Dy3ViJW7WhMuc/FHJSV5ghLflk TRLfUdS18LGBkfkREBJVWfELhgm5ZHqiGzCvTmg01tgvouKj+8kFNJIaWsEm8mBa SoJzk8+vOQsnXjrZAKAFY7WrVryilh4cQQIDAQABozIwMDAMBgNVHRMBAf8EAjAA MCAGA1UdDgEBAAQWBBQfjVS9H0rXGb4SFB9bkzTpHHUH2jANBgkqhkiG9w0BAQsF AAOBgQCt6xbyri3BobQUPQmN7ROc3mveMSfMyOwBSTDjl2XIWV98HjVLWRjScbg7 KW6z8W7iaasSDF7GWM2YqWaanWx5XwzayNUvIX3gHKqo+OwHo5QUfawtEV5Niop1 N4nZp1GMclRuk9UFXLV2NfaohRPYs7FVdBVtWNvg7hH8XedLyw== -----END CERTIFICATE----- EOF cat > key << EOF -----BEGIN PRIVATE KEY----- MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALf3ighOUlyEttct QBgn4gam+vdh/JCVBve73mnezSAR6bH/4PLdWIlbtaEy5z8UclJXmCEt+WRNEt9R 1LXwsYGR+REQElVZ8QuGCblkeqIbMK9OaDTW2C+i4qP7yQU0khpawSbyYFpKgnOT z685CydeOtkAoAVjtatWvKKWHhxBAgMBAAECgYBowoXQBQnRtaGJFzOQjeWgdCYm CZ6RlsvI9yrIjx+wS4MQ4e1vX6yzS446pYoZ2cLgMRFok42ZGGrO0QKYOOBbOE1c fS7FGddn/8KENW8w2kxRI2pxFXQuHBWuWdkoArhZOPxL4O+xg9dAvrwxy2pOBvpr veZ/8siYc49ki69hgQJBAO5WSjDQ2M0aVfZOwCKm7+0tVeC6ZGS4MPH/h1oQNfSk oB1Pbc9i/gR7M5690i9eqGvr98kGGSvlvKC6LGqgT5UCQQDFmb6DbLa3HiVn7W7b u53rhZpnghn7OdFATxeyMDVnU6GFye5+8EhwVUDLVF7S7v8hOYOYY3HjkpzqhxkT 7B79AkBlTpZwk4VkASrC7Ixs7kqTpS6YvIHJ8iUT6ErPNI7Ks2M/sjB585kHrJqv gf4ilni+jumfMBFpAFkidKBGnmfVAkAqKom1/9/pqZwv1kHez+V+Gc9+IQwsSQU3 JOmYk6MBvp3sL9Ad9GZw2jBucz2c43U8AMrtHONzvZiQj22xi6R9AkAYfAWQHEkc 1BQ/aKNIfymCkV/1mNcOlm6OE6jy8gJitMzFd8OrpokwGIQpTjKCMQwDtWbRouYE GcR9Xs1JgYLI -----END PRIVATE KEY----- EOF cat > csr << EOF -----BEGIN NEW CERTIFICATE REQUEST----- MIIBwjCCASsCAQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC394oITlJchLbXLUAYJ+IGpvr3YfyQlQb3u95p3s0gEemx /+Dy3ViJW7WhMuc/FHJSV5ghLflkTRLfUdS18LGBkfkREBJVWfELhgm5ZHqiGzCv Tmg01tgvouKj+8kFNJIaWsEm8mBaSoJzk8+vOQsnXjrZAKAFY7WrVryilh4cQQID AQABoG4wKwYJKoZIhvcNAQkUMR4eHAAyADAAMQA1ADAAMQAyADIAMgAzADIANQAx ADMwPwYJKoZIhvcNAQkOMTIwMDAMBgNVHRMBAf8EAjAAMCAGA1UdDgEBAAQWBBQf jVS9H0rXGb4SFB9bkzTpHHUH2jANBgkqhkiG9w0BAQsFAAOBgQAliHNkTQ35679h 9RWudkBBn5aRnp+AoRPVyPMoqr8vl4SyrMiqg+U71hbju5fEnrFi8kDHYgq0otbb rjLR8fyXjJzhoUgY1twomdFeLvfd1Dk2DClEKGqye8rTQaatL3tq29NjqASSge1z c9gcIfqK9dgYShx5Iy0Rshend17aBw== -----END NEW CERTIFICATE REQUEST----- EOF cat > other << EOF -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- EOF cat > other2 << EOF -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- EOF cat > other3 << EOF -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 EOF echo -n -----END CERTIFICATE----- >> other3 cat > plain << EOF This is some plaintext. EOF cat > entry.openssl << EOF id=Test key_storage_type=FILE key_storage_location=key EOF cat > entry.nss << EOF id=Test key_storage_type=NSSDB key_storage_location=$tmpdir cert_storage_type=NSSDB cert_storage_location=$tmpdir minicert=-----BEGIN CERTIFICATE----- MIIB0TCCATqgAwIBAgICEjUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAxMJbG9j YWxob3N0MB4XDTcwMDEwMTExMTExMVoXDTcxMDEwMTExMTExMVowFDESMBAGA1UE AxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC394oITlJc hLbXLUAYJ+IGpvr3YfyQlQb3u95p3s0gEemx/+Dy3ViJW7WhMuc/FHJSV5ghLflk TRLfUdS18LGBkfkREBJVWfELhgm5ZHqiGzCvTmg01tgvouKj+8kFNJIaWsEm8mBa SoJzk8+vOQsnXjrZAKAFY7WrVryilh4cQQIDAQABozIwMDAMBgNVHRMBAf8EAjAA MCAGA1UdDgEBAAQWBBQfjVS9H0rXGb4SFB9bkzTpHHUH2jANBgkqhkiG9w0BAQsF AAOBgQCt6xbyri3BobQUPQmN7ROc3mveMSfMyOwBSTDjl2XIWV98HjVLWRjScbg7 KW6z8W7iaasSDF7GWM2YqWaanWx5XwzayNUvIX3gHKqo+OwHo5QUfawtEV5Niop1 N4nZp1GMclRuk9UFXLV2NfaohRPYs7FVdBVtWNvg7hH8XedLyw== -----END CERTIFICATE----- EOF $toolsdir/pk7parse dercert $toolsdir/pk7parse derpkcs7 $toolsdir/pk7parse other $toolsdir/pk7parse other2 $toolsdir/pk7parse other3 $toolsdir/pk7parse bundle echo Decrypted CSR: $toolsdir/pk7env recipient csr | base64 -i -d | openssl smime -inform der -decrypt -inkey key recipient -binary | base64 echo Encoded issuer-and-subject: $toolsdir/pk7env recipient recipient recipient | head -n 1 echo Decrypted issuer-and-subject: $toolsdir/pk7env recipient recipient recipient | tail -n 1 | base64 -i -d | openssl smime -inform der -decrypt -inkey key recipient | base64 echo Encrypted plaintext, OpenSSL key: openssl smime -in plain -outform der -encrypt recipient | $toolsdir/pk7decrypt entry.openssl echo Encrypted plaintext, NSS key: openssl pkcs12 -export -name testy -inkey key -in recipient -out p12 -passout pass:foo pk12util -i p12 -d "$tmpdir" -W foo certutil -d "$tmpdir" -D -n testy openssl smime -in plain -outform der -encrypt recipient | $toolsdir/pk7decrypt entry.nss certmonger-0.79.19/tests/032-chain/0000755000175000017500000000000014511314133016160 5ustar gitgit00000000000000certmonger-0.79.19/tests/032-chain/expected.out0000644000175000017500000000000314511314133020503 0ustar gitgit00000000000000OK certmonger-0.79.19/tests/032-chain/run.sh0000755000175000017500000000245614511314133017332 0ustar gitgit00000000000000#!/bin/bash cd "$tmpdir" $srcdir/tools/cachain.sh 5 2> /dev/null for c0 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do for c1 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do if test $c1 = $c0 ; then continue fi for c2 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do if test $c2 = $c0 -o $c2 = $c1 ; then continue fi for c3 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do if test $c3 = $c0 -o $c3 = $c1 -o $c3 = $c2 ; then continue fi for c4 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do if test $c4 = $c0 -o $c4 = $c1 -o $c4 = $c2 -o $c4 = $c3 ; then continue fi for c5 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do if test $c5 = $c0 -o $c5 = $c1 -o $c5 = $c2 -o $c5 = $c3 -o $c5 = $c4 ; then continue fi for c6 in ca0 ca1 ca2 ca3 ca4 ca5 ee ; do if test $c6 = $c0 -o $c6 = $c1 -o $c6 = $c2 -o $c6 = $c3 -o $c6 = $c4 -o $c6 = $c5 ; then continue fi echo "["$c0.crt,$c1.crt,$c2.crt,$c3.crt,$c4.crt,$c5.crt,$c6.crt"]" > expected echo "TOP:" >> expected cat ca0.crt >> expected echo "LEAF:" >> expected cat ee.crt >> expected j=1 for cert in ca5 ca4 ca3 ca2 ca1 ; do echo $j":" >> expected cat $cert.crt >> expected j=$((j+1)) done $toolsdir/pk7parse $c0.crt $c1.crt $c2.crt $c3.crt $c4.crt $c5.crt $c6.crt > actual if ! cmp actual expected ; then echo Order is wrong with $c0.crt,$c1.crt,$c2.crt,$c3.crt,$c4.crt,$c5.crt,$c6.crt. exit 1 fi done done done done done done done echo OK exit 0 certmonger-0.79.19/tests/033-scep/0000755000175000017500000000000014511314133016031 5ustar gitgit00000000000000certmonger-0.79.19/tests/033-scep/expected.out0000644000175000017500000000044614511314133020367 0ustar gitgit00000000000000[req, no trust root] OK [gic, no trust root] OK [req, self root] OK [gic, self root] OK [req, old root] OK [gic, old trust root] OK [req next, no trust root] OK [gic next, no trust root] OK [req next, self root] OK [gic next, self root] OK [req next, old root] OK [gic next, old trust root] OK certmonger-0.79.19/tests/033-scep/run.sh0000755000175000017500000001325114511314133017176 0ustar gitgit00000000000000#!/bin/bash cd "$tmpdir" SCEP_MSGTYPE_PKCSREQ="19" SCEP_MSGTYPE_CERTREP="3" SCEP_MSGTYPE_GETCERTINITIAL="20" SCEP_MSGTYPE_GETCERT="21" SCEP_MSGTYPE_GETCRL="22" CERTMONGER_CONFIG_DIR="$tmpdir" export CERTMONGER_CONFIG_DIR $srcdir/tools/cachain.sh 0 2> /dev/null cat > ca << EOF id=SCEP ca_type=EXTERNAL ca_capabilities=Renewal,SHA-512,SHA-256,SHA-1,DES3 EOF var="ca_encryption_cert=" cat ca0.crt | while read line ; do echo "$var""$line" >> ca var=" " done openssl genrsa -out ee.key.next.key 2> /dev/null cat > entry << EOF id=Test ca_name=SelfSign state=NEED_KEY_PAIR key_storage_type=FILE key_storage_location=$tmpdir/ee.key key_next_marker=next cert_storage_type=FILE cert_storage_location=$tmpdir/ee.crt notification_method=STDOUT EOF $toolsdir/certread entry > /dev/null $toolsdir/csrgen entry > /dev/null $toolsdir/scepgen ca entry > scepdata echo -----BEGIN CERTIFICATE----- > mini.crt minicert=`grep ^minicert: scepdata | cut -f2- -d:` while test -n "$minicert" ; do line=`echo "$minicert" | cut -c-60` minicert=`echo "$minicert" | cut -c61-` echo $line >> mini.crt done echo -----END CERTIFICATE----- >> mini.crt check_failed() { if ! grep -q "^verify failed$" results ; then echo expected signature verification to fail, but it did not: cat results exit 1 fi } check_verified() { if ! grep -q "^verify passed$" results ; then echo expected signature verification to succeed, but it did not: cat results exit 1 fi } set_digest() { cat > $CERTMONGER_CONFIG_DIR/certmonger.conf <<- EOF [defaults] digest = $1 notification_method = stdout [selfsign] validity_period = 1d EOF } check_digest() { digest=`grep ^digest: results | cut -f2 -d:` if test $digest != $1 ; then echo expected digest $1, got "$digest": cat results fi } check_msgtype() { msgtype=`grep ^msgtype: results | cut -f2 -d:` if test $msgtype -ne $1 ; then echo expected message type $1, got "$msgtype": cat results fi } check_txid() { original=`grep ^tx: scepdata | cut -f2 -d:` parsed=`grep ^tx: results | cut -f2 -d:` if test "$original" != "$parsed" ; then echo expected tx id "$original", got "$parsed": cat results fi } check_nonce() { original=`grep ^nonce: scepdata | cut -f2 -d:` parsed=`grep ^snonce: results | cut -f2 -d:` if test "$original" != "$parsed" ; then echo expected nonce "$original", got "$parsed": cat results fi } set_digest sha256 $toolsdir/scepgen ca entry > scepdata echo "[req, no trust root]" if test x`grep ^req: scepdata | cut -f2- -d:` = x ; then echo missing req fi grep ^req: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify ee.crt 2>&1 > results 2>&1 check_failed echo OK echo "[gic, no trust root]" if test x`grep ^gic: scepdata | cut -f2- -d:` = x ; then echo missing gic fi grep ^gic: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify ee.crt 2>&1 > results 2>&1 check_failed echo OK echo "[req, self root]" if test x`grep ^req: scepdata | cut -f2- -d:` = x ; then echo missing req fi grep ^req: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r mini.crt ee.crt 2>&1 > results 2>&1 check_failed echo OK echo "[gic, self root]" if test x`grep ^gic: scepdata | cut -f2- -d:` = x ; then echo missing gic fi grep ^gic: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r mini.crt ee.crt 2>&1 > results 2>&1 check_failed echo OK echo "[req, old root]" set_digest sha256 $toolsdir/scepgen ca entry > scepdata if test x`grep ^req: scepdata | cut -f2- -d:` = x ; then echo missing req fi grep ^req: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r ca0.crt ee.crt 2>&1 > results 2>&1 check_verified check_msgtype $SCEP_MSGTYPE_PKCSREQ check_txid check_nonce check_digest sha256 echo OK echo "[gic, old trust root]" set_digest sha256 $toolsdir/scepgen ca entry > scepdata if test x`grep ^gic: scepdata | cut -f2- -d:` = x ; then echo missing gic fi grep ^gic: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r ca0.crt ee.crt 2>&1 > results 2>&1 check_verified check_msgtype $SCEP_MSGTYPE_GETCERTINITIAL check_txid check_nonce check_digest sha256 echo OK echo "[req next, no trust root]" if test x`grep ^req.next.: scepdata | cut -f2- -d:` = x ; then echo missing req.next fi grep ^req.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify ee.crt > results 2>&1 check_failed echo OK echo "[gic next, no trust root]" if test x`grep ^gic.next.: scepdata | cut -f2- -d:` = x ; then echo missing gic.next fi grep ^gic.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify ee.crt > results 2>&1 check_failed echo OK echo "[req next, self root]" set_digest sha256 $toolsdir/scepgen ca entry > scepdata if test x`grep ^req.next.: scepdata | cut -f2- -d:` = x ; then echo missing req.next fi grep ^req.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r mini.crt ee.crt > results 2>&1 check_verified check_msgtype $SCEP_MSGTYPE_PKCSREQ check_txid check_nonce check_digest sha256 echo OK echo "[gic next, self root]" if test x`grep ^gic.next.: scepdata | cut -f2- -d:` = x ; then echo missing gic.next fi grep ^gic.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r mini.crt ee.crt > results 2>&1 check_verified check_msgtype $SCEP_MSGTYPE_GETCERTINITIAL check_txid check_nonce echo OK echo "[req next, old root]" if test x`grep ^req.next.: scepdata | cut -f2- -d:` = x ; then echo missing req.next fi grep ^req.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r ca0.crt ee.crt > results 2>&1 check_failed echo OK echo "[gic next, old trust root]" if test x`grep ^gic.next.: scepdata | cut -f2- -d:` = x ; then echo missing gic.next fi grep ^gic.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r ca0.crt ee.crt > results 2>&1 check_failed echo OK certmonger-0.79.19/tests/034-perms-dbm/0000755000175000017500000000000014511314133016766 5ustar gitgit00000000000000certmonger-0.79.19/tests/034-perms-dbm/expected.out0000644000175000017500000000473714511314133021333 0ustar gitgit00000000000000[start] [keygen] $owner:$group|0620|ee.key [reset] $owner:$group|0755|ee.key [csrgen] $owner:$group|0620|ee.key [reset] $owner:$group|0755|ee.key [submit] $owner:$group|0755|ee.key [reset] $owner:$group|0755|ee.key [save] $owner:$group|0662|ee.crt $owner:$group|0620|ee.key [rekey:start] [rekey:keygen] $owner:$group|0620|ee.key [rekey:reset] $owner:$group|0755|ee.key [rekey:rekey] $owner:$group|0755|ee.key $owner:$group|0620|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:csrgen] $owner:$group|0755|ee.key $owner:$group|0620|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:submit] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:save] $owner:$group|0662|ee.crt $owner:$group|0620|ee.key [dbm:start] [dbm:keygen] $owner:$group|0600|cert8.db $owner:$group|0620|key3.db $owner:$group|0600|secmod.db [dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:csrgen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db $owner:$group|0755|secmod.db [dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:submit] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:save] $owner:$group|0662|cert8.db $owner:$group|0620|key3.db $owner:$group|0662|secmod.db [rekey:dbm:start] [rekey:dbm:keygen] $owner:$group|0600|cert8.db $owner:$group|0620|key3.db $owner:$group|0600|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:keygen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db $owner:$group|0755|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:csrgen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db $owner:$group|0755|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:submit] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:save] $owner:$group|0662|cert8.db $owner:$group|0620|key3.db $owner:$group|0662|secmod.db OK certmonger-0.79.19/tests/034-perms-dbm/run.sh0000755000175000017500000000007014511314133020126 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=dbm: ../034-perms/run.sh certmonger-0.79.19/tests/034-perms-sql/0000755000175000017500000000000014511314133017023 5ustar gitgit00000000000000certmonger-0.79.19/tests/034-perms-sql/expected.out0000644000175000017500000000475714511314133021372 0ustar gitgit00000000000000[start] [keygen] $owner:$group|0620|ee.key [reset] $owner:$group|0755|ee.key [csrgen] $owner:$group|0620|ee.key [reset] $owner:$group|0755|ee.key [submit] $owner:$group|0755|ee.key [reset] $owner:$group|0755|ee.key [save] $owner:$group|0662|ee.crt $owner:$group|0620|ee.key [rekey:start] [rekey:keygen] $owner:$group|0620|ee.key [rekey:reset] $owner:$group|0755|ee.key [rekey:rekey] $owner:$group|0755|ee.key $owner:$group|0620|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:csrgen] $owner:$group|0755|ee.key $owner:$group|0620|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:submit] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:save] $owner:$group|0662|ee.crt $owner:$group|0620|ee.key [sql:start] [sql:keygen] $owner:$group|0600|cert9.db $owner:$group|0620|key4.db $owner:$group|0600|pkcs11.txt [sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [sql:csrgen] $owner:$group|0755|cert9.db $owner:$group|0620|key4.db $owner:$group|0755|pkcs11.txt [sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [sql:submit] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [sql:save] $owner:$group|0662|cert9.db $owner:$group|0620|key4.db $owner:$group|0662|pkcs11.txt [rekey:sql:start] [rekey:sql:keygen] $owner:$group|0600|cert9.db $owner:$group|0620|key4.db $owner:$group|0600|pkcs11.txt [rekey:sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:keygen] $owner:$group|0755|cert9.db $owner:$group|0620|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:csrgen] $owner:$group|0755|cert9.db $owner:$group|0620|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:submit] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:reset] $owner:$group|0755|cert9.db $owner:$group|0755|key4.db $owner:$group|0755|pkcs11.txt [rekey:sql:save] $owner:$group|0662|cert9.db $owner:$group|0620|key4.db $owner:$group|0662|pkcs11.txt OK certmonger-0.79.19/tests/034-perms-sql/run.sh0000755000175000017500000000007014511314133020163 0ustar gitgit00000000000000#!/bin/bash -e exec env scheme=sql: ../034-perms/run.sh certmonger-0.79.19/tests/034-perms/0000755000175000017500000000000014511314133016226 5ustar gitgit00000000000000certmonger-0.79.19/tests/034-perms/expected.out0000644000175000017500000000473714511314133020573 0ustar gitgit00000000000000[start] [keygen] $owner:$group|0620|ee.key [reset] $owner:$group|0755|ee.key [csrgen] $owner:$group|0620|ee.key [reset] $owner:$group|0755|ee.key [submit] $owner:$group|0755|ee.key [reset] $owner:$group|0755|ee.key [save] $owner:$group|0662|ee.crt $owner:$group|0620|ee.key [rekey:start] [rekey:keygen] $owner:$group|0620|ee.key [rekey:reset] $owner:$group|0755|ee.key [rekey:rekey] $owner:$group|0755|ee.key $owner:$group|0620|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:csrgen] $owner:$group|0755|ee.key $owner:$group|0620|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:submit] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:reset] $owner:$group|0755|ee.key $owner:$group|0755|ee.key.MARKER.key [rekey:save] $owner:$group|0662|ee.crt $owner:$group|0620|ee.key [dbm:start] [dbm:keygen] $owner:$group|0600|cert8.db $owner:$group|0620|key3.db $owner:$group|0600|secmod.db [dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:csrgen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db $owner:$group|0755|secmod.db [dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:submit] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [dbm:save] $owner:$group|0662|cert8.db $owner:$group|0620|key3.db $owner:$group|0662|secmod.db [rekey:dbm:start] [rekey:dbm:keygen] $owner:$group|0600|cert8.db $owner:$group|0620|key3.db $owner:$group|0600|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:keygen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db $owner:$group|0755|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:csrgen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db $owner:$group|0755|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:submit] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db $owner:$group|0755|secmod.db [rekey:dbm:save] $owner:$group|0662|cert8.db $owner:$group|0620|key3.db $owner:$group|0662|secmod.db OK certmonger-0.79.19/tests/034-perms/run.sh0000755000175000017500000000643114511314133017375 0ustar gitgit00000000000000#!/bin/bash cd "$tmpdir" scheme="${scheme:-dbm:}" function list() { $toolsdir/ls *.* | sed -e "s~^$owner:$group|~\$owner:\$group|~g" } function resetperms() { chown $owner:$group *.* chmod 0755 *.* } cat > ca << EOF id=Local ca_type=EXTERNAL ca_external_helper=$builddir/../src/local-submit -d $tmpdir EOF owner=`id -un` group=`id -gn` cat > entry << EOF id=Test ca_name=Local key_storage_type=FILE key_storage_location=$tmpdir/ee.key key_owner=$owner:$group key_perms=0620 cert_storage_type=FILE cert_storage_location=$tmpdir/ee.crt cert_owner=$owner:$group cert_perms=0662 notification_method=STDOUT EOF echo '[start]' list echo '[keygen]' $toolsdir/keygen entry > /dev/stderr list echo '[reset]' resetperms list echo '[csrgen]' $toolsdir/csrgen entry > /dev/stderr list echo '[reset]' resetperms list echo '[submit]' $toolsdir/submit ca entry > /dev/stderr list echo '[reset]' resetperms list echo '[save]' $toolsdir/certsave entry list rm *.* echo '[rekey:start]' list echo '[rekey:keygen]' $toolsdir/keygen entry > /dev/stderr list echo '[rekey:reset]' resetperms list echo '[rekey:rekey]' $toolsdir/keygen entry > /dev/stderr marker=`grep ^key_next_marker= entry | cut -f2- -d=` list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" echo '[rekey:reset]' resetperms list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" echo '[rekey:csrgen]' $toolsdir/csrgen entry > /dev/stderr list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" echo '[rekey:reset]' resetperms list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" echo '[rekey:submit]' $toolsdir/submit ca entry > /dev/stderr list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" echo '[rekey:reset]' resetperms list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" echo '[rekey:save]' $toolsdir/certsave entry list | sed "s~^$owner:$group|~\$owner:\$group|~g" | sed "s,$marker,MARKER,g" rm *.* cat > entry <<- EOF id=Test ca_name=Local key_storage_type=NSSDB key_storage_location=$scheme$tmpdir key_nickname=EE key_owner=$owner:$group key_perms=0620 cert_storage_type=NSSDB cert_storage_location=$scheme$tmpdir cert_nickname=EE cert_owner=$owner:$group cert_perms=0662 notification_method=STDOUT EOF echo echo '['$scheme'start]' list echo '['$scheme'keygen]' $toolsdir/keygen entry > /dev/stderr list echo '['$scheme'reset]' resetperms list echo '['$scheme'csrgen]' $toolsdir/csrgen entry > /dev/stderr list echo '['$scheme'reset]' resetperms list echo '['$scheme'submit]' $toolsdir/submit ca entry > /dev/stderr list echo '['$scheme'reset]' resetperms list echo '['$scheme'save]' $toolsdir/certsave entry list rm *.* echo '[rekey:'$scheme'start]' list echo '[rekey:'$scheme'keygen]' $toolsdir/keygen entry > /dev/stderr list echo '[rekey:'$scheme'reset]' resetperms list echo '[rekey:'$scheme'keygen]' $toolsdir/keygen entry > /dev/stderr list echo '[rekey:'$scheme'reset]' resetperms list echo '[rekey:'$scheme'csrgen]' $toolsdir/csrgen entry > /dev/stderr list echo '[rekey:'$scheme'reset]' resetperms list echo '[rekey:'$scheme'submit]' $toolsdir/submit ca entry > /dev/stderr list echo '[rekey:'$scheme'reset]' resetperms list echo '[rekey:'$scheme'save]' $toolsdir/certsave entry list rm *.* echo OK certmonger-0.79.19/tests/035-json/0000755000175000017500000000000014511314133016052 5ustar gitgit00000000000000certmonger-0.79.19/tests/035-json/bad.10000644000175000017500000000060414511314133016662 0ustar gitgit00000000000000 { "Image": { "Width": 800, "Height": 600, "Title": "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 } "Animated" : false, "IDs": [116, 943, 234, 38793] } } certmonger-0.79.19/tests/035-json/bad.150000644000175000017500000000004414511314133016745 0ustar gitgit00000000000000":\uD801\uDC1F:\uD802:have a drink" certmonger-0.79.19/tests/035-json/bad.1a0000644000175000017500000000060614511314133017025 0ustar gitgit00000000000000 { "Image": { "Width": 800, "Height": 600, "Title": "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 }, "Animated" : false, "IDs": [116, 943, 234, 38793] } }, certmonger-0.79.19/tests/035-json/bad.1b0000644000175000017500000000060614511314133017026 0ustar gitgit00000000000000 { "Image": { "Width": 800, "Height": 600, "Title": "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 }, "Animated" : false, "IDs": [116, 943, 234, 38793] }, } certmonger-0.79.19/tests/035-json/bad.1c0000644000175000017500000000060714511314133017030 0ustar gitgit00000000000000 { "Image": { ["Width"]: 800, "Height": 600, "Title": "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 }, "Animated" : false, "IDs": [116, 943, 234, 38793] } } certmonger-0.79.19/tests/035-json/bad.1d0000644000175000017500000000056214511314133017031 0ustar gitgit00000000000000 { "Image": { {"Width": 800, "Height": 600}: "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 }, "Animated" : false, "IDs": [116, 943, 234, 38793] } } certmonger-0.79.19/tests/035-json/bad.1e0000644000175000017500000000060714511314133017032 0ustar gitgit00000000000000 { "Image": { "Width": 800, "Height": 600, "Title": "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 }, "Animated" : false, "IDs": [116, 943, 234, 38793] } }[] certmonger-0.79.19/tests/035-json/bad.20000644000175000017500000000163114511314133016664 0ustar gitgit00000000000000"00v+an^IOrB50  *H  0P1 0U Local Signing Authority1,0*U #bb952b61-6e5e494f-b8c3f8aa-d47242350 150428175118Z 160428175118Z0P1 0U Local Signing Authority1,0*U #bb952b61-6e5e494f-b8c3f8aa-d47242350\"0  *H 0 i~`E-f:k$qRuV)*>yvF}*?۬q J$\"G[M@CP/wD2;l>kAƦK.F,a6 ^socm05 ]6}|V=H6ҘS8?lJ t9UEnRՏ05>} < \" E90rlrd 9:Tc{@ta|3b_XE׹c0a0U00U;Qt.YM=S$ax0U#0;Qt.YM=S$ax0U0  *H  ϋH|]O8gd|BlPMHf4w;D۸EGp߀[5i@T`#3T:.9򋰛h3?6/ wb~ʄW59,Or =T5-xeI&vÏMlL-QI|i5I  sAW_5f\"ڠv^M 65JFCVӓIC" certmonger-0.79.19/tests/035-json/bad.30000644000175000017500000000002114511314133016655 0ustar gitgit00000000000000This is amazing. certmonger-0.79.19/tests/035-json/bad.40000644000175000017500000000651514511314133016674 0ustar gitgit00000000000000{"certificate":"-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0 ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+ keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg 34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5 rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2 N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS 2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5 kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA== -----END CERTIFICATE-----","roots":{"CA1":"-----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE-----","CA2":"-----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE-----"},"CA3":"chain":{"-----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAAIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwIhgPMjAxNTAxMjcwMDAwMDBaGA8yMTE1MDEyNzAwMDAwMFow FDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDT7+BazrT3e/run8ZxrTfZNFx+vY+twKMPRXowSGot2eLcdDIIryOH ir1tUXIDZN2j+nF4U6kX3W66yMZjUApmYcFjhPk0Pg4ymsh/ScW2OlQXvC/f soPhvKA6cBeWUWwpdtRnFjZ14qmGuABPi6c/p0C/04HoBR9Y6QI5voRvHwID AQABMA0GCSqGSIb3DQEBCwUAA4GBAB4F1sjBaOJVuMmubbxc6vm3yDTwU3Qw JzjmXgwGUp5QryUIBZc9Kc5ceMUJ/Xf3OFDGWOqIx4JONdcgfLRJxax9WWg4 mYbkAmUQBRtl7fGgEvOqF9EgtEY06Nj5aI7vbFEfB80Xd0O9O06ckxr7QBSc Wc2RCeFYrUpNi6s3vfM5 -----END CERTIFICATE----- "}} certmonger-0.79.19/tests/035-json/bad.50000644000175000017500000000000514511314133016661 0ustar gitgit00000000000000"foo certmonger-0.79.19/tests/035-json/bad.60000644000175000017500000000000514511314133016662 0ustar gitgit00000000000000foo" certmonger-0.79.19/tests/035-json/bad.80000644000175000017500000000000514511314133016664 0ustar gitgit00000000000000{[]} certmonger-0.79.19/tests/035-json/bad.90000644000175000017500000000001114511314133016662 0ustar gitgit00000000000000{"key":} certmonger-0.79.19/tests/035-json/expected.out0000644000175000017500000002110314511314133020401 0ustar gitgit00000000000000[utf8] [good.1] {"Image":{"Width":800,"Height":600,"Title":"View from 15th Floor","Thumbnail":{"Url":"http://www.example.com/image/481989943","Height":125,"Width":100},"Animated":false,"IDs":[116,943,234,38793]}} [good.10] {"k1":"s1","k2":"s2"} [good.11] {"k1":["s1","s2","s3"],"k2":"s3"} [good.12] {"k1":{"k2":"s1","k3":"s2","k4":"s3"},"k5":"s4"} [good.13] ["v1","v2",["v3","v4",["v 5"," v 7 "]],-123456789,null,true,false,123456789,""] [good.14] "\\abc\"\nde\b\r/\ff\tghi\u0001\u001F" [good.15] ":\uD801\uDC1F:have a drink" [good.16] "-----BEGIN CERTIFICATE-----\nMIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw\nUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Ji\nOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0MjM1MB4XDTE1MDQyODE3NTEx\nOFoXDTE2MDQyODE3NTExOFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo\nb3JpdHkxLDAqBgNVBAMMI2JiOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0\nMjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhejaX5gRYuQLRFm\n8Tq97akBa/asJPlxUrh1Vh+lKeXH+yqlPnkWoHaURn0UKj8Q26yTh3ENrqESoUrW\nJM8iR1tN4e7t1M3GGvscQOoVq7zdQ1CrGbwvd+Pdz0QTHzIEwzts2hfh6T65a0HG\nphGpS6EAxS5G8Sz8ppbqxgfynqLAYes2tBHvio0KFYpejbVzbxibE2NtMDULyF2p\nNn18Vv8aoD1I9TbSmAKsp5ToUwc4P2xKCaZ0nzlVGZaH2UXdblKc1Y8wNRs+fQ0G\nPBzjDSLYCkU52jDSFf6+lNBybHJkDDntOlRje0B0Yb+AfDO7Yl/G4h5Yth9F17mB\n68R/0wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBQ7Udp0Ln9Z\nTac97VONJO6RYcZ4jTAfBgNVHSMEGDAWgBQ7Udp0Ln9ZTac97VONJO6RYcZ4jTAO\nBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAMHg38+LFUh86abJXZ5P\nrZE4i7Jn6mT+fIboQgZsrxn0vLXOGFBNSNhmNBp3scDY/+CzO+lE27jfGphFtJ2z\nR/vocPjS34BbNWkEBkCPv4lUYNL2yyPWM1SeOi7f/znyi7CbaAfvMz82mS8KAXep\nYsd+GvmZCMcClOXjyoSYV+3757o1n7OvOQIBnbymH+DjLE/Dcg09oahUBtV/NS0D\neGXlp39JJu6MxuAeooHDdsOPTaociNDMbJiXTC1RGqjhSXyaneZp3B01SQgMD/8N\n8nOg4kHgV181Zg4imvWK4qnaoHZeTcTgkd8MNjXeAq/OSppGQw5W5vuZ1dOTSUPR\n44A=\n-----END CERTIFICATE-----" [good.17] "-----BEGIN CERTIFICATE-----\nMIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw\nUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Ji\nOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0MjM1MB4XDTE1MDQyODE3NTEx\nOFoXDTE2MDQyODE3NTExOFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo\nb3JpdHkxLDAqBgNVBAMMI2JiOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0\nMjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhejaX5gRYuQLRFm\n8Tq97akBa/asJPlxUrh1Vh+lKeXH+yqlPnkWoHaURn0UKj8Q26yTh3ENrqESoUrW\nJM8iR1tN4e7t1M3GGvscQOoVq7zdQ1CrGbwvd+Pdz0QTHzIEwzts2hfh6T65a0HG\nphGpS6EAxS5G8Sz8ppbqxgfynqLAYes2tBHvio0KFYpejbVzbxibE2NtMDULyF2p\nNn18Vv8aoD1I9TbSmAKsp5ToUwc4P2xKCaZ0nzlVGZaH2UXdblKc1Y8wNRs+fQ0G\nPBzjDSLYCkU52jDSFf6+lNBybHJkDDntOlRje0B0Yb+AfDO7Yl/G4h5Yth9F17mB\n68R/0wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBQ7Udp0Ln9Z\nTac97VONJO6RYcZ4jTAfBgNVHSMEGDAWgBQ7Udp0Ln9ZTac97VONJO6RYcZ4jTAO\nBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAMHg38+LFUh86abJXZ5P\nrZE4i7Jn6mT+fIboQgZsrxn0vLXOGFBNSNhmNBp3scDY/+CzO+lE27jfGphFtJ2z\nR/vocPjS34BbNWkEBkCPv4lUYNL2yyPWM1SeOi7f/znyi7CbaAfvMz82mS8KAXep\nYsd+GvmZCMcClOXjyoSYV+3757o1n7OvOQIBnbymH+DjLE/Dcg09oahUBtV/NS0D\neGXlp39JJu6MxuAeooHDdsOPTaociNDMbJiXTC1RGqjhSXyaneZp3B01SQgMD/8N\n8nOg4kHgV181Zg4imvWK4qnaoHZeTcTgkd8MNjXeAq/OSppGQw5W5vuZ1dOTSUPR\n44A=\n-----END CERTIFICATE-----\n" [good.18] {"glossary":{"title":"example glossary","GlossDiv":{"title":"S","GlossList":{"GlossEntry":{"ID":"SGML","SortAs":"SGML","GlossTerm":"Standard Generalized Markup Language","Acronym":"SGML","Abbrev":"ISO 8879:1986","GlossDef":{"para":"A meta-markup language, used to create markup languages such as DocBook.","GlossSeeAlso":["GML","XML"]},"GlossSee":"markup"}}}}} [good.19] {"menu":{"id":"file","value":"File","popup":{"menuitem":[{"value":"New","onclick":"CreateNewDoc()"},{"value":"Open","onclick":"OpenDoc()"},{"value":"Close","onclick":"CloseDoc()"}]}}} [good.2] [{"precision":"zip","Latitude":37.766800,"Longitude":-122.395900,"Address":"","City":"SAN FRANCISCO","State":"CA","Zip":"94107","Country":"US"},{"precision":"zip","Latitude":37.371991,"Longitude":-122.026020,"Address":"","City":"SUNNYVALE","State":"CA","Zip":"94085","Country":"US"}] [good.20] {"widget":{"debug":"on","window":{"title":"Sample Konfabulator Widget","name":"main_window","width":500,"height":500},"image":{"src":"Images/Sun.png","name":"sun1","hOffset":250,"vOffset":250,"alignment":"center"},"text":{"data":"Click Here","size":36,"style":"bold","name":"text1","hOffset":250,"vOffset":100,"alignment":"center","onMouseUp":"sun1.opacity = (sun1.opacity / 100) * 90;"}}} [good.21] {"web-app":{"servlet":[{"servlet-name":"cofaxCDS","servlet-class":"org.cofax.cds.CDSServlet","init-param":{"configGlossary:installationAt":"Philadelphia, PA","configGlossary:adminEmail":"ksm@pobox.com","configGlossary:poweredBy":"Cofax","configGlossary:poweredByIcon":"/images/cofax.gif","configGlossary:staticPath":"/content/static","templateProcessorClass":"org.cofax.WysiwygTemplate","templateLoaderClass":"org.cofax.FilesTemplateLoader","templatePath":"templates","templateOverridePath":"","defaultListTemplate":"listTemplate.htm","defaultFileTemplate":"articleTemplate.htm","useJSP":false,"jspListTemplate":"listTemplate.jsp","jspFileTemplate":"articleTemplate.jsp","cachePackageTagsTrack":200,"cachePackageTagsStore":200,"cachePackageTagsRefresh":60,"cacheTemplatesTrack":100,"cacheTemplatesStore":50,"cacheTemplatesRefresh":15,"cachePagesTrack":200,"cachePagesStore":100,"cachePagesRefresh":10,"cachePagesDirtyRead":10,"searchEngineListTemplate":"forSearchEnginesList.htm","searchEngineFileTemplate":"forSearchEngines.htm","searchEngineRobotsDb":"WEB-INF/robots.db","useDataStore":true,"dataStoreClass":"org.cofax.SqlDataStore","redirectionClass":"org.cofax.SqlRedirection","dataStoreName":"cofax","dataStoreDriver":"com.microsoft.jdbc.sqlserver.SQLServerDriver","dataStoreUrl":"jdbc:microsoft:sqlserver://LOCALHOST:1433;DatabaseName=goon","dataStoreUser":"sa","dataStorePassword":"dataStoreTestQuery","dataStoreTestQuery":"SET NOCOUNT ON;select test='test';","dataStoreLogFile":"/usr/local/tomcat/logs/datastore.log","dataStoreInitConns":10,"dataStoreMaxConns":100,"dataStoreConnUsageLimit":100,"dataStoreLogLevel":"debug","maxUrlLength":500}},{"servlet-name":"cofaxEmail","servlet-class":"org.cofax.cds.EmailServlet","init-param":{"mailHost":"mail1","mailHostOverride":"mail2"}},{"servlet-name":"cofaxAdmin","servlet-class":"org.cofax.cds.AdminServlet"},{"servlet-name":"fileServlet","servlet-class":"org.cofax.cds.FileServlet"},{"servlet-name":"cofaxTools","servlet-class":"org.cofax.cms.CofaxToolsServlet","init-param":{"templatePath":"toolstemplates/","log":1,"logLocation":"/usr/local/tomcat/logs/CofaxTools.log","logMaxSize":"","dataLog":1,"dataLogLocation":"/usr/local/tomcat/logs/dataLog.log","dataLogMaxSize":"","removePageCache":"/content/admin/remove?cache=pages&id=","removeTemplateCache":"/content/admin/remove?cache=templates&id=","fileTransferFolder":"/usr/local/tomcat/webapps/content/fileTransferFolder","lookInContext":1,"adminGroupID":4,"betaServer":true}}],"servlet-mapping":{"cofaxCDS":"/","cofaxEmail":"/cofaxutil/aemail/*","cofaxAdmin":"/admin/*","fileServlet":"/static/*","cofaxTools":"/tools/*"},"taglib":{"taglib-uri":"cofax.tld","taglib-location":"/WEB-INF/tlds/cofax.tld"}}} [good.22] {"menu":{"header":"SVG Viewer","items":[{"id":"Open"},{"id":"OpenNew","label":"Open New"},null,{"id":"ZoomIn","label":"Zoom In"},{"id":"ZoomOut","label":"Zoom Out"},{"id":"OriginalView","label":"Original View"},null,{"id":"Quality"},{"id":"Pause"},{"id":"Mute"},null,{"id":"Find","label":"Find..."},{"id":"FindAgain","label":"Find Again"},{"id":"Copy"},{"id":"CopyAgain","label":"Copy Again"},{"id":"CopySVG","label":"Copy SVG"},{"id":"ViewSVG","label":"View SVG"},{"id":"ViewSource","label":"View Source"},{"id":"SaveAs","label":"Save As"},null,{"id":"Help"},{"id":"About","label":"About Adobe CVG Viewer..."}]}} [good.2a] {"precision":"zip","Latitude":37.766800,"Longitude":-122.395900,"Address":"","City":"SAN FRANCISCO","State":"CA","Zip":"94107","Country":"US"} [good.2b] {"precision":"zip","Latitude":37.371991,"Longitude":-122.026020,"Address":"","City":"SUNNYVALE","State":"CA","Zip":"94085","Country":"US"} [good.2c] [{"precision":"zip","Latitude":37.766800,"Longitude":-122.395900,"Address":"","City":"SAN FRANCISCO","State":"CA","Zip":"94107","Country":"US"}] [good.3] "Hello world!" [good.4] 42 [good.5] true [good.6] [] [good.7] {} [good.8] [{}] [good.9] -1 got expected error with bad.1 got expected error with bad.15 got expected error with bad.1a got expected error with bad.1b got expected error with bad.1c got expected error with bad.1d got expected error with bad.1e got expected error with bad.2 got expected error with bad.3 got expected error with bad.4 got expected error with bad.5 got expected error with bad.6 got expected error with bad.8 got expected error with bad.9 OK certmonger-0.79.19/tests/035-json/good.10000644000175000017500000000060514511314133017065 0ustar gitgit00000000000000 { "Image": { "Width": 800, "Height": 600, "Title": "View from 15th Floor", "Thumbnail": { "Url": "http://www.example.com/image/481989943", "Height": 125, "Width": 100 }, "Animated" : false, "IDs": [116, 943, 234, 38793] } } certmonger-0.79.19/tests/035-json/good.100000644000175000017500000000002614511314133017142 0ustar gitgit00000000000000{"k1":"s1","k2":"s2"} certmonger-0.79.19/tests/035-json/good.110000644000175000017500000000004214511314133017141 0ustar gitgit00000000000000{"k1":["s1","s2","s3"],"k2":"s3"} certmonger-0.79.19/tests/035-json/good.120000644000175000017500000000006114511314133017143 0ustar gitgit00000000000000{"k1":{"k2":"s1","k3":"s2","k4":"s3"},"k5":"s4"} certmonger-0.79.19/tests/035-json/good.130000644000175000017500000000012014511314133017140 0ustar gitgit00000000000000["v1","v2",["v3","v4",["v 5"," v 7 "]],-123456789,null,true,false,123456789,""] certmonger-0.79.19/tests/035-json/good.140000644000175000017500000000004714511314133017151 0ustar gitgit00000000000000"\\abc\"\nde\b\r/\ff\tghi\u0001\u001F" certmonger-0.79.19/tests/035-json/good.150000644000175000017500000000003514511314133017147 0ustar gitgit00000000000000":\uD801\uDC1F:have a drink" certmonger-0.79.19/tests/035-json/good.160000644000175000017500000000242014511314133017150 0ustar gitgit00000000000000"-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Ji OTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0MjM1MB4XDTE1MDQyODE3NTEx OFoXDTE2MDQyODE3NTExOFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2JiOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0 MjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhejaX5gRYuQLRFm 8Tq97akBa/asJPlxUrh1Vh+lKeXH+yqlPnkWoHaURn0UKj8Q26yTh3ENrqESoUrW JM8iR1tN4e7t1M3GGvscQOoVq7zdQ1CrGbwvd+Pdz0QTHzIEwzts2hfh6T65a0HG phGpS6EAxS5G8Sz8ppbqxgfynqLAYes2tBHvio0KFYpejbVzbxibE2NtMDULyF2p Nn18Vv8aoD1I9TbSmAKsp5ToUwc4P2xKCaZ0nzlVGZaH2UXdblKc1Y8wNRs+fQ0G PBzjDSLYCkU52jDSFf6+lNBybHJkDDntOlRje0B0Yb+AfDO7Yl/G4h5Yth9F17mB 68R/0wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBQ7Udp0Ln9Z Tac97VONJO6RYcZ4jTAfBgNVHSMEGDAWgBQ7Udp0Ln9ZTac97VONJO6RYcZ4jTAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAMHg38+LFUh86abJXZ5P rZE4i7Jn6mT+fIboQgZsrxn0vLXOGFBNSNhmNBp3scDY/+CzO+lE27jfGphFtJ2z R/vocPjS34BbNWkEBkCPv4lUYNL2yyPWM1SeOi7f/znyi7CbaAfvMz82mS8KAXep Ysd+GvmZCMcClOXjyoSYV+3757o1n7OvOQIBnbymH+DjLE/Dcg09oahUBtV/NS0D eGXlp39JJu6MxuAeooHDdsOPTaociNDMbJiXTC1RGqjhSXyaneZp3B01SQgMD/8N 8nOg4kHgV181Zg4imvWK4qnaoHZeTcTgkd8MNjXeAq/OSppGQw5W5vuZ1dOTSUPR 44A= -----END CERTIFICATE-----" certmonger-0.79.19/tests/035-json/good.170000644000175000017500000000242114511314133017152 0ustar gitgit00000000000000"-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Ji OTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0MjM1MB4XDTE1MDQyODE3NTEx OFoXDTE2MDQyODE3NTExOFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2JiOTUyYjYxLTZlNWU0OTRmLWI4YzNmOGFhLWQ0NzI0 MjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhejaX5gRYuQLRFm 8Tq97akBa/asJPlxUrh1Vh+lKeXH+yqlPnkWoHaURn0UKj8Q26yTh3ENrqESoUrW JM8iR1tN4e7t1M3GGvscQOoVq7zdQ1CrGbwvd+Pdz0QTHzIEwzts2hfh6T65a0HG phGpS6EAxS5G8Sz8ppbqxgfynqLAYes2tBHvio0KFYpejbVzbxibE2NtMDULyF2p Nn18Vv8aoD1I9TbSmAKsp5ToUwc4P2xKCaZ0nzlVGZaH2UXdblKc1Y8wNRs+fQ0G PBzjDSLYCkU52jDSFf6+lNBybHJkDDntOlRje0B0Yb+AfDO7Yl/G4h5Yth9F17mB 68R/0wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBQ7Udp0Ln9Z Tac97VONJO6RYcZ4jTAfBgNVHSMEGDAWgBQ7Udp0Ln9ZTac97VONJO6RYcZ4jTAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAMHg38+LFUh86abJXZ5P rZE4i7Jn6mT+fIboQgZsrxn0vLXOGFBNSNhmNBp3scDY/+CzO+lE27jfGphFtJ2z R/vocPjS34BbNWkEBkCPv4lUYNL2yyPWM1SeOi7f/znyi7CbaAfvMz82mS8KAXep Ysd+GvmZCMcClOXjyoSYV+3757o1n7OvOQIBnbymH+DjLE/Dcg09oahUBtV/NS0D eGXlp39JJu6MxuAeooHDdsOPTaociNDMbJiXTC1RGqjhSXyaneZp3B01SQgMD/8N 8nOg4kHgV181Zg4imvWK4qnaoHZeTcTgkd8MNjXeAq/OSppGQw5W5vuZ1dOTSUPR 44A= -----END CERTIFICATE----- " certmonger-0.79.19/tests/035-json/good.180000644000175000017500000000110714511314133017153 0ustar gitgit00000000000000{ "glossary": { "title": "example glossary", "GlossDiv": { "title": "S", "GlossList": { "GlossEntry": { "ID": "SGML", "SortAs": "SGML", "GlossTerm": "Standard Generalized Markup Language", "Acronym": "SGML", "Abbrev": "ISO 8879:1986", "GlossDef": { "para": "A meta-markup language, used to create markup languages such as DocBook.", "GlossSeeAlso": ["GML", "XML"] }, "GlossSee": "markup" } } } } } certmonger-0.79.19/tests/035-json/good.190000644000175000017500000000036214511314133017156 0ustar gitgit00000000000000{"menu": { "id": "file", "value": "File", "popup": { "menuitem": [ {"value": "New", "onclick": "CreateNewDoc()"}, {"value": "Open", "onclick": "OpenDoc()"}, {"value": "Close", "onclick": "CloseDoc()"} ] } }} certmonger-0.79.19/tests/035-json/good.20000644000175000017500000000110214511314133017057 0ustar gitgit00000000000000 [ { "precision": "zip", "Latitude": 37.7668, "Longitude": -122.3959, "Address": "", "City": "SAN FRANCISCO", "State": "CA", "Zip": "94107", "Country": "US" }, { "precision": "zip", "Latitude": 37.371991, "Longitude": -122.026020, "Address": "", "City": "SUNNYVALE", "State": "CA", "Zip": "94085", "Country": "US" } ] certmonger-0.79.19/tests/035-json/good.200000644000175000017500000000113614511314133017146 0ustar gitgit00000000000000{"widget": { "debug": "on", "window": { "title": "Sample Konfabulator Widget", "name": "main_window", "width": 500, "height": 500 }, "image": { "src": "Images/Sun.png", "name": "sun1", "hOffset": 250, "vOffset": 250, "alignment": "center" }, "text": { "data": "Click Here", "size": 36, "style": "bold", "name": "text1", "hOffset": 250, "vOffset": 100, "alignment": "center", "onMouseUp": "sun1.opacity = (sun1.opacity / 100) * 90;" } }} certmonger-0.79.19/tests/035-json/good.210000644000175000017500000000661414511314133017155 0ustar gitgit00000000000000{"web-app": { "servlet": [ { "servlet-name": "cofaxCDS", "servlet-class": "org.cofax.cds.CDSServlet", "init-param": { "configGlossary:installationAt": "Philadelphia, PA", "configGlossary:adminEmail": "ksm@pobox.com", "configGlossary:poweredBy": "Cofax", "configGlossary:poweredByIcon": "/images/cofax.gif", "configGlossary:staticPath": "/content/static", "templateProcessorClass": "org.cofax.WysiwygTemplate", "templateLoaderClass": "org.cofax.FilesTemplateLoader", "templatePath": "templates", "templateOverridePath": "", "defaultListTemplate": "listTemplate.htm", "defaultFileTemplate": "articleTemplate.htm", "useJSP": false, "jspListTemplate": "listTemplate.jsp", "jspFileTemplate": "articleTemplate.jsp", "cachePackageTagsTrack": 200, "cachePackageTagsStore": 200, "cachePackageTagsRefresh": 60, "cacheTemplatesTrack": 100, "cacheTemplatesStore": 50, "cacheTemplatesRefresh": 15, "cachePagesTrack": 200, "cachePagesStore": 100, "cachePagesRefresh": 10, "cachePagesDirtyRead": 10, "searchEngineListTemplate": "forSearchEnginesList.htm", "searchEngineFileTemplate": "forSearchEngines.htm", "searchEngineRobotsDb": "WEB-INF/robots.db", "useDataStore": true, "dataStoreClass": "org.cofax.SqlDataStore", "redirectionClass": "org.cofax.SqlRedirection", "dataStoreName": "cofax", "dataStoreDriver": "com.microsoft.jdbc.sqlserver.SQLServerDriver", "dataStoreUrl": "jdbc:microsoft:sqlserver://LOCALHOST:1433;DatabaseName=goon", "dataStoreUser": "sa", "dataStorePassword": "dataStoreTestQuery", "dataStoreTestQuery": "SET NOCOUNT ON;select test='test';", "dataStoreLogFile": "/usr/local/tomcat/logs/datastore.log", "dataStoreInitConns": 10, "dataStoreMaxConns": 100, "dataStoreConnUsageLimit": 100, "dataStoreLogLevel": "debug", "maxUrlLength": 500}}, { "servlet-name": "cofaxEmail", "servlet-class": "org.cofax.cds.EmailServlet", "init-param": { "mailHost": "mail1", "mailHostOverride": "mail2"}}, { "servlet-name": "cofaxAdmin", "servlet-class": "org.cofax.cds.AdminServlet"}, { "servlet-name": "fileServlet", "servlet-class": "org.cofax.cds.FileServlet"}, { "servlet-name": "cofaxTools", "servlet-class": "org.cofax.cms.CofaxToolsServlet", "init-param": { "templatePath": "toolstemplates/", "log": 1, "logLocation": "/usr/local/tomcat/logs/CofaxTools.log", "logMaxSize": "", "dataLog": 1, "dataLogLocation": "/usr/local/tomcat/logs/dataLog.log", "dataLogMaxSize": "", "removePageCache": "/content/admin/remove?cache=pages&id=", "removeTemplateCache": "/content/admin/remove?cache=templates&id=", "fileTransferFolder": "/usr/local/tomcat/webapps/content/fileTransferFolder", "lookInContext": 1, "adminGroupID": 4, "betaServer": true}}], "servlet-mapping": { "cofaxCDS": "/", "cofaxEmail": "/cofaxutil/aemail/*", "cofaxAdmin": "/admin/*", "fileServlet": "/static/*", "cofaxTools": "/tools/*"}, "taglib": { "taglib-uri": "cofax.tld", "taglib-location": "/WEB-INF/tlds/cofax.tld"}}} certmonger-0.79.19/tests/035-json/good.220000644000175000017500000000155114511314133017151 0ustar gitgit00000000000000{"menu": { "header": "SVG Viewer", "items": [ {"id": "Open"}, {"id": "OpenNew", "label": "Open New"}, null, {"id": "ZoomIn", "label": "Zoom In"}, {"id": "ZoomOut", "label": "Zoom Out"}, {"id": "OriginalView", "label": "Original View"}, null, {"id": "Quality"}, {"id": "Pause"}, {"id": "Mute"}, null, {"id": "Find", "label": "Find..."}, {"id": "FindAgain", "label": "Find Again"}, {"id": "Copy"}, {"id": "CopyAgain", "label": "Copy Again"}, {"id": "CopySVG", "label": "Copy SVG"}, {"id": "ViewSVG", "label": "View SVG"}, {"id": "ViewSource", "label": "View Source"}, {"id": "SaveAs", "label": "Save As"}, null, {"id": "Help"}, {"id": "About", "label": "About Adobe CVG Viewer..."} ] }} certmonger-0.79.19/tests/035-json/good.2a0000644000175000017500000000043014511314133017223 0ustar gitgit00000000000000 { "precision": "zip", "Latitude": 37.7668, "Longitude": -122.3959, "Address": "", "City": "SAN FRANCISCO", "State": "CA", "Zip": "94107", "Country": "US" } certmonger-0.79.19/tests/035-json/good.2b0000644000175000017500000000043014511314133017224 0ustar gitgit00000000000000 { "precision": "zip", "Latitude": 37.371991, "Longitude": -122.026020, "Address": "", "City": "SUNNYVALE", "State": "CA", "Zip": "94085", "Country": "US" } certmonger-0.79.19/tests/035-json/good.2c0000644000175000017500000000044214511314133017230 0ustar gitgit00000000000000 [ { "precision": "zip", "Latitude": 37.7668, "Longitude": -122.3959, "Address": "", "City": "SAN FRANCISCO", "State": "CA", "Zip": "94107", "Country": "US" }] certmonger-0.79.19/tests/035-json/good.30000644000175000017500000000002014511314133017056 0ustar gitgit00000000000000 "Hello world!" certmonger-0.79.19/tests/035-json/good.40000644000175000017500000000000314511314133017060 0ustar gitgit0000000000000042 certmonger-0.79.19/tests/035-json/good.50000644000175000017500000000000514511314133017063 0ustar gitgit00000000000000true certmonger-0.79.19/tests/035-json/good.60000644000175000017500000000000314511314133017062 0ustar gitgit00000000000000[] certmonger-0.79.19/tests/035-json/good.70000644000175000017500000000000314511314133017063 0ustar gitgit00000000000000{} certmonger-0.79.19/tests/035-json/good.80000644000175000017500000000000514511314133017066 0ustar gitgit00000000000000[{}] certmonger-0.79.19/tests/035-json/good.90000644000175000017500000000000314511314133017065 0ustar gitgit00000000000000-1 certmonger-0.79.19/tests/035-json/run.sh0000755000175000017500000000056314511314133017221 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" echo "[utf8]" "$toolsdir"/json-utf8 for good in "$srcdir"/035-json/good.* ; do if ! "$toolsdir"/json "$good" ; then exit 1 fi done for bad in "$srcdir"/035-json/bad.* ; do if "$toolsdir"/json "$bad" ; then echo unexpected success with `basename "$bad"` exit 1 else echo got expected error with `basename "$bad"` fi done echo OK certmonger-0.79.19/tests/036-getcert/0000755000175000017500000000000014511314133016537 5ustar gitgit00000000000000certmonger-0.79.19/tests/036-getcert/expected.out0000644000175000017500000000261014511314133021070 0ustar gitgit00000000000000[Files, initial.] New signing request "first" added. certs:1 -----BEGIN CERTIFICATE----- keys:1 -----BEGIN PRIVATE KEY----- [Files, resubmit.] Resubmitting "first" to "local". certs:1 -----BEGIN CERTIFICATE----- keys:1 -----BEGIN PRIVATE KEY----- [Files, rekey] Resubmitting "first" to "local". certs:1 -----BEGIN CERTIFICATE----- keys:1 -----BEGIN PRIVATE KEY----- [Files, rekey with preserve=1] Resubmitting "first" to "local". certs:1 -----BEGIN CERTIFICATE----- keys:2 -----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY----- [Files, rekey with jerk CA] Resubmitting "first" to "jerkca". certs:1 -----BEGIN CERTIFICATE----- keys:1 -----BEGIN PRIVATE KEY----- [Database, initial.] New signing request "first" added. certs:1 keys:1 pk12util: PKCS12 EXPORT SUCCESSFUL cert:1 key:1 [Database, resubmit] Resubmitting "first" to "local". certs:1 keys:1 pk12util: PKCS12 EXPORT SUCCESSFUL cert:1 key:1 [Database, rekey] Resubmitting "first" to "local". certs:1 keys:1 pk12util: PKCS12 EXPORT SUCCESSFUL cert:1 key:1 [Database, rekey with preserve=1] Resubmitting "first" to "local". certs:1 keys:2 pk12util: PKCS12 EXPORT SUCCESSFUL cert:1 key:1 [Database, rekey with jerk CA] Resubmitting "first" to "jerkca". certs:1 keys:3 pk12util: PKCS12 EXPORT SUCCESSFUL cert:1 key:1 [Database, rekey with jerk CA, nonpreserving] Resubmitting "first" to "jerkca". certs:1 keys:3 pk12util: PKCS12 EXPORT SUCCESSFUL cert:1 key:1 OK certmonger-0.79.19/tests/036-getcert/run.sh0000755000175000017500000002136414511314133017710 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" mkdir "$tmpdir"/cas "$tmpdir"/requests "$tmpdir"/local "$tmpdir"/files "$tmpdir"/db "$tmpdir"/backup timeout=900 cat > $tmpdir/cas/local << EOF id=local ca_type=EXTERNAL ca_external_helper="$builddir"/../src/local-submit -d "$tmpdir"/local EOF cat > $tmpdir/cas/jerkca << EOF id=jerkca ca_type=EXTERNAL ca_external_helper="$toolsdir"/printenv CERTMONGER_CERTIFICATE EOF run() { env CERTMONGER_CONFIG_DIR="$tmpdir" CERTMONGER_TMPDIR="$tmpdir" \ CERTMONGER_REQUESTS_DIR="$tmpdir"/requests \ CERTMONGER_CAS_DIR="$tmpdir"/cas \ "$builddir"/../src/certmonger-session -L -P "$tmpdir/certmonger.sock" -n -c "$*" } listfiles() { echo -n certs: echo -n certs: 1>&2 ls -1 files/*cert* | wc -l ls -1 files/*cert* 1>&2 for cert in "$tmpdir"/files/*cert* ; do head -n 1 "$cert" done echo -n keys: echo -n keys: 1>&2 ls -1 files/*key* | wc -l ls -1 files/*key* 1>&2 for key in "$tmpdir"/files/*key* ; do head -n 1 "$key" done } listdb() { : > "$tmpdir"/db/pinfile echo -n certs: echo -n certs: 1>&2 certutil -L -d "$tmpdir"/db | grep -v Nickname | grep -v '^$' | grep -v ,S/MIME, | wc -l certutil -L -d "$tmpdir"/db | wc -l 1>&2 echo -n keys: echo -n keys: 1>&2 certutil -K -d "$tmpdir"/db -f "$tmpdir"/db/pinfile | grep -v Checking | grep -v '^$' | wc -l certutil -K -d "$tmpdir"/db -f "$tmpdir"/db/pinfile 1>&2 } extract() { pk12util -C AES-128-CBC -c AES-128-CBC -d "$tmpdir"/db -n first -o "$tmpdir"/files/p12 -W "" -K "" openssl pkcs12 -nokeys -nomacver -in "$tmpdir"/files/p12 -passin pass: -nodes | awk '/BEGIN/,/END/{print}' > "$1"/cert openssl pkcs12 -nocerts -nomacver -in "$tmpdir"/files/p12 -passin pass: -nodes | awk '/BEGIN/,/END/{print}' > "$1"/key echo -n cert: head -n 1 "$1"/cert | wc -l echo -n key: head -n 1 "$1"/key | wc -l } REQOPTS="-N cn=First" # First round. echo '[Files, initial.]' run "$builddir"/../src/getcert request -c local -I first -w --wait-timeout=$timeout $REQOPTS -f "$tmpdir"/files/cert -k "$tmpdir"/files/key listfiles # Save the key and cert we just generated, and generate a new certificate. cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup echo '[Files, resubmit.]' run "$builddir"/../src/getcert resubmit -c local -w --wait-timeout=$timeout -f "$tmpdir"/files/cert listfiles # Make sure we have a new certificate and the key is unchanged. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key || echo ERROR: keys were changed on resubmit cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert && echo ERROR: cert was not changed on resubmit # Save the key and cert we just generated, and generate a new key and # certificate. Force its serial number, since it'll be used as part of the # name when it's renamed out of the way later. cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup echo 1235 > "$tmpdir"/local/serial echo '[Files, rekey]' run "$builddir"/../src/getcert rekey -c local -w --wait-timeout=$timeout -f "$tmpdir"/files/cert listfiles # Make sure we have a new certificate and key. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key && echo ERROR: keys were not changed on rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert && echo ERROR: cert was not changed on rekey # Save the key and cert we just generated, and generate a new key and certificate. echo key_preserve=1 >> "$tmpdir"/requests/* cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup echo '[Files, rekey with preserve=1]' run "$builddir"/../src/getcert rekey -c local -w --wait-timeout=$timeout -f "$tmpdir"/files/cert listfiles # Make sure we have a new certificate and key, and that the old key still # exists where we expect it to be. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key && echo ERROR: keys were not changed on rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert && echo ERROR: cert was not changed on rekey cmp -s "$tmpdir"/backup/key "$tmpdir"/files/key.1235.key || echo ERROR: old keys were not saved on rekey # Save the key and cert we just generated, and try to generate a new key and certificate. rm -f "$tmpdir"/files/key.* cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup echo '[Files, rekey with jerk CA]' run "$builddir"/../src/getcert rekey -c jerkca -w --wait-timeout=$timeout -f "$tmpdir"/files/cert listfiles # Make sure we didn't nuke the old key, but we should have been able to get rid of the candidate key. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key || echo ERROR: keys were changed on failed rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert || echo ERROR: cert was not changed on failed rekey rm -f "$tmpdir"/requests/* "$tmpdir"/local/* "$tmpdir"/files/* "$tmpdir"/db/* "$tmpdir"/backup/* # First round. echo '[Database, initial.]' run "$builddir"/../src/getcert request -c local -I first -w --wait-timeout=$timeout $REQOPTS -d "$tmpdir"/db -n first listdb extract "$tmpdir"/backup # Save the key and cert we just generated, and generate a new certificate. echo '[Database, resubmit]' run "$builddir"/../src/getcert resubmit -c local -w --wait-timeout=$timeout -d "$tmpdir"/db -n first listdb extract "$tmpdir"/files # Make sure we have a new certificate and the key is unchanged. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key || echo ERROR: keys were changed on resubmit cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert && echo ERROR: cert was not changed on resubmit # Save the key and cert we just generated, and generate a new key and # certificate. Force its serial number, since it'll be used as part of the # name when it's renamed out of the way later. cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup echo 1235 > "$tmpdir"/local/serial echo '[Database, rekey]' run "$builddir"/../src/getcert rekey -c local -w --wait-timeout=$timeout -d "$tmpdir"/db -n first listdb extract "$tmpdir"/files # Make sure we have a new certificate and key. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key && echo ERROR: keys were not changed on rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert && echo ERROR: cert was not changed on rekey # Save the key and cert we just generated. echo key_preserve=1 >> "$tmpdir"/requests/* cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup # ID is based on a hash of the public key, so use that for comparison, since # pk12util can't export a key that doesn't have a certificate to go with it. certutil -K -d "$tmpdir"/db -f "$tmpdir"/db/pinfile | grep -v Checking | grep -v '^$' | awk '{print $3}' > "$tmpdir"/backup/id # Generate a new key and certificate. echo '[Database, rekey with preserve=1]' run "$builddir"/../src/getcert rekey -c local -w --wait-timeout=$timeout -d "$tmpdir"/db -n first listdb extract "$tmpdir"/files # Make sure we have a new certificate and key, and that the old key still # exists where we expect it to be. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key && echo ERROR: keys were not changed on rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert && echo ERROR: cert was not changed on rekey certutil -K -d "$tmpdir"/db -f "$tmpdir"/db/pinfile | grep -v Checking | grep -v first | grep -v '^$' | awk '{print $3}' > "$tmpdir"/files/id.old cmp -s "$tmpdir"/backup/id "$tmpdir"/files/id.old || echo ERROR: old keys were not saved on rekey # Save the key and cert we just generated. cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup # ID is based on a hash of the public key, so use that for comparison, since # pk12util can't export a key that doesn't have a certificate to go with it. certutil -K -d "$tmpdir"/db -f "$tmpdir"/db/pinfile | grep -v Checking | grep -v '^$' | awk '{print $3}' > "$tmpdir"/backup/id # Try to generate a new key and certificate. echo '[Database, rekey with jerk CA]' run "$builddir"/../src/getcert rekey -c jerkca -w --wait-timeout=$timeout -d "$tmpdir"/db -n first listdb extract "$tmpdir"/files # Make sure we didn't nuke the old key. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key || echo ERROR: keys were changed on failed rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert || echo ERROR: cert was not changed on failed rekey echo key_preserve=0 >> "$tmpdir"/requests/* # Save the key and cert we just generated. cp "$tmpdir"/files/cert "$tmpdir"/files/key "$tmpdir"/backup # ID is based on a hash of the public key, so use that for comparison, since # pk12util can't export a key that doesn't have a certificate to go with it. certutil -K -d "$tmpdir"/db -f "$tmpdir"/db/pinfile | grep -v Checking | grep -v '^$' | awk '{print $3}' > "$tmpdir"/backup/id # Try to generate a new key and certificate. echo '[Database, rekey with jerk CA, nonpreserving]' run "$builddir"/../src/getcert rekey -c jerkca -w --wait-timeout=$timeout -d "$tmpdir"/db -n first listdb extract "$tmpdir"/files # Make sure we didn't nuke the old key. cmp -s "$tmpdir"/files/key "$tmpdir"/backup/key || echo ERROR: keys were changed on failed rekey cmp -s "$tmpdir"/files/cert "$tmpdir"/backup/cert || echo ERROR: cert was not changed on failed rekey echo OK certmonger-0.79.19/tests/037-rekey2/0000755000175000017500000000000014511314133016304 5ustar gitgit00000000000000certmonger-0.79.19/tests/037-rekey2/expected.out0000644000175000017500000000560014511314133020637 0ustar gitgit00000000000000[Lifetime = 68y.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO -STOP- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR -STOP- GENERATING_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT -STOP- NEED_TO_SUBMIT -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- SAVED_CERT -START- NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT -STOP- NEED_TO_READ_CERT -START- READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED -STOP- NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- MONITORING -START- NEED_CSR -STOP- [Lifetime = 1y.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO -STOP- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR -STOP- GENERATING_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT -STOP- NEED_TO_SUBMIT -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- SAVED_CERT -START- NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT -STOP- NEED_TO_READ_CERT -START- READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED -STOP- NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- MONITORING -START- NEED_KEY_PAIR -STOP- [Uses = 2.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO -STOP- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR -STOP- GENERATING_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT -STOP- NEED_TO_SUBMIT -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- SAVED_CERT -START- NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT -STOP- NEED_TO_READ_CERT -START- READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED -STOP- NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- MONITORING -START- NEED_CSR -STOP- [Uses = 1.] NEED_KEY_PAIR -START- GENERATING_KEY_PAIR HAVE_KEY_PAIR NEED_KEYINFO -STOP- NEED_KEYINFO -START- READING_KEYINFO HAVE_KEYINFO NEED_CSR GENERATING_CSR -STOP- GENERATING_CSR -(RESET)- HAVE_KEYINFO -START- NEED_CSR GENERATING_CSR HAVE_CSR NEED_TO_SUBMIT -STOP- NEED_TO_SUBMIT -(RESET)- HAVE_CSR -START- NEED_TO_SUBMIT SUBMITTING NEED_TO_SAVE_CERT -STOP- NEED_TO_SAVE_CERT -START- START_SAVING_CERT SAVING_CERT SAVED_CERT -STOP- SAVED_CERT -START- NEED_TO_SAVE_CA_CERTS START_SAVING_CA_CERTS SAVING_CA_CERTS NEED_TO_READ_CERT -STOP- NEED_TO_READ_CERT -START- READING_CERT NEED_TO_NOTIFY_ISSUED_SAVED -STOP- NEED_TO_NOTIFY_ISSUED_SAVED -START- NOTIFYING_ISSUED_SAVED MONITORING -STOP- MONITORING -START- NEED_KEY_PAIR -STOP- Test complete. certmonger-0.79.19/tests/037-rekey2/run.sh0000755000175000017500000001440414511314133017452 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" CERTMONGER_CONFIG_DIR="$tmpdir" export CERTMONGER_CONFIG_DIR source "$srcdir"/functions # Set a "maximum" key lifetime of 68 years, for the sake of systems where I # don't want to work around 32-bit time_t just now. echo '[Lifetime = 68y.]' cat > certmonger.conf << EOF [defaults] notification_method=STDERR max_key_use_count=20 max_key_lifetime=68y [selfsign] validity_period=1y EOF # Issue on 2000-01-01 for one year. cat > ca.self <<- EOF id=Self ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=1235 ca_internal_issue_time=946684800 EOF # Set up a basic certificate. cat > entry.openssl <<- EOF id=Test ca_name=Self key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile autorenew=1 EOF # Run through the whole enrollment process. $toolsdir/iterate ca.self entry.openssl NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR $toolsdir/iterate ca.self entry.openssl NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO,NEED_CSR $toolsdir/iterate ca.self entry.openssl NEED_CSR,GENERATING_CSR,HAVE_CSR $toolsdir/iterate ca.self entry.openssl NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS $toolsdir/iterate ca.self entry.openssl NEED_TO_READ_CERT,READING_CERT,SAVED_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED # Now kick it and see what we decide to do next. Expect NEED_CSR/HAVE_KEY_PAIR. echo key_generated_date=20000000000000 >> entry.openssl $toolsdir/iterate ca.self entry.openssl MONITORING rm -f ca.self entry.openssl keyfile certfile # Set a "maximum" key lifetime of 1 year. echo '[Lifetime = 1y.]' cat > certmonger.conf << EOF [defaults] notification_method=STDERR max_key_use_count=20 max_key_lifetime=1y [selfsign] validity_period=1y EOF # Issue on 2000-01-01 for one year. cat > ca.self <<- EOF id=Self ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=1235 ca_internal_issue_time=946684800 EOF # Set up a basic certificate. cat > entry.openssl <<- EOF id=Test ca_name=Self key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile autorenew=1 EOF # Run through the whole enrollment process. $toolsdir/iterate ca.self entry.openssl NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR $toolsdir/iterate ca.self entry.openssl NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO,NEED_CSR $toolsdir/iterate ca.self entry.openssl NEED_CSR,GENERATING_CSR,HAVE_CSR $toolsdir/iterate ca.self entry.openssl NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS $toolsdir/iterate ca.self entry.openssl NEED_TO_READ_CERT,READING_CERT,SAVED_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED # Now kick it and see what we decide to do next. Expect NEED_KEY_PAIR. echo key_generated_date=20000000000000 >> entry.openssl $toolsdir/iterate ca.self entry.openssl MONITORING rm -f ca.self entry.openssl keyfile certfile # Set a "maximum" key use count of 2. echo '[Uses = 2.]' cat > certmonger.conf << EOF [defaults] notification_method=STDERR max_key_use_count=2 max_key_lifetime=100y [selfsign] validity_period=1y EOF # Issue on 2000-01-01 for one year. cat > ca.self <<- EOF id=Self ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=1235 ca_internal_issue_time=946684800 EOF # Set up a basic certificate. cat > entry.openssl <<- EOF id=Test ca_name=Self key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile autorenew=1 EOF # Run through the whole enrollment process. $toolsdir/iterate ca.self entry.openssl NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR $toolsdir/iterate ca.self entry.openssl NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO,NEED_CSR $toolsdir/iterate ca.self entry.openssl NEED_CSR,GENERATING_CSR,HAVE_CSR $toolsdir/iterate ca.self entry.openssl NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS $toolsdir/iterate ca.self entry.openssl NEED_TO_READ_CERT,READING_CERT,SAVED_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED # Now kick it and see what we decide to do next. Expect NEED_CSR/HAVE_KEY_PAIR. echo key_generated_date=20000000000000 >> entry.openssl $toolsdir/iterate ca.self entry.openssl MONITORING rm -f ca.self entry.openssl keyfile certfile # Set a "maximum" key use count of 1. echo '[Uses = 1.]' cat > certmonger.conf << EOF [defaults] notification_method=STDERR max_key_use_count=1 max_key_lifetime=100y [selfsign] validity_period=1y EOF # Issue on 2000-01-01 for one year. cat > ca.self <<- EOF id=Self ca_is_default=0 ca_type=INTERNAL:SELF ca_internal_serial=1235 ca_internal_issue_time=946684800 EOF # Set up a basic certificate. cat > entry.openssl <<- EOF id=Test ca_name=Self key_storage_type=FILE key_storage_location=$tmpdir/keyfile cert_storage_type=FILE cert_storage_location=$tmpdir/certfile autorenew=1 EOF # Run through the whole enrollment process. $toolsdir/iterate ca.self entry.openssl NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR $toolsdir/iterate ca.self entry.openssl NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO,NEED_CSR $toolsdir/iterate ca.self entry.openssl NEED_CSR,GENERATING_CSR,HAVE_CSR $toolsdir/iterate ca.self entry.openssl NEED_TO_SUBMIT,SUBMITTING $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS $toolsdir/iterate ca.self entry.openssl NEED_TO_READ_CERT,READING_CERT,SAVED_CERT $toolsdir/iterate ca.self entry.openssl NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED # Now kick it and see what we decide to do next. Expect NEED_KEY_PAIR. echo key_generated_date=20000000000000 >> entry.openssl $toolsdir/iterate ca.self entry.openssl MONITORING rm -f ca.self entry.openssl keyfile certfile echo Test complete. certmonger-0.79.19/tests/038-ms-v2-template/0000755000175000017500000000000014511314133017661 5ustar gitgit00000000000000certmonger-0.79.19/tests/038-ms-v2-template/expected.out0000644000175000017500000000116314511314133022214 0ustar gitgit00000000000000[key] OK. [csr : bogus oid] extension not present [csr : bogus major version] extension not present [csr : missing major version] extension not present [csr : too many parts] extension not present [csr : oid, major version] 0:d=0 hl=2 l= 8 cons: SEQUENCE 2:d=1 hl=2 l= 3 prim: OBJECT :1.2.3.4 7:d=1 hl=2 l= 1 prim: INTEGER :2A [csr : oid, major version, minor version] 0:d=0 hl=2 l= 11 cons: SEQUENCE 2:d=1 hl=2 l= 3 prim: OBJECT :1.2.3.4 7:d=1 hl=2 l= 1 prim: INTEGER :2A 10:d=1 hl=2 l= 1 prim: INTEGER :11 certmonger-0.79.19/tests/038-ms-v2-template/extract-extdata.py0000755000175000017500000000135014511314133023337 0ustar gitgit00000000000000#!/usr/bin/python3 # Given `openssl asn1parse` output of a CSR, look for the V2 Template # extension and output its data if found. Nonzero exit status if # not found. import binascii import re import sys STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3) state = STATE_SEARCH for line in sys.stdin: if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line: state = STATE_FOUND continue # look for first OCTET STRING once we're in STATE_FOUND # if state == STATE_FOUND and 'OCTET STRING' in line: result = re.search(r'\[HEX DUMP\]:(\w*)', line) sys.stdout.buffer.write(binascii.unhexlify(result.group(1))) state = STATE_DONE break if state != STATE_DONE: sys.exit(1) certmonger-0.79.19/tests/038-ms-v2-template/run.sh0000755000175000017500000000306014511314133021023 0ustar gitgit00000000000000#!/bin/bash -e srcdir=$PWD cd $tmpdir mkconfig() { cat > request <<- EOF key_storage_type=FILE key_storage_location=$tmpdir/key cert_storage_type=FILE cert_storage_location=$tmpdir/cert template_subject=CN=MS V2 Certificate Template test EOF } echo "[key]" mkconfig $toolsdir/keygen request echo "[csr : bogus oid]" mkconfig echo "template_certificate_template=NotAnOid:42" >> request $toolsdir/csrgen request | openssl asn1parse \ | $srcdir/extract-extdata.py || echo "extension not present" echo "[csr : bogus major version]" mkconfig echo "template_certificate_template=1.2.3.4:wat" >> request $toolsdir/csrgen request | openssl asn1parse \ | $srcdir/extract-extdata.py || echo "extension not present" echo "[csr : missing major version]" mkconfig echo "template_certificate_template=1.2.3.4" >> request $toolsdir/csrgen request | openssl asn1parse \ | $srcdir/extract-extdata.py || echo "extension not present" echo "[csr : too many parts]" mkconfig echo "template_certificate_template=1.2.3.4:1:1:1" >> request $toolsdir/csrgen request | openssl asn1parse \ | $srcdir/extract-extdata.py || echo "extension not present" echo "[csr : oid, major version]" mkconfig echo "template_certificate_template=1.2.3.4:42" >> request $toolsdir/csrgen request | openssl asn1parse \ | $srcdir/extract-extdata.py | openssl asn1parse -inform DER echo "[csr : oid, major version, minor version]" mkconfig echo "template_certificate_template=1.2.3.4:42:17" >> request $toolsdir/csrgen request | openssl asn1parse \ | $srcdir/extract-extdata.py | openssl asn1parse -inform DER certmonger-0.79.19/tests/039-fromfile/0000755000175000017500000000000014511314133016710 5ustar gitgit00000000000000certmonger-0.79.19/tests/039-fromfile/expected.out0000644000175000017500000000004514511314133021241 0ustar gitgit00000000000000[trailing_nl] Ok [no_trailing_nl] Ok certmonger-0.79.19/tests/039-fromfile/run.sh0000755000175000017500000000535514511314133020063 0ustar gitgit00000000000000#!/bin/bash -e cd $tmpdir cat > $tmpdir/trailing_nl <<- EOF -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRAO1VmyXYM0f7pbXVdEGtRPMwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Vk NTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0NGYzMB4XDTE1MDQyODE3MDk0 OFoXDTE2MDQyODE3MDk0OFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2VkNTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0 NGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c/LhlyBs0UUiDSy nrC+Q0WJkWZeQ/kqwniru+GlXgb3g+7VvyAfdZ45NiBdo/6xXyCLphK0g8oZLyi8 OwQQoUyVMn9gsGXbjlwSzjXKx3wdUM+lFpenx8iQS9aCfVQJ4tzFgM1pQBQ2AiHs jvU18xSFSZApjT5UIK35kyH22D8LhCGGYLaU3xFEfHvd0AOuXwm5Nsiu/HTsSV4N peUdFEmFzQwUEUdV2jKOPcXnOArV82vfpdp1nSCX3kruEb9G93VsmQ+9ebKXQRQE Ltd65e/EYtXvihuTtElLYuyYZlYJdbTZeLXB4YLvElgNkS9JK7RKHlCm0KYQmcmd GZSh8QIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBRLxeFy3+RS FloygyjlXa6YEv8ltzAfBgNVHSMEGDAWgBRLxeFy3+RSFloygyjlXa6YEv8ltzAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAH9A9ePIqZGF4VEo5D4j MuOJ1J4uTRxHoEGXCDRcuCn3RvT0civWEPpRNo1YVgAWFODpt/HSi3lCVtTb7FwJ hfHkxCpAuHmv3sfT8jcCwTTAXL1BLpCO6d0zz0RrFMNK+vGyZu/7LXhaYVu590Q5 1DMybHmln7i+Tw/eYb4Avk1FWGOEpNdf3ZjUazcDlkO4EwA6BnZUC8gFvz0OI73D AJsGq/UsJvMH30ga1rZ/9LiHEMSEys5amk98yMRvi/R1qI02kjANdZ0ID/7cJSw2 rVCCs61jgYppWv3JHVKYmm6+cVPAUcuRdsUzDpAQDdvGAaZJENE6suulRVEaBEdS 8gM= -----END CERTIFICATE----- EOF cat > $tmpdir/no_trailing_nl <<- EOF -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRAO1VmyXYM0f7pbXVdEGtRPMwDQYJKoZIhvcNAQELBQAw UDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRob3JpdHkxLDAqBgNVBAMMI2Vk NTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0NGYzMB4XDTE1MDQyODE3MDk0 OFoXDTE2MDQyODE3MDk0OFowUDEgMB4GA1UEAwwXTG9jYWwgU2lnbmluZyBBdXRo b3JpdHkxLDAqBgNVBAMMI2VkNTU5YjI1LWQ4MzM0N2ZiLWE1YjVkNTc0LTQxYWQ0 NGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c/LhlyBs0UUiDSy nrC+Q0WJkWZeQ/kqwniru+GlXgb3g+7VvyAfdZ45NiBdo/6xXyCLphK0g8oZLyi8 OwQQoUyVMn9gsGXbjlwSzjXKx3wdUM+lFpenx8iQS9aCfVQJ4tzFgM1pQBQ2AiHs jvU18xSFSZApjT5UIK35kyH22D8LhCGGYLaU3xFEfHvd0AOuXwm5Nsiu/HTsSV4N peUdFEmFzQwUEUdV2jKOPcXnOArV82vfpdp1nSCX3kruEb9G93VsmQ+9ebKXQRQE Ltd65e/EYtXvihuTtElLYuyYZlYJdbTZeLXB4YLvElgNkS9JK7RKHlCm0KYQmcmd GZSh8QIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQEBMB0GA1UdDgQWBBRLxeFy3+RS FloygyjlXa6YEv8ltzAfBgNVHSMEGDAWgBRLxeFy3+RSFloygyjlXa6YEv8ltzAO BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAH9A9ePIqZGF4VEo5D4j MuOJ1J4uTRxHoEGXCDRcuCn3RvT0civWEPpRNo1YVgAWFODpt/HSi3lCVtTb7FwJ hfHkxCpAuHmv3sfT8jcCwTTAXL1BLpCO6d0zz0RrFMNK+vGyZu/7LXhaYVu590Q5 1DMybHmln7i+Tw/eYb4Avk1FWGOEpNdf3ZjUazcDlkO4EwA6BnZUC8gFvz0OI73D AJsGq/UsJvMH30ga1rZ/9LiHEMSEys5amk98yMRvi/R1qI02kjANdZ0ID/7cJSw2 rVCCs61jgYppWv3JHVKYmm6+cVPAUcuRdsUzDpAQDdvGAaZJENE6suulRVEaBEdS 8gM= EOF echo -n "-----END CERTIFICATE-----" >> $tmpdir/no_trailing_nl $toolsdir/fromfile trailing_nl $toolsdir/fromfile no_trailing_nl certmonger-0.79.19/tests/040-pem/0000755000175000017500000000000014511314133015656 5ustar gitgit00000000000000certmonger-0.79.19/tests/040-pem/bad.empty0000644000175000017500000000000014511314133017452 0ustar gitgit00000000000000certmonger-0.79.19/tests/040-pem/bad.isrg-root-x1-cross-signed.der.b640000644000175000017500000000351114511314133024342 0ustar gitgit00000000000000MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQK ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X DTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1owTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIElu dGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B4 93XCov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpLwYqGcWlK ZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+DLtFJV4yAdLbaL9A4jXsD cCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/ iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeY jzYIlefiN5YNNnWe+w5ysR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHdu Rze6zqxZXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4FQsD j43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBcSLeCO5imfWCKoqMp gsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2qlPRmP6zjzZN7IKw0KKP/32+IVQtQi 0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TNDTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAQYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBw cy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsG AQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAv oC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYE FHm0WeZ7tuXkAXOACIjIGlj26ZtuMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oG rS+o44+/yQoDFVDC5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMr AdSW9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuGWCLKTVXk cGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9Ohe8Y4IWS6wY7bCkjCWDc RQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFCDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr 6GtPAQw4dy753ec5 certmonger-0.79.19/tests/040-pem/expected.out0000644000175000017500000000021514511314133020206 0ustar gitgit00000000000000OK OK OK got expected error with bad.empty got expected error with bad.isrg-root-x1-cross-signed.der got expected error with bad.notfound OK certmonger-0.79.19/tests/040-pem/good.isrg-root-x1-cross-signed.pem0000644000175000017500000000360414511314133024164 0ustar gitgit00000000000000-----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE----- certmonger-0.79.19/tests/040-pem/good.isrg-root-x1-cross-signed_cr.pem0000644000175000017500000000364314511314133024653 0ustar gitgit00000000000000-----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE----- certmonger-0.79.19/tests/040-pem/good.lets_encrypt_chain.pem0000644000175000017500000001314514511314133023171 0ustar gitgit00000000000000-----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1 WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf 89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2 DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1 eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY 2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0 ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE----- certmonger-0.79.19/tests/040-pem/run.sh0000755000175000017500000000104014511314133017014 0ustar gitgit00000000000000#!/bin/bash -e cd "$tmpdir" cp -p "$srcdir"/040-pem/bad.* $tmpdir base64 -d < "$tmpdir"/bad.isrg-root-x1-cross-signed.der.b64 > "$tmpdir"/bad.isrg-root-x1-cross-signed.der rm -f "$tmpdir"/bad.isrg-root-x1-cross-signed.der.b64 for good in "$srcdir"/040-pem/good.* ; do if ! "$toolsdir"/pem "$good" ; then exit 1 fi done for bad in "$tmpdir"/bad.* bad.notfound; do if "$toolsdir"/pem "$bad" > /dev/null; then echo unexpected success with `basename "$bad"` exit 1 else echo got expected error with `basename "$bad"` fi done echo OK certmonger-0.79.19/tests/Makefile.am0000644000175000017500000002571214511314133016637 0ustar gitgit00000000000000SUBDIRS = tools CLEANFILES = \ 001-keyiread/actual.out \ 001-keyiread/actual.err \ 001-keyiread-ec/actual.out \ 001-keyiread-ec/actual.err \ 001-keyiread-rsa/actual.out \ 001-keyiread-rsa/actual.err \ 002-keygen/actual.out \ 002-keygen/actual.err \ 002-keygen-dbm/actual.out \ 002-keygen-dbm/actual.err \ 002-keygen-sql/actual.out \ 002-keygen-sql/actual.err \ 002-keygen-dsa/actual.out \ 002-keygen-dsa/actual.err \ 002-keygen-ec/actual.out \ 002-keygen-ec/actual.err \ 002-keygen-rsa/actual.out \ 002-keygen-rsa/actual.err \ 003-csrgen/actual.out \ 003-csrgen/actual.err \ 003-csrgen-ec/actual.out \ 003-csrgen-ec/actual.err \ 003-csrgen-rsa/actual.out \ 003-csrgen-rsa/actual.err \ 004-selfsign/actual.out \ 004-selfsign/actual.err \ 004-selfsign-ec/actual.out \ 004-selfsign-ec/actual.err \ 004-selfsign-rsa/actual.out \ 004-selfsign-rsa/actual.err \ 005-dbusm/actual.out \ 005-dbusm/actual.err \ 006-serial/actual.out \ 006-serial/actual.err \ 007-certsave/actual.out \ 007-certsave/actual.err \ 007-certsave-dbm/actual.out \ 007-certsave-dbm/actual.err \ 007-certsave-sql/actual.out \ 007-certsave-sql/actual.err \ 008-certread/actual.out \ 008-certread/actual.err \ 009-oiddict/actual.out \ 009-oiddict/actual.err \ 010-iterate/actual.out \ 010-iterate/actual.err \ 011-dbinit/actual.out \ 011-dbinit/actual.err \ 011-dbinit-dbm/actual.out \ 011-dbinit-dbm/actual.err \ 011-dbinit-sql/actual.out \ 011-dbinit-sql/actual.err \ 012-dbadd/actual.out \ 012-dbadd/actual.err \ 012-dbadd-dbm/actual.out \ 012-dbadd-dbm/actual.err \ 012-dbadd-sql/actual.out \ 012-dbadd-sql/actual.err \ 013-enckey/actual.out \ 013-enckey/actual.err \ 013-enckey-dbm/actual.out \ 013-enckey-dbm/actual.err \ 013-enckey-sql/actual.out \ 013-enckey-sql/actual.err \ 014-prefs/actual.out \ 014-prefs/actual.err \ 015-lockedkey/actual.out \ 015-lockedkey/actual.err \ 015-lockedkey-dbm/actual.out \ 015-lockedkey-dbm/actual.err \ 015-lockedkey-sql/actual.out \ 015-lockedkey-sql/actual.err \ 016-dates/actual.out \ 016-dates/actual.err \ 017-notoken/actual.out \ 017-notoken/actual.err \ 017-notoken-dbm/actual.out \ 017-notoken-dbm/actual.err \ 017-notoken-sql/actual.out \ 017-notoken-sql/actual.err \ 018-pembase/actual.out \ 018-pembase/actual.err \ 019-dparse/actual.out \ 019-dparse/actual.err \ 020-xparse/actual.out \ 020-xparse/actual.err \ 021-resume/actual.out \ 021-resume/actual.err \ 022-base64/actual.out \ 022-base64/actual.err \ 023-cadata/actual.out \ 023-cadata/actual.err \ 024-citerate/actual.out \ 024-citerate/actual.err \ 025-casave/actual.out \ 025-casave/actual.err \ 025-casave-dbm/actual.out \ 025-casave-dbm/actual.err \ 025-casave-sql/actual.out \ 025-casave-sql/actual.err \ 026-local/actual.out \ 026-local/actual.err \ 027-hooks/actual.out \ 027-hooks/actual.err \ 028-dbus/actual.out \ 028-dbus/actual.err \ 029-canonize/actual.out \ 029-canonize/actual.err \ 030-rekey/actual.out \ 030-rekey/actual.err \ 031-pkcs7/actual.out \ 031-pkcs7/actual.err \ 032-chain/actual.out \ 032-chain/actual.err \ 033-scep/actual.out \ 033-scep/actual.err \ 034-perms/actual.out \ 034-perms/actual.err \ 034-perms-dbm/actual.out \ 034-perms-dbm/actual.err \ 034-perms-sql/actual.out \ 034-perms-sql/actual.err \ 035-json/actual.out \ 035-json/actual.err \ 036-getcert/actual.out \ 036-getcert/actual.err \ 037-rekey2/actual.out \ 037-rekey2/actual.err \ 038-ms-v2-template/actual.out \ 038-ms-v2-template/actual.err \ 039-fromfile/actual.out \ 039-fromfile/actual.err 040-pem/actual.out \ 040-pem/actual.err EXTRA_DIST = \ run-tests.sh functions certmonger.conf tools/cachain.sh \ 001-keyiread/run.sh \ 001-keyiread/expected.out \ 001-keyiread-rsa/run.sh \ 001-keyiread-rsa/expected.out \ 001-keyiread-ec/run.sh \ 001-keyiread-ec/expected.out \ 001-keyiread-ec/expected.out.2 \ 001-keyiread-ec/expected.out.3 \ 001-keyiread-ec/expected.out.4 \ 002-keygen/prequal.sh \ 002-keygen/run.sh \ 002-keygen/expected.out \ 002-keygen-dbm/run.sh \ 002-keygen-dbm/expected.out \ 002-keygen-sql/run.sh \ 002-keygen-sql/expected.out \ 002-keygen-rsa/prequal.sh \ 002-keygen-rsa/run.sh \ 002-keygen-rsa/expected.out \ 002-keygen-dsa/prequal.sh \ 002-keygen-dsa/run.sh \ 002-keygen-dsa/expected.out \ 002-keygen-ec/prequal.sh \ 002-keygen-ec/run.sh \ 002-keygen-ec/expected.out \ 002-keygen-ec/expected.out.2 \ 002-keygen-ec/expected.out.3 \ 002-keygen-ec/expected.out.4 \ 003-csrgen/run.sh \ 003-csrgen/expected.out \ 003-csrgen-rsa/run.sh \ 003-csrgen-rsa/expected.out \ 003-csrgen-ec/run.sh \ 003-csrgen-ec/expected.out \ 004-selfsign/run.sh \ 004-selfsign/expected.out \ 004-selfsign-rsa/run.sh \ 004-selfsign-rsa/expected.out \ 004-selfsign-ec/run.sh \ 004-selfsign-ec/expected.out \ 005-dbusm/run.sh \ 005-dbusm/expected.out \ 006-serial/run.sh \ 006-serial/expected.out \ 007-certsave/prequal.sh \ 007-certsave/run.sh \ 007-certsave/expected.out \ 007-certsave-dbm/prequal.sh \ 007-certsave-dbm/run.sh \ 007-certsave-dbm/expected.out \ 007-certsave-sql/prequal.sh \ 007-certsave-sql/run.sh \ 007-certsave-sql/expected.out \ 008-certread/run.sh \ 008-certread/expected.out \ 009-oiddict/run.sh \ 009-oiddict/expected.out \ 010-iterate/run.sh \ 010-iterate/expected.out \ 011-dbinit/expected.out \ 011-dbinit/run.sh \ 011-dbinit-dbm/expected.out \ 011-dbinit-dbm/run.sh \ 011-dbinit-sql/expected.out \ 011-dbinit-sql/run.sh \ 012-dbadd/expected.out \ 012-dbadd/run.sh \ 012-dbadd-dbm/expected.out \ 012-dbadd-dbm/run.sh \ 012-dbadd-sql/expected.out \ 012-dbadd-sql/run.sh \ 013-enckey/expected.out \ 013-enckey/run.sh \ 013-enckey-dbm/expected.out \ 013-enckey-dbm/run.sh \ 013-enckey-sql/expected.out \ 013-enckey-sql/run.sh \ 014-prefs/expected.out \ 014-prefs/run.sh \ 015-lockedkey/expected.out \ 015-lockedkey/run.sh \ 015-lockedkey-dbm/expected.out \ 015-lockedkey-dbm/run.sh \ 015-lockedkey-sql/expected.out \ 015-lockedkey-sql/run.sh \ 016-dates/expected.out \ 016-dates/run.sh \ 017-notoken/expected.out \ 017-notoken/run.sh \ 017-notoken-dbm/expected.out \ 017-notoken-dbm/run.sh \ 017-notoken-sql/expected.out \ 017-notoken-sql/run.sh \ 018-pembase/expected.out \ 018-pembase/run.sh \ 019-dparse/expected.out \ 019-dparse/run.sh \ 019-dparse/bad.checkRequest.nosuch \ 019-dparse/bad.displayCertFromRequest.incomplete \ 019-dparse/bad.displayCertFromRequest.no-such-request \ 019-dparse/bad.displayCertFromRequest.rejected \ 019-dparse/bad.profileProcess.bad-property \ 019-dparse/bad.profileProcess.no-agent-cert \ 019-dparse/bad.profileProcess.no-ca-cert \ 019-dparse/bad.profileProcess.no-property \ 019-dparse/bad.profileProcess.not-pending \ 019-dparse/bad.profileReview.no-such-request \ 019-dparse/bad.profileReview.unauthorized-cert \ 019-dparse/bad.profileReview.wrong-nssdb \ 019-dparse/bad.profileSubmit.csr.empty \ 019-dparse/bad.profileSubmit.csr.subject-mismatch \ 019-dparse/bad.profileSubmit.serial.empty \ 019-dparse/bad.profileSubmit.serial.invalid \ 019-dparse/bad.profileSubmit.serial.out-of-range \ 019-dparse/good.checkRequest.complete \ 019-dparse/good.checkRequest.pending \ 019-dparse/good.displayCertFromRequest \ 019-dparse/good.displayCertFromRequest-extra-line \ 019-dparse/good.profileList \ 019-dparse/good.profileReview \ 019-dparse/good.profileSubmit.issued \ 019-dparse/good.profileSubmit.serial.in-range \ 020-xparse/certmaster-fault.xml \ 020-xparse/certmaster-rep1.xml \ 020-xparse/certmaster-rep2.xml \ 020-xparse/certmaster-req.xml \ 020-xparse/ipa-fault.xml \ 020-xparse/ipa-rep-new.xml \ 020-xparse/ipa-req.xml \ 021-resume/expected.out \ 021-resume/run.sh \ 022-base64/expected.out \ 022-base64/run.sh \ 023-cadata/expected.out \ 023-cadata/run.sh \ 024-citerate/expected.out \ 024-citerate/run.sh \ 025-casave/expected.out \ 025-casave/run.sh \ 025-casave-dbm/expected.out \ 025-casave-dbm/run.sh \ 025-casave-sql/expected.out \ 025-casave-sql/run.sh \ 026-local/expected.out \ 026-local/run.sh \ 027-hooks/expected.out \ 027-hooks/run.sh \ 028-dbus/expected.out 028-dbus/expected.out.nodsa \ 028-dbus/entry 028-dbus/bogus-entry \ 028-dbus/prequal.sh \ 028-dbus/run.sh \ 028-dbus/runsub.sh \ 028-dbus/simpleprop.py \ 028-dbus/walk.py \ 029-canonize/expected.out \ 029-canonize/run.sh \ 030-rekey/expected.out \ 030-rekey/run.sh \ 031-pkcs7/prequal.sh \ 031-pkcs7/expected.out \ 031-pkcs7/run.sh \ 032-chain/expected.out \ 032-chain/run.sh \ 033-scep/expected.out \ 033-scep/run.sh \ 034-perms/expected.out \ 034-perms/run.sh \ 034-perms-dbm/expected.out \ 034-perms-dbm/run.sh \ 034-perms-sql/expected.out \ 034-perms-sql/run.sh \ 035-json/expected.out \ 035-json/run.sh \ 035-json/bad.1 \ 035-json/bad.15 \ 035-json/bad.1a \ 035-json/bad.1b \ 035-json/bad.1c \ 035-json/bad.1d \ 035-json/bad.1e \ 035-json/bad.2 \ 035-json/bad.3 \ 035-json/bad.4 \ 035-json/bad.5 \ 035-json/bad.6 \ 035-json/bad.8 \ 035-json/bad.9 \ 035-json/good.1 \ 035-json/good.10 \ 035-json/good.11 \ 035-json/good.12 \ 035-json/good.13 \ 035-json/good.14 \ 035-json/good.15 \ 035-json/good.16 \ 035-json/good.17 \ 035-json/good.18 \ 035-json/good.19 \ 035-json/good.2 \ 035-json/good.20 \ 035-json/good.21 \ 035-json/good.22 \ 035-json/good.2a \ 035-json/good.2b \ 035-json/good.2c \ 035-json/good.3 \ 035-json/good.4 \ 035-json/good.5 \ 035-json/good.6 \ 035-json/good.7 \ 035-json/good.8 \ 035-json/good.9 \ 036-getcert/expected.out \ 036-getcert/run.sh \ 037-rekey2/expected.out \ 037-rekey2/run.sh \ 038-ms-v2-template/expected.out \ 038-ms-v2-template/extract-extdata.py \ 038-ms-v2-template/run.sh \ 039-fromfile/run.sh \ 040-pem/run.sh subdirs = \ 001-keyiread \ 001-keyiread-rsa \ 002-keygen-rsa \ 003-csrgen \ 003-csrgen-rsa \ 004-selfsign \ 004-selfsign-rsa \ 005-dbusm \ 006-serial \ 008-certread \ 009-oiddict \ 010-iterate \ 014-prefs \ 016-dates \ 018-pembase \ 019-dparse \ 021-resume \ 022-base64 \ 023-cadata \ 024-citerate \ 026-local \ 027-hooks \ 028-dbus \ 029-canonize \ 030-rekey \ 031-pkcs7 \ 032-chain \ 033-scep \ 035-json \ 036-getcert \ 037-rekey2 \ 038-ms-v2-template \ 039-fromfile \ 040-pem if HAVE_DBM_NSSDB subdirs += \ 002-keygen-dbm \ 007-certsave-dbm \ 011-dbinit-dbm \ 012-dbadd-dbm \ 013-enckey-dbm \ 015-lockedkey-dbm \ 017-notoken-dbm \ 025-casave-dbm \ 034-perms-dbm endif if HAVE_SQL_NSSDB subdirs += \ 002-keygen-sql \ 007-certsave-sql \ 011-dbinit-sql \ 012-dbadd-sql \ 013-enckey-sql \ 015-lockedkey-sql \ 017-notoken-sql \ 025-casave-sql \ 034-perms-sql endif if HAVE_DSA subdirs += \ 002-keygen-dsa endif if HAVE_EC subdirs += \ 001-keyiread-ec \ 002-keygen-ec \ 003-csrgen-ec \ 004-selfsign-ec endif check: all if [ ! -e $$HOME/.rnd ] ; then \ openssl rand -writerand $$HOME/.rnd; \ fi for required in certutil cmsutil pk12util openssl diff cmp mktemp \ dos2unix unix2dos dbus-launch ; do \ which $$required || exit 1; \ done env srcdir=$(srcdir) \ builddir=$(top_builddir)/tests \ $(srcdir)/run-tests.sh $(subdirs) certmonger-0.79.19/tests/certmonger.conf0000644000175000017500000000011014511314133017600 0ustar gitgit00000000000000[defaults] notification_method = stdout [selfsign] validity_period = 1d certmonger-0.79.19/tests/docker/0000755000175000017500000000000014511314133016043 5ustar gitgit00000000000000certmonger-0.79.19/tests/docker/build-and-test.sh0000755000175000017500000000135714511314133021224 0ustar gitgit00000000000000#!/bin/bash -x set -e if test -s /etc/os-release; then source /etc/os-release else if test -s /etc/system-release ; then PRETTY_NAME=`cat /etc/system-release` else PRETTY_NAME=unknown fi fi # Print PRETTY_NAME periodically, so it's easier to know where we are if we're # paging through a log of results from multiple containers. echo '['"${PRETTY_NAME}"']' rm -fr /build/certmonger cp -a /source /build/certmonger cd /build/certmonger echo '['"${PRETTY_NAME}"']' export CFLAGS="-Wall -Wextra -Wno-unused-parameter" ./configure --prefix=/usr --sysconfdir=/etc --with-tmpdir=/var/run/certmonger --localstatedir=/var --disable-maintainer-mode --enable-srv-location --disable-systemd --disable-sysvinit echo '['"${PRETTY_NAME}"']' make distcheck certmonger-0.79.19/tests/docker/generate.sh0000755000175000017500000001014014511314133020170 0ustar gitgit00000000000000#!/bin/bash topdir=$(cd ../..; pwd) echo '#!/bin/bash -x' > build-all-images.sh echo 'set -e' >> build-all-images.sh echo '#!/bin/bash -x' > test-all.sh echo 'set -e' >> test-all.sh uid=`id -u` gid=`id -g` for dist in fedora debian ubuntu centos ; do env= pre= case $dist in fedora) versions="24 25 rawhide" install="dnf -q -y install --best --allowerasing" pre="RUN dnf -q -y distro-sync" first="dbus dbus-x11 redhat-rpm-config" tools="autoconf automake binutils dos2unix expect gawk gcc git libtool make mktemp python unix2dos which" libraries="openssl-devel nss-devel libuuid-devel libtevent-devel dbus-devel libcurl-devel libxml2-devel xmlrpc-c-devel libidn-devel krb5-devel openldap-devel popt-devel diffutils dbus-python openssl nss-tools gettext-devel glibc-devel gmp-devel" ;; centos) versions="5 6 7" install="yum -q -y install" pre="RUN yum -q -y update" first="dbus dbus-x11 redhat-rpm-config" tools="autoconf automake binutils dos2unix expect gawk gcc git libtool make mktemp python unix2dos which" libraries="openssl-devel nss-devel libuuid-devel libtevent-devel dbus-devel libcurl-devel libxml2-devel xmlrpc-c-devel libidn-devel krb5-devel openldap-devel popt-devel diffutils dbus-python openssl nss-tools gettext-devel glibc-devel" ;; debian) versions="wheezy jessie stretch sid" env="ENV DEBIAN_FRONTEND=noninteractive" pre="RUN apt-get clean && apt-get update" install="apt-get -y -qq install --no-install-recommends" first="apt-utils dbus dbus-x11" tools="autoconf automake autopoint binutils dos2unix expect gawk gcc git libtool make mktemp python" libraries="libssl-dev libnss3-dev uuid-dev libtevent-dev libdbus-1-dev libcurl4-openssl-dev libxml2-dev libxmlrpc-core-c3-dev libidn11-dev libkrb5-dev libldap2-dev libpopt-dev diffutils python-dbus openssl libnss3-tools libgettextpo-dev libc6-dev libgmp-dev" ;; ubuntu) versions="trusty xenial zesty" env="ENV DEBIAN_FRONTEND=noninteractive" pre="RUN apt-get clean && apt-get update" first="apt-utils dbus dbus-x11" install="apt-get -y -qq install --no-install-recommends" tools="autoconf automake autopoint binutils dos2unix expect gawk gcc git libtool make mktemp python" libraries="libssl-dev libnss3-dev uuid-dev libtevent-dev libdbus-1-dev libcurl4-openssl-dev libxml2-dev libxmlrpc-core-c3-dev libidn11-dev libkrb5-dev libldap2-dev libpopt-dev diffutils python-dbus openssl libnss3-tools libgettextpo-dev libc6-dev libgmp-dev" ;; esac for version in $versions ; do combo="$dist"-"$version" morelibraries= case "$combo" in centos-5) morelibraries=bind-libbind-devel ;; esac mkdir -p "$combo" cat > "$combo"/Dockerfile <<- EOF FROM $dist:$version $env $pre RUN $install $first RUN $install $tools RUN $install $libraries $morelibraries RUN mkdir /build RUN echo certmongerbuilder::$uid:$gid:certmonger builder:/build:/bin/bash >> /etc/passwd RUN echo certmongerbuilder::$gid: >> /etc/group RUN chown -R $uid:$gid /build USER $uid:$gid EOF echo '#!/bin/bash -x' > build-"$combo"-image.sh echo docker build -t certmonger-dev:"$combo" ./"$combo"/ >> build-"$combo"-image.sh chmod +x build-"$combo"-image.sh echo docker build -t certmonger-dev:"$combo" ./"$combo"/ >> build-all-images.sh echo '#!/bin/bash -x' > test-"$combo".sh echo docker inspect certmonger-build-"$combo" \> /dev/null 2\> /dev/null \&\& docker rm -f certmonger-build-"$combo" >> test-"$combo".sh echo docker run --security-opt no-new-privileges -v "$topdir":/source:ro -it --name certmonger-build-"$combo" certmonger-dev:"$combo" /source/tests/docker/build-and-test.sh >> test-"$combo".sh chmod +x test-"$combo".sh echo docker inspect certmonger-build-"$combo" \> /dev/null 2\> /dev/null \&\& docker rm -f certmonger-build-"$combo" >> test-all.sh echo docker run --security-opt no-new-privileges -v "$topdir":/source:ro -it --name certmonger-build-"$combo" certmonger-dev:"$combo" /source/tests/docker/build-and-test.sh >> test-all.sh done done chmod +x build-all-images.sh chmod +x test-all.sh certmonger-0.79.19/tests/functions0000644000175000017500000000242314511314133016530 0ustar gitgit00000000000000#!/bin/bash function initnssdb() { dir=`echo "$1" | cut -f2- -d:` if ! test -d "$dir"/rosubdir ; then mkdir -m 500 "$dir"/rosubdir fi if test -d "$dir"/rwsubdir ; then chmod u+w "$dir"/rwsubdir/* || true rm -f "$dir"/rwsubdir/* else mkdir -m 700 "$dir"/rwsubdir fi echo "" > "$dir"/oldpin echo "" > "$dir"/oldpin2 echo "" >> "$dir"/oldpin2 echo "$2" > "$dir"/newpin echo "$2" > "$dir"/newpin2 echo "$2" >> "$dir"/newpin2 certutil -d "$1" -W -f "$dir"/oldpin -@ "$dir"/oldpin2 > /dev/null certutil -d "$1" -W -f "$dir"/oldpin -@ "$dir"/newpin2 > /dev/null certutil -d "$1" -W -f "$dir"/newpin -@ "$dir"/newpin2 > /dev/null certutil -d "$1"/rwsubdir -W -f "$dir"/oldpin -@ "$dir"/oldpin2 > /dev/null certutil -d "$1"/rwsubdir -W -f "$dir"/oldpin -@ "$dir"/newpin2 > /dev/null certutil -d "$1"/rwsubdir -W -f "$dir"/newpin -@ "$dir"/newpin2 > /dev/null chmod u-w "$dir"/rwsubdir/* } function run_certutil() { dd if=/dev/urandom of="$dir"/noise bs=1024 count=1 > /dev/null 2> /dev/null certutil "$@" -z "$dir"/noise } function run_dos2unix() { dos2unix "$@" 2>&1 | sed -e s,Unix,unix,g -e s,UNIX,unix,g -e s,'format \.\.\.','format...',g } function run_unix2dos() { unix2dos "$@" 2>&1 | sed -e s,Unix,unix,g -e s,UNIX,unix,g -e s,'format \.\.\.','format...',g } certmonger-0.79.19/tests/run-tests.sh0000755000175000017500000000644614511314133017111 0ustar gitgit00000000000000#!/bin/bash tmpfile=`mktemp ${TMPDIR:-/tmp}/runtestsXXXXXX` if test -z "$tmpfile" ; then echo Error creating temporary file. exit 1 else trap 'rm -f "$tmpfile"' EXIT fi tmpdir=`mktemp -d ${TMPDIR:-/tmp}/runtestsXXXXXX` if test -z "$tmpdir" ; then echo Error creating temporary directory. exit 1 else trap 'rm -f "$tmpfile"; rm -fr "$tmpdir"' EXIT fi mkdir -m 500 "$tmpdir"/rosubdir mkdir -m 700 "$tmpdir"/rwsubdir trap 'rm -f "$tmpfile"; chmod u+w "$tmpdir"/* ; rm -fr "$tmpdir"' EXIT unset DBUS_SESSION_BUS_ADDRESS eval `dbus-launch --sh-syntax` if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then echo Error launching session bus. exit 1 else trap 'rm -f "$tmpfile"; chmod u+w "$tmpdir"/* ; rm -fr "$tmpdir"; kill "$DBUS_SESSION_BUS_PID"' EXIT fi srcdir=${srcdir:-`pwd`} pushd "$srcdir" > /dev/null srcdir=`pwd` popd > /dev/null builddir=${builddir:-`pwd`} pushd "$builddir" > /dev/null builddir=`pwd` popd > /dev/null toolsdir=${toolsdir:-${builddir}/tools} export builddir export srcdir export toolsdir export tmpdir cd "$builddir" CERTMONGER_CONFIG_DIR=${srcdir} export CERTMONGER_CONFIG_DIR stat=0 subdirs= if test $# -eq 0 ; then subdirs=`cd "$srcdir"; ls -1 | grep '^[0-9]'` fi for testid in "$@" $subdirs ; do if test -x "$srcdir"/"$testid"/prequal.sh ; then if ! "$srcdir"/"$testid"/prequal.sh ; then echo "Skipping test "$testid"." continue fi fi RUNVALGRIND=${VALGRIND:+valgrind --log-file="$builddir"/"$testid"/valgrind/%p.log --trace-children=yes --track-origins=yes} if test -n "$RUNVALGRIND" ; then rm -fr "$builddir"/"$testid"/valgrind mkdir -p "$builddir"/"$testid"/valgrind fi if test -x "$srcdir"/"$testid"/run.sh ; then pushd "$srcdir"/"$testid" > /dev/null mkdir -p "$builddir"/"$testid" rm -fr "$tmpdir"/* mkdir -m 500 "$tmpdir"/rosubdir mkdir -m 700 "$tmpdir"/rwsubdir if test -r ./expected.out ; then echo -n "Running test "$testid"... " $RUNVALGRIND ./run.sh "$tmpdir" > "$tmpfile" 2> "$tmpdir"/errors sed -i "s|${TMPDIR:-/tmp}/runtests....../|\${tmpdir}/|g" "$tmpfile" "$tmpdir/errors" stat=1 for i in expected.out* ; do if ! test -s "$i" ; then break fi # This regex needs to be ignored since it is dynamically created at # every CA creation if diff -q -I "tmpdir/cas/[[:digit:]]\+" "$tmpfile" "$i" 2> /dev/null ; then stat=0 echo "OK" cp $tmpfile "$builddir"/"$testid"/actual.out cp "$tmpdir"/errors "$builddir"/"$testid"/actual.err break fi done if test $stat -eq 1 ; then echo "FAIL" for i in expected.out* ; do diff -u "$tmpfile" "$i" -I "tmpdir/cas/[[:digit:]]\+" | sed s,"^\+\+\+ $tmpfile","+++ actual",g done cp $tmpfile "$builddir"/"$testid"/actual.out cp "$tmpdir"/errors "$builddir"/"$testid"/actual.err fi else echo "Running test "$testid"." $RUNVALGRIND ./run.sh "$tmpdir" stat=$? fi if test -n "$RUNVALGRIND" ; then echo > $tmpfile if grep "ERROR SUMMARY" "$builddir"/"$testid"/valgrind/*.log | grep -v '0 errors' | cut -f1 -d: | xargs grep Command: $tmpfile | grep -qv "Command: /usr" ; then echo valgrind detected errors fi fi for i in "$tmpdir"/core* ; do if test -s "$i"; then cp "$i" . fi done popd > /dev/null if test $stat -ne 0 ; then break fi else echo "No test defined in "$testid", skipping." fi done exit $stat certmonger-0.79.19/tests/tools/0000755000175000017500000000000014511314133015734 5ustar gitgit00000000000000certmonger-0.79.19/tests/tools/Makefile.am0000644000175000017500000000304114511314133017766 0ustar gitgit00000000000000AM_CFLAGS = $(TALLOC_CFLAGS) $(TEVENT_CFLAGS) $(DBUS_CFLAGS) $(KRB5_CFLAGS) \ $(XMLRPC_CFLAGS) $(IDN_CFLAGS) $(UUID_CFLAGS) $(LDAP_CFLAGS) \ $(POPT_CFLAGS) -I$(top_builddir)/src -I$(top_srcdir)/src LDADD = libtools.a $(top_builddir)/src/libcm.a $(top_srcdir)/src/env-system.c \ libtools.a $(OPENSSL_LIBS) $(CERTMONGER_LIBS) $(KRB5_LIBS) $(IDN_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(RESOLV_LIBS) $(POPT_LIBS) $(LTLIBICONV) \ $(LDAP_LIBS) noinst_SCRIPTS = cachain.sh if PIE CFLAGS += -fPIC LDFLAGS += -fPIC -pie endif noinst_PROGRAMS = keyiread keygen csrgen submit certread certsave oid2name \ name2oid iterate prefs dates listnicks pem2base base2pem \ dparse payload checksig base64 cadata citerate casave hooks \ libexecdir canon srv addcinfo ls json json-utf8 printenv fromfile \ pem noinst_LIBRARIES = libtools.a if HAVE_OPENSSL noinst_PROGRAMS += pk7parse pk7env scepgen pk7verify pk7decrypt endif libtools_a_SOURCES = $(top_srcdir)/src/tm.h tm.c tools.h tools.c listnicks_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) payload_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) checksig_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) addcinfo_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) dparse_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) dparse_SOURCES = dparse.c dparse_LDADD = $(top_srcdir)/src/submit-d.c $(LDADD) $(XML_LIBS) citerate_SOURCES = citerate.c citerate_LDADD = $(top_srcdir)/src/store-gen.c $(LDADD) srv_SOURCES = srv.c srv_LDADD = $(top_srcdir)/src/srvloc.c $(LDADD) fromfile_CFLAGS = $(AM_CFLAGS) fromfile_SOURCES = fromfile.c fromfile_LDADD = $(LDADD) $(UUID_LIBS) certmonger-0.79.19/tests/tools/addcinfo.c0000644000175000017500000000523214511314133017651 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include "../../src/log.h" struct content_info { SECItem content_type, content; }; static const SEC_ASN1Template content_info_template[] = { { .kind = SEC_ASN1_SEQUENCE, .offset = 0, .sub = NULL, .size = sizeof(struct content_info), }, { .kind = SEC_ASN1_OBJECT_ID, .offset = offsetof(struct content_info, content_type), .sub = &SEC_ObjectIDTemplate, .size = sizeof(SECItem), }, { .kind = SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT, .offset = offsetof(struct content_info, content), .sub = &SEC_AnyTemplate, .size = sizeof(SECItem), }, { 0, 0, NULL, 0 }, }; int main(int argc, char **argv) { unsigned char *buffer = NULL, buf[BUFSIZ]; int i, n = 0; unsigned int j; SECItem encoded; SECOidData *enveloped; struct content_info ci; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { buffer = realloc(buffer, n + i); if (buffer == NULL) { cm_log(0, "Out of memory.\n"); return 1; } memcpy(buffer + n, buf, i); n += i; } memset(&ci, 0, sizeof(ci)); enveloped = SECOID_FindOIDByTag(SEC_OID_PKCS7_ENVELOPED_DATA); if (enveloped == NULL) { cm_log(0, "Internal error: %s.\n", PR_ErrorToName(PORT_GetError())); free(buffer); return 1; } ci.content_type = enveloped->oid; ci.content.data = buffer; ci.content.len = n; memset(&encoded, 0, sizeof(encoded)); if (SEC_ASN1EncodeItem(NULL, &encoded, &ci, content_info_template) != &encoded) { cm_log(0, "Encoding error: %s.\n", PR_ErrorToName(PORT_GetError())); free(buffer); return 1; } j = 0; while ((i = write(STDOUT_FILENO, encoded.data + j, encoded.len - j)) > 0) { j += i; if (j >= encoded.len) { break; } } free(buffer); return 0; } certmonger-0.79.19/tests/tools/base2pem.c0000644000175000017500000000372614511314133017606 0ustar gitgit00000000000000/* * Copyright (C) 2011,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include "../../src/submit-u.h" int main(int argc, const char **argv) { char buf[LINE_MAX], *p = NULL, *q, *type = "CERTIFICATE"; int dos = 1, c; poptContext pctx; struct poptOption popts[] = { {"dos", 'd', POPT_ARG_NONE, NULL, 'd', "output using DOS-style end-of-lines", NULL}, {"unix", 'u', POPT_ARG_NONE, NULL, 'u', "output using Unix-style end-of-lines", NULL}, {"type", 't', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &type, 0, "data type to claim", NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("base2pem", argc, argv, popts, 0); if (pctx == NULL) { return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'd': dos = 1; break; case 'u': dos = 0; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } while (fgets(buf, sizeof(buf), stdin) != NULL) { if (p == NULL) { p = strdup(buf); } else { q = malloc(strlen(p) + strlen(buf) + 1); if (q != NULL) { stpcpy(stpcpy(q, p), buf); free(p); p = q; } } } printf("%s", cm_submit_u_pem_from_base64(type, dos, p)); free(p); return 0; } certmonger-0.79.19/tests/tools/base64.c0000644000175000017500000000504114511314133017164 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include "../../src/store.h" int main(int argc, const char **argv) { unsigned char buf[LINE_MAX], *p = NULL, *q; unsigned int length, i, j; int decode = 0, encode = 0, hex = 0; const char *s; int c, l; poptContext pctx; struct poptOption popts[] = { {"decode", 'd', POPT_ARG_NONE, &decode, 'd', NULL, NULL}, {"encode", 'e', POPT_ARG_NONE, &encode, 'e', NULL, NULL}, {"hex", 'h', POPT_ARG_NONE, &hex, 'h', "encode from hex / decode to hex", NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("base64", argc, argv, popts, 0); if (pctx == NULL) { return 1; } while ((c = poptGetNextOpt(pctx)) > 0) { continue; } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } if ((decode && encode) || (!decode && !encode)) { poptPrintUsage(pctx, stdout, 0); return 1; } length = 0; while ((l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { q = realloc(p, length + l + 1); if (q == NULL) { perror("realloc"); free(p); return 1; } memcpy(q + length, buf, l); q[length + l] = '\0'; p = q; length += l; } if (decode) { j = 3 * howmany(length, 4) + 1; q = malloc(j); i = cm_store_base64_to_bin((const char *) p, -1, q, j); if (hex) { s = cm_store_hex_from_bin(NULL, q, i); printf("%s\n", s); } else { length = i; i = 0; while (i < length) { j = write(STDOUT_FILENO, q + i, length - i); if (j <= 0) { break; } i += j; } } } else { if (encode) { if (hex) { s = cm_store_base64_from_hex(NULL, (const char *) p); printf("%s\n", s); } else { s = cm_store_base64_from_bin(NULL, p, length); printf("%s\n", s); } } } free(p); return 0; } certmonger-0.79.19/tests/tools/cachain.sh0000755000175000017500000000466614511314133017675 0ustar gitgit00000000000000#!/bin/bash -e digest=sha256 keytype=rsa:1024 serial=12345678 cat > openssl.cnf << EOF [req] x509_extensions = x509 distinguished_name = name prompt = no [name] CN = Test Top-Level CA [x509] basicConstraints = CA:true keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyCertSign,cRLSign subjectKeyIdentifier=hash EOF openssl req -new -newkey $keytype -keyout ca0.key -nodes -config openssl.cnf -x509 -set_serial $serial -out ca0.crt i=0 : > ca.txt echo $((serial+1)) > ca.srl while test $i -lt ${1:-8} ; do i=$((i+1)) cat > openssl.cnf <<- EOF [req] distinguished_name = distinguished_name prompt = no [ca] default_ca = default_ca distinguished_name = distinguished_name [default_ca] private_key = `pwd`/ca$((i-1)).key certificate = `pwd`/ca$((i-1)).crt database = `pwd`/ca.txt serial = `pwd`/ca.srl new_certs_dir = `pwd` distinguished_name = distinguished_name default_md = $digest prompt = no policy = policy default_days = 365 x509_extensions = x509_extensions [distinguished_name] CN = Test Level $i CA [policy] CN = supplied [x509_extensions] basicConstraints = CA:true keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyCertSign,cRLSign subjectKeyIdentifier=hash EOF if test $((i%2)) == 0 ; then echo authorityKeyIdentifier=keyid,issuer >> openssl.cnf fi openssl req -new -newkey $keytype -keyout ca$i.key -nodes -config openssl.cnf -out ca$i.req openssl ca -batch -config openssl.cnf -key ca$((i-1)).key -cert ca$((i-1)).crt -in ca$i.req -out ca$i.crt -notext done cat > openssl.cnf <<- EOF [req] distinguished_name = distinguished_name prompt = no [ca] default_ca = default_ca distinguished_name = distinguished_name [default_ca] private_key = `pwd`/ca$i.key certificate = `pwd`/ca$i.crt database = `pwd`/ca.txt serial = `pwd`/ca.srl new_certs_dir = `pwd` distinguished_name = distinguished_name default_md = $digest prompt = no policy = policy default_days = 365 x509_extensions = x509_extensions [distinguished_name] CN = Test EE Cert [policy] CN = supplied [x509_extensions] basicConstraints = CA:false keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment subjectKeyIdentifier=hash EOF if test $((i%2)) == 0 ; then echo authorityKeyIdentifier=keyid,issuer >> openssl.cnf fi openssl req -new -newkey $keytype -keyout ee.key -nodes -config openssl.cnf -out ee.req openssl ca -batch -config openssl.cnf -key ca$i.key -cert ca$i.crt -in ee.req -out ee.crt -notext certmonger-0.79.19/tests/tools/cadata.c0000644000175000017500000001056314511314133017322 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/cadata.h" #include "../../src/log.h" #include "../../src/store-int.h" #include "../../src/store.h" #include "../../src/submit-e.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, const char **argv) { struct cm_cadata_state *state; struct cm_store_ca *ca; int c, fd, ret = CM_SUBMIT_STATUS_REJECTED; int iflag = 0, cflag = 0, pflag = 0, dflag = 0, eflag = 0, rflag = 0; int Cflag = 0, sflag = 0, verbose = 0; const char *cafile; unsigned i; void *parent; struct { struct cm_cadata_state * (*start)(struct cm_store_ca *); int *flag; } flags[] = { {cm_cadata_start_identify, &iflag}, {cm_cadata_start_certs, &cflag}, {cm_cadata_start_profiles, &pflag}, {cm_cadata_start_default_profile, &dflag}, {cm_cadata_start_enroll_reqs, &eflag}, {cm_cadata_start_renew_reqs, &rflag}, {cm_cadata_start_capabilities, &Cflag}, {cm_cadata_start_encryption_certs, &sflag}, }; poptContext pctx; struct poptOption popts[] = { {"identity", 'i', POPT_ARG_NONE, &iflag, 0, NULL, NULL}, {"root-certs", 'c', POPT_ARG_NONE, &cflag, 0, NULL, NULL}, {"profiles", 'p', POPT_ARG_NONE, &pflag, 0, NULL, NULL}, {"default-profile", 'd', POPT_ARG_NONE, &dflag, 0, NULL, NULL}, {"enroll-reqs", 'e', POPT_ARG_NONE, &eflag, 0, NULL, NULL}, {"renew-reqs", 'r', POPT_ARG_NONE, &rflag, 0, NULL, NULL}, {"capabilities", 'C', POPT_ARG_NONE, &Cflag, 0, NULL, NULL}, {"encryption-certs", 's', POPT_ARG_NONE, &sflag, 0, NULL, NULL}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("cadata", argc, argv, popts, 0); if (pctx == NULL) { return 1; } poptSetOtherOptionHelp(pctx, "[options...] cafile"); while ((c = poptGetNextOpt(pctx)) > 0) { switch (c) { case 'v': verbose++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } cm_log_set_method(cm_log_stderr); cm_log_set_level(verbose); cm_set_fips_from_env(); parent = talloc_new(NULL); cafile = poptGetArg(pctx); if (cafile != NULL) { ca = cm_store_files_ca_read(parent, cafile); if (ca == NULL) { printf("Error reading %s: %s.\n", cafile, strerror(errno)); return -1; } } else { printf("Specify a CA file as an argument.\n"); return -1; } for (i = 0; i < sizeof(flags) / sizeof(flags[0]); i++) { if (*(flags[i].flag) == 0) { continue; } state = (*(flags[i].start))(ca); if (state != NULL) { for (;;) { fd = cm_cadata_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_cadata_ready(state) == 0) { break; } } if (cm_cadata_unsupported(state) == 0) { printf("Helper doesn't implement.\n"); ret = CM_SUBMIT_STATUS_OPERATION_NOT_SUPPORTED; } else if (cm_cadata_unreachable(state) == 0) { printf("CA was unreachable.\n"); ret = CM_SUBMIT_STATUS_UNREACHABLE; } else if (cm_cadata_unconfigured(state) == 0) { printf("CA helper was un- or " "under-configured.\n"); ret = CM_SUBMIT_STATUS_UNCONFIGURED; } else if (cm_cadata_modified(state) == 0) { ret = CM_SUBMIT_STATUS_ISSUED; } else { printf("CA helper provided data.\n"); ret = -1; } cm_cadata_done(state); } else { printf("Failed to start.\n"); ret = -1; } } cm_store_ca_save(ca); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/canon.c0000644000175000017500000000215714511314133017203 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include "../../src/store.h" int main(int argc, char **argv) { int i; char *result; for (i = 1; i < argc; i++) { result = cm_store_canonicalize_path(NULL, argv[i]); if (result == NULL) { printf("\"%s\": (null)\n", argv[i]); return 1; } else { printf("\"%s\": \"%s\"\n", argv[i], result); } } return 0; } certmonger-0.79.19/tests/tools/casave.c0000644000175000017500000001217714511314133017352 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/casave.h" #include "../../src/log.h" #include "../../src/store-int.h" #include "../../src/store.h" #include "tools.h" struct cm_context { struct cm_store_ca **cas; size_t n_cas; struct cm_store_entry **entries; size_t n_entries; }; static int get_n_cas(struct cm_context *cm) { return cm->n_cas; } static struct cm_store_ca * get_ca_by_index(struct cm_context *cm, int i) { return cm->cas[i]; } static int get_n_entries(struct cm_context *cm) { return cm->n_entries; } static struct cm_store_entry * get_entry_by_index(struct cm_context *cm, int i) { return cm->entries[i]; } static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, const char **argv) { struct cm_casave_state *state; struct cm_store_ca *ca, *save_ca = NULL; struct cm_store_entry *entry, *save_entry = NULL; struct cm_context ctx; int c, fd, ret = -1, verbose = 0; unsigned int j; void *parent; const char *name; poptContext pctx; struct poptOption popts[] = { {"cafile", 'c', POPT_ARG_STRING, NULL, 'c', NULL, "FILENAME"}, {"entry", 'e', POPT_ARG_STRING, NULL, 'e', NULL, "FILENAME"}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("casave", argc, argv, popts, 0); if (pctx == NULL) { return -1; } memset(&ctx, 0, sizeof(ctx)); parent = talloc_new(NULL); poptSetOtherOptionHelp(pctx, "[options...] caname entryname"); while ((c = poptGetNextOpt(pctx)) > 0) { cm_log_set_level(verbose); switch (c) { case 'c': ca = cm_store_files_ca_read(parent, poptGetOptArg(pctx)); if (ca == NULL) { printf("Error reading CA \"%s\".\n", poptGetOptArg(pctx)); return -1; } ctx.cas = talloc_realloc(parent, ctx.cas, struct cm_store_ca *, ctx.n_cas + 2); if (ctx.cas == NULL) { printf("Out of memory.\n"); return -1; } ctx.cas[ctx.n_cas++] = ca; ctx.cas[ctx.n_cas] = NULL; break; case 'e': entry = cm_store_files_entry_read(parent, poptGetOptArg(pctx)); if (entry == NULL) { printf("Error reading entry \"%s\".\n", poptGetOptArg(pctx)); return -1; } ctx.entries = talloc_realloc(parent, ctx.entries, struct cm_store_entry *, ctx.n_entries + 2); if (ctx.entries == NULL) { printf("Out of memory.\n"); return -1; } ctx.entries[ctx.n_entries++] = entry; ctx.entries[ctx.n_entries] = NULL; break; case 'v': verbose++; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } cm_log_set_method(cm_log_stderr); cm_log_set_level(verbose); cm_set_fips_from_env(); if (poptPeekArg(pctx) == NULL) { printf("No CA or entry names specified.\n"); return -1; } while ((name = poptGetArg(pctx)) != NULL) { for (j = 0; j < ctx.n_cas; j++) { if (strcmp(name, ctx.cas[j]->cm_nickname) == 0) { save_ca = ctx.cas[j]; } } for (j = 0; j < ctx.n_entries; j++) { if (strcmp(name, ctx.entries[j]->cm_nickname) == 0) { save_entry = ctx.entries[j]; } } } if ((save_ca == NULL) && (save_entry == NULL)) { printf("No known CA or entry names.\n"); return -1; } state = cm_casave_start(save_entry, save_ca, &ctx, &get_ca_by_index, &get_n_cas, &get_entry_by_index, &get_n_entries); if (state != NULL) { for (;;) { if (cm_casave_ready(state) == 0) { break; } fd = cm_casave_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } } if (cm_casave_saved(state) == 0) { ret = 0; } else if (cm_casave_permissions_error(state) == 0) { printf("Permissions error.\n"); ret = 1; } else if (cm_casave_conflict_nickname(state) == 0) { printf("Unresolvable nickname conflict.\n"); ret = 2; } else if (cm_casave_conflict_subject(state) == 0) { printf("Unresolvable subject name conflict.\n"); ret = 3; } else { printf("Unknown error.\n"); ret = -1; } cm_casave_done(state); } else { printf("Failed to start.\n"); ret = -1; } for (j = 0; j < ctx.n_cas; j++) { cm_store_ca_save(ctx.cas[j]); } for (j = 0; j < ctx.n_entries; j++) { cm_store_entry_save(ctx.entries[j]); } talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/certread.c0000644000175000017500000000411614511314133017673 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include "../../src/certread.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, char **argv) { struct cm_certread_state *state; struct cm_store_entry *entry; int fd, ret; void *parent; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (argc > 1) { entry = cm_store_files_entry_read(parent, argv[1]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } } else { printf("Specify an entry file as the single argument.\n"); return 1; } state = cm_certread_start(entry); if (state != NULL) { for (;;) { fd = cm_certread_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_certread_ready(state) == 0) { break; } } cm_certread_done(state); ret = 0; } else { printf("Failed to start.\n"); ret = 1; } cm_store_entry_save(entry); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/certsave.c0000644000175000017500000000637014511314133017722 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2013 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include "../../src/certsave.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, char **argv) { struct cm_certsave_state *state; struct cm_store_entry *entry; int fd, ret; void *parent; const char *ctype; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (argc > 1) { entry = cm_store_files_entry_read(parent, argv[1]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } } else { printf("Specify an entry file as the single argument.\n"); return 1; } state = cm_certsave_start(entry); if (state != NULL) { for (;;) { fd = cm_certsave_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_certsave_ready(state) == 0) { break; } } if (cm_certsave_saved(state) == 0) { ret = 0; } else { switch (entry->cm_cert_storage_type) { case cm_cert_storage_file: ctype = "FILE"; break; case cm_cert_storage_nssdb: ctype = "NSS"; break; default: ctype = "unknown"; break; } if (cm_certsave_conflict_subject(state) == 0) { printf("Failed to save (%s:%s), " "subject name conflict.\n", ctype, entry->cm_cert_storage_location); } else if (cm_certsave_conflict_nickname(state) == 0) { printf("Failed to save (%s:%s), " "certificate nickname conflict.\n", ctype, entry->cm_cert_storage_location); } else if (cm_certsave_permissions_error(state) == 0) { printf("Failed to save (%s:%s), " "filesystem permissions error.\n", ctype, entry->cm_cert_storage_location); } else if (cm_certsave_pin_error(state) == 0) { printf("Failed to save (%s:%s), " "pin error.\n", ctype, entry->cm_cert_storage_location); } else { printf("Failed to save (%s:%s), " "don't know why.\n", ctype, entry->cm_cert_storage_location); } ret = 1; } cm_certsave_done(state); } else { printf("Failed to start.\n"); ret = 1; } cm_store_entry_save(entry); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/checksig.c0000644000175000017500000000620114511314133017657 0ustar gitgit00000000000000/* * Copyright (C) 2014,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" int main(int argc, char **argv) { int i; unsigned int len; unsigned char *p, *q, buf[LINE_MAX]; SECItem encoded; CERTSignedData signed_data; CERTCertificate cert; SECKEYPublicKey *pubkey; CERTSubjectPublicKeyInfo *spki; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); p = NULL; len = 0; if (NSS_Initialize(".", NULL, NULL, NULL, NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB) != SECSuccess) { printf("error initializing NSS\n"); return 1; } while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { q = realloc(p, len + i); if (q == NULL) { perror("malloc"); free(p); return 1; } p = q; memcpy(p + len, buf, i); len += i; } memset(&encoded, 0, sizeof(encoded)); encoded.data = p; encoded.len = len; memset(&signed_data, 0, sizeof(signed_data)); if (SEC_ASN1DecodeItem(NULL, &signed_data, CERT_SignedDataTemplate, &encoded) != SECSuccess) { printf("error decoding certificate\n"); return 1; } memset(&cert, 0, sizeof(cert)); if (SEC_ASN1DecodeItem(NULL, &cert, CERT_CertificateTemplate, &signed_data.data) != SECSuccess) { printf("error decoding certificate data\n"); return 1; } spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&cert.derPublicKey); if (spki == NULL) { printf("error decoding public key info\n"); return 1; } pubkey = SECKEY_ExtractPublicKey(spki); if (pubkey == NULL) { printf("error finding public key\n"); return 1; } signed_data.signature.len = howmany(signed_data.signature.len, 8); if (VFY_VerifyDataWithAlgorithmID(signed_data.data.data, signed_data.data.len, pubkey, &signed_data.signature, &signed_data.signatureAlgorithm, NULL, NULL) != SECSuccess) { printf("error in verification: %s\n", PR_ErrorToName(PORT_GetError())); return 1; } printf("verification OK\n"); SECKEY_DestroyPublicKey(pubkey); SECKEY_DestroySubjectPublicKeyInfo(spki); NSS_Shutdown(); return 0; } certmonger-0.79.19/tests/tools/citerate.c0000644000175000017500000001510414511314133017701 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/iterate.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; if (fd >= 0) { FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } else { sleep(1); } } struct cm_context { struct cm_store_ca *ca; struct cm_store_entry *entry; }; static struct cm_store_ca * get_ca_by_index(struct cm_context *cm, int i) { if (i == 0) { return cm->ca; } else { return NULL; } } static int get_n_cas(struct cm_context *cm) { return (cm->ca != NULL) ? 1 : 0; } static struct cm_store_entry * get_entry_by_index(struct cm_context *cm, int i) { if (i == 0) { return cm->entry; } else { return NULL; } } static int get_n_entries(struct cm_context *cm) { return (cm->entry != NULL) ? 1 : 0; } int main(int argc, char **argv) { struct cm_context cm; enum cm_ca_phase_state pstate, old_state; enum cm_ca_phase phase; int readfd, delay; void *parent, *istate; char *p, *q, *continue_states, *stop_states, *tmp; const char *state; enum cm_time when; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (argc > 5) { cm.ca = cm_store_files_ca_read(parent, argv[1]); if (cm.ca == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } cm.entry = cm_store_files_entry_read(parent, argv[2]); if (cm.entry == NULL) { printf("Error reading %s: %s.\n", argv[2], strerror(errno)); return 1; } phase = cm_store_ca_phase_from_string(argv[3]); if ((cm.entry->cm_ca_nickname == NULL) || (cm.ca->cm_nickname == NULL) || (strcasecmp(cm.entry->cm_ca_nickname, cm.ca->cm_nickname) != 0)) { talloc_free(cm.entry); cm.entry = NULL; } pstate = cm_store_ca_state_from_string(argv[4]); continue_states = argv[5]; stop_states = NULL; if ((argc > 6) && (strlen(argv[6]) > 0)) { stop_states = argv[6]; if (strlen(continue_states) == 0) { continue_states = NULL; } } } else { printf("Specify a CA file and an entry file as the first " "two arguments, a phase as the third, an initial " "state as the fourth, a list of continue states as " "the fifth, and perhaps a list of stop states as the " "sixth.\n"); return 1; } if (cm_iterate_ca_init(cm.ca, phase, &istate) != 0) { printf("Error initializing.\n"); return 1; } cm.ca->cm_ca_state[phase] = pstate; old_state = pstate; state = cm_store_ca_state_as_string(old_state); printf("%s\n-START-\n", state); fflush(NULL); delay = 0; readfd = -1; while (cm_iterate_ca(cm.ca, &cm, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, NULL, istate, &when, &delay, &readfd) == 0) { state = cm_store_ca_state_as_string(cm.ca->cm_ca_state[phase]); switch (when) { case cm_time_now: if (cm.ca->cm_ca_state[phase] != old_state) { printf("%s\n", state); } else { printf("%s (now)\n", state); } break; case cm_time_soon: if (cm.ca->cm_ca_state[phase] != old_state) { printf("%s\n", state); } else { printf("%s (soon)\n", state); } break; case cm_time_soonish: if (cm.ca->cm_ca_state[phase] != old_state) { printf("%s\n", state); } else { printf("%s (soonish)\n", state); } break; case cm_time_delay: if (cm.ca->cm_ca_state[phase] != old_state) { printf("delay=%ld\n%s\n", (long) delay, state); } else { printf("delay=%ld (again)\n%s (again)\n", (long) delay, state); } break; case cm_time_no_time: if (cm.ca->cm_ca_state[phase] != old_state) { printf("%s\n", state); } break; } if ((cm.ca->cm_ca_state[phase] == old_state) && ((when != cm_time_no_time) || (readfd == -1))) { /* If we didn't change state, stop. */ printf("-STUCK- (%d:%ld)\n", when, (long) delay); fflush(NULL); state = NULL; break; } if (stop_states != NULL) { /* Check if this state is in our stop-states list. */ for (p = stop_states; *p != '\0'; p = q + strspn(q, ",")) { q = p + strcspn(p, ","); tmp = talloc_strndup(parent, p, q - p); if (cm.ca->cm_ca_state[phase] == cm_store_ca_state_from_string(tmp)) { fflush(NULL); talloc_free(tmp); break; } talloc_free(tmp); } if (*p != '\0') { /* We found a match. Stop here. */ printf("-STOP-\n"); fflush(NULL); state = NULL; break; } } /* Check if this state is in our continue-states list. */ if (continue_states != NULL) { for (p = continue_states; *p != '\0'; p = q + strspn(q, ",")) { q = p + strcspn(p, ","); tmp = talloc_strndup(parent, p, q - p); if (cm.ca->cm_ca_state[phase] == cm_store_ca_state_from_string(tmp)) { fflush(NULL); talloc_free(tmp); break; } talloc_free(tmp); } /* If we didn't find a match, stop here. */ if (*p == '\0') { printf("-STOP-\n"); fflush(NULL); state = NULL; break; } } /* Wait. */ switch (when) { case cm_time_now: break; case cm_time_soon: sleep(CM_DELAY_SOON); break; case cm_time_soonish: sleep(CM_DELAY_SOONISH); break; case cm_time_delay: sleep(delay); break; case cm_time_no_time: wait_to_read(readfd); break; } old_state = cm.ca->cm_ca_state[phase]; state = cm_store_ca_state_as_string(old_state); delay = 0; readfd = -1; } if (state != NULL) { printf("-ERROR-\n"); fflush(NULL); } cm_store_ca_save(cm.ca); cm_iterate_ca_done(cm.ca, istate); talloc_free(parent); return 0; } certmonger-0.79.19/tests/tools/csrgen.c0000644000175000017500000000554114511314133017366 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include "../../src/csrgen.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, char **argv) { struct cm_csrgen_state *state; struct cm_store_entry *entry; int fd, ret, i; void *parent; char *p; /* Make minicerts claim to be v3 so that OpenSSL won't skip the version * number field, which is optional, because we default to the spec's * default value. */ cm_csrgen_version_for_testing_minicerts = 2; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (argc > 1) { entry = cm_store_files_entry_read(parent, argv[1]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } } else { printf("Specify an entry file as the single argument.\n"); return 1; } state = cm_csrgen_start(entry); if (state != NULL) { for (;;) { fd = cm_csrgen_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_csrgen_ready(state) == 0) { break; } } if (cm_csrgen_save_csr(state) == 0) { while (strlen(entry->cm_csr) > 0) { i = strlen(entry->cm_csr) - 1; if (entry->cm_csr[i] == '\n') { entry->cm_csr[i] = '\0'; } else { break; } } p = talloc_asprintf(entry, "%s\n", entry->cm_csr); talloc_free(entry->cm_csr); entry->cm_csr = p; printf("%s", entry->cm_csr); ret = 0; } else { printf("Failed to save.\n"); if (cm_csrgen_need_token(state) == 0) { printf("(Need token.)\n"); } else if (cm_csrgen_need_pin(state) == 0) { printf("(Need PIN.)\n"); } ret = 1; } cm_csrgen_done(state); } else { printf("Failed to start.\n"); ret = 1; } cm_store_entry_save(entry); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/dates.c0000644000175000017500000000363114511314133017203 0ustar gitgit00000000000000/* * Copyright (C) 2010 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include "../../src/submit.h" #include "../../src/submit-u.h" int cm_submit_delta_from_string(const char *deltas, time_t now, time_t *delta); int main(int argc, char **argv) { struct tm when; time_t now, later, delta; int i; if (argc > 1) { for (i = 2; i < argc; i++) { memset(&when, 0, sizeof(when)); when.tm_mday = 1; when.tm_mon = 0; when.tm_year = atoi(argv[1]) - 1900; when.tm_isdst = -1; if (cm_submit_u_delta_from_string(argv[i], now = mktime(&when), &delta) != 0) { printf("Error at \"%s\".\n", argv[i]); delta = 0; } printf("%04d-%02d-%02d %02d:%02d:%02d", when.tm_year + 1900, when.tm_mon + 1, when.tm_mday, when.tm_hour, when.tm_min, when.tm_sec); printf(" + \"%s\" = ", argv[i]); later = now + delta; localtime_r(&later, &when); printf("%04d-%02d-%02d %02d:%02d:%02d", when.tm_year + 1900, when.tm_mon + 1, when.tm_mday, when.tm_hour, when.tm_min, when.tm_sec); printf("\n"); } } return 0; } certmonger-0.79.19/tests/tools/dparse.c0000644000175000017500000001077614511314133017371 0ustar gitgit00000000000000/* * Copyright (C) 2012,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include "../../src/submit.h" #include "../../src/submit-d.h" #include "../../src/submit-e.h" #include "../../src/submit-u.h" int main(int argc, char **argv) { const char *mode, *role, *filename; char *error = NULL, *error_code = NULL, *error_reason = NULL; char *status = NULL, *requestId = NULL, *cert = NULL; char *xml, *out = NULL, *err = NULL, **profiles = NULL; dbus_bool_t can_agent; int i, vars; if (argc < 4) { printf("usage: dparse " "{submit|check|review|reject|approve|fetch|profiles} " "{agent|ee} " "reply.xml\n"); return 0; } mode = argv[1]; role = argv[2]; filename = argv[3]; can_agent = (strcasecmp(role, "agent") == 0); xml = cm_submit_u_from_file(filename); if (xml == NULL) { fprintf(stderr, "error reading %s\n", filename); return -1; } if (strcmp(mode, "submit") == 0) { cm_submit_d_submit_result(NULL, xml, &error_code, &error_reason, &error, &status, &requestId, &cert); i = cm_submit_d_submit_eval(NULL, xml, "SUBMIT", can_agent, &out, &err); } else if (strcmp(mode, "check") == 0) { cm_submit_d_check_result(NULL, xml, &error_code, &error_reason, &error, &status, &requestId); i = cm_submit_d_check_eval(NULL, xml, "CHECK", can_agent, &out, &err); } else if (strcmp(mode, "reject") == 0) { cm_submit_d_reject_result(NULL, xml, &error_code, &error_reason, &error, &status, &requestId); i = cm_submit_d_reject_eval(NULL, xml, "REJECT", can_agent, &out, &err); } else if (strcmp(mode, "review") == 0) { cm_submit_d_review_result(NULL, xml, &error_code, &error_reason, &error, &status, &requestId); i = cm_submit_d_review_eval(NULL, xml, "REVIEW", can_agent, &out, &err); } else if (strcmp(mode, "approve") == 0) { cm_submit_d_approve_result(NULL, xml, &error_code, &error_reason, &error, &status, &requestId); i = cm_submit_d_approve_eval(NULL, xml, "APPROVE", can_agent, &out, &err); } else if (strcmp(mode, "fetch") == 0) { cm_submit_d_fetch_result(NULL, xml, &error_code, &error_reason, &error, &status, &requestId, &cert); i = cm_submit_d_fetch_eval(NULL, xml, "FETCH", can_agent, &out, &err); } else if (strcmp(mode, "profiles") == 0) { cm_submit_d_profiles_result(NULL, xml, &error_code, &error_reason, &error, &status, &profiles); i = cm_submit_d_profiles_eval(NULL, xml, "PROFILES", can_agent, &out, &err); } else { fprintf(stderr, "unknown mode \"%s\"\n", mode); return -1; } printf("[%s-as-%s(%s) = %s]\n", mode, can_agent ? "agent" : "end-entity", filename, cm_submit_e_status_text(i)); vars = 0; if (error != NULL) { printf("error=\"%s\"", error); vars++; } if (error_code != NULL) { if (vars > 0) { printf(","); } printf("error_code=\"%s\"", error_code); vars++; } if (error_reason != NULL) { if (vars > 0) { printf(","); } printf("error_reason=\"%s\"", error_reason); vars++; } if (status != NULL) { if (vars > 0) { printf(","); } printf("status=\"%s\"", status); vars++; } if (requestId != NULL) { if (vars > 0) { printf(","); } printf("requestId=\"%s\"", requestId); vars++; } if (cert != NULL) { if (vars > 0) { printf(","); } printf("cert=\"%.*s\"", (int) strcspn(cert, "\r\n"), cert); vars++; } if (vars > 0) { printf("\n"); } while ((out != NULL) && (*out != '\0')) { if (strchr("\r", *out) == NULL) { putchar((unsigned char) *out); } out++; } while ((err != NULL) && (*err != '\0')) { if (strchr("\r", *err) == NULL) { putchar((unsigned char) *err); } err++; } printf("\n"); return 0; } certmonger-0.79.19/tests/tools/fromfile.c0000644000175000017500000000242014511314133017701 0ustar gitgit00000000000000/* * Copyright (C) 2020 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include "../../src/submit-u.h" #include "../../src/submit-u.c" int main(int argc, char **argv) { int i, result = 0; char *cert; for (i = 1; i < argc; i++) { printf("[%s]\n", argv[i]); cert = cm_submit_u_from_file(argv[i]); if (cert == NULL) { printf("OOM error\n"); result = 1; } else if (cert[strlen(cert) - 1] != '\n') { printf("Missing trailing newline\n"); result = 1; } else { printf("Ok\n"); } free(cert); } return result; } certmonger-0.79.19/tests/tools/hooks.c0000644000175000017500000001340714511314133017230 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/hook.h" #include "../../src/log.h" #include "../../src/store-int.h" #include "../../src/store.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } static struct cm_store_ca **ca; static struct cm_store_entry **entry; static int n_cas, n_entries; static int get_n_cas(struct cm_context *ctx) { return n_cas; } static struct cm_store_ca * get_ca_by_index(struct cm_context *ctx, int n) { return ca[n]; } static int get_n_entries(struct cm_context *ctx) { return n_entries; } static struct cm_store_entry * get_entry_by_index(struct cm_context *ctx, int n) { return entry[n]; } int main(int argc, const char **argv) { struct cm_hook_state *state; struct cm_store_ca *tmpca, **tmpcas; struct cm_store_entry *tmpentry, **tmpentries; int fd, i, c, verbose = 0; void *parent; const char *name; poptContext pctx; struct poptOption popts[] = { {"ca", 'c', POPT_ARG_STRING, NULL, 'c', NULL, "FILENAME"}, {"entry", 'e', POPT_ARG_STRING, NULL, 'e', NULL, "FILENAME"}, {"before-command", 'B', POPT_ARG_STRING, NULL, 'B', NULL, "NICKNAME"}, {"after-command", 'C', POPT_ARG_STRING, NULL, 'C', NULL, "NICKNAME"}, {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; cm_log_set_method(cm_log_stderr); cm_set_fips_from_env(); parent = talloc_new(NULL); pctx = poptGetContext("hooks", argc, argv, popts, 0); if (pctx == NULL) { return -1; } if (argc > 2) { while ((c = poptGetNextOpt(pctx)) > 0) { cm_log_set_level(verbose); switch (c) { case 'v': verbose++; break; case 'c': name = poptGetOptArg(pctx); tmpca = cm_store_files_ca_read(parent, name); if (tmpca == NULL) { printf("Error reading %s: %s.\n", name, strerror(errno)); return -1; } tmpcas = talloc_array_ptrtype(parent, tmpcas, n_cas + 2); if (tmpcas == NULL) { printf("Out of memory.\n"); return -1; } if (n_cas > 0) { memcpy(tmpcas, ca, n_cas * sizeof(ca[0])); } tmpcas[n_cas++] = tmpca; tmpcas[n_cas] = NULL; ca = tmpcas; break; case 'e': name = poptGetOptArg(pctx); tmpentry = cm_store_files_entry_read(parent, name); if (tmpentry == NULL) { printf("Error reading %s: %s.\n", name, strerror(errno)); return -1; } tmpentries = talloc_array_ptrtype(parent, tmpentries, n_entries + 2); if (tmpentries == NULL) { printf("Out of memory.\n"); return -1; } if (n_entries > 0) { memcpy(tmpentries, entry, n_entries * sizeof(entry[0])); } tmpentries[n_entries++] = tmpentry; tmpentries[n_entries] = NULL; entry = tmpentries; break; } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } } else { printf("Specify CA files (-c) and entry files (-e) as " "arguments, and nicknames (-B/-C) for actions.\n"); poptPrintUsage(pctx, stdout, 0); return -1; } poptResetContext(pctx); while ((c = poptGetNextOpt(pctx)) > 0) { state = NULL; switch (c) { case 'B': name = poptGetOptArg(pctx); for (i = 0; i < n_entries; i++) { if (strcmp(name, entry[i]->cm_nickname) == 0) { printf("Starting pre-save for entry %s.\n", name); state = cm_hook_start_presave(entry[i], NULL, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); } } for (i = 0; i < n_cas; i++) { if (strcmp(name, ca[i]->cm_nickname) == 0) { printf("Starting pre-save for CA %s.\n", name); state = cm_hook_start_ca_presave(ca[i], NULL, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); } } break; case 'C': name = poptGetOptArg(pctx); for (i = 0; i < n_entries; i++) { if (strcmp(name, entry[i]->cm_nickname) == 0) { printf("Starting post-save for entry %s.\n", name); state = cm_hook_start_postsave(entry[i], NULL, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); } } for (i = 0; i < n_cas; i++) { if (strcmp(name, ca[i]->cm_nickname) == 0) { printf("Starting post-save for CA %s.\n", name); state = cm_hook_start_ca_postsave(ca[i], NULL, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries); } } break; } if (state != NULL) { for (;;) { if (cm_hook_ready(state) == 0) { break; } fd = cm_hook_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } } cm_hook_done(state); } } if (c != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } talloc_free(parent); return 0; } certmonger-0.79.19/tests/tools/iterate.c0000644000175000017500000001474714511314133017552 0ustar gitgit00000000000000/* * Copyright (C) 2009,2010,2011,2012,2013,2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/iterate.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; if (fd >= 0) { FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } else { sleep(1); } } struct cm_context { struct cm_store_ca *ca; struct cm_store_entry *entry; }; static struct cm_store_ca * get_ca_by_index(struct cm_context *cm, int i) { if (i == 0) { return cm->ca; } else { return NULL; } } static int get_n_cas(struct cm_context *cm) { return (cm->ca != NULL) ? 1 : 0; } static struct cm_store_entry * get_entry_by_index(struct cm_context *cm, int i) { if (i == 0) { return cm->entry; } else { return NULL; } } static int get_n_entries(struct cm_context *cm) { return (cm->entry != NULL) ? 1 : 0; } int main(int argc, char **argv) { struct cm_context *cm; enum cm_state old_state; int readfd, delay; void *parent, *istate; char *p, *q, *continue_states, *stop_states, *tmp; const char *state; enum cm_time when; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); cm = talloc_ptrtype(parent, cm); if (cm == NULL) { return 1; } memset(cm, 0, sizeof(*cm)); if (argc > 3) { cm->ca = cm_store_files_ca_read(parent, argv[1]); if (cm->ca == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } cm->entry = cm_store_files_entry_read(parent, argv[2]); if (cm->entry == NULL) { printf("Error reading %s: %s.\n", argv[2], strerror(errno)); return 1; } if ((cm->entry->cm_ca_nickname == NULL) || (cm->ca->cm_nickname == NULL) || (strcasecmp(cm->entry->cm_ca_nickname, cm->ca->cm_nickname) != 0)) { talloc_free(cm->ca); cm->ca = NULL; } continue_states = argv[3]; stop_states = NULL; if ((argc > 4) && (strlen(argv[4]) > 0)) { stop_states = argv[4]; if (strlen(continue_states) == 0) { continue_states = NULL; } } } else { printf("Specify a CA file and an entry file as the first " "two arguments, a list of continue states as the " "third, and perhaps a list of stop states as the " "fourth.\n"); return 1; } old_state = cm->entry->cm_state; state = cm_store_state_as_string(cm->entry->cm_state); if (cm_iterate_entry_init(cm->entry, &istate) != 0) { printf("Error initializing.\n"); return 1; } if (old_state != cm->entry->cm_state) { printf("%s\n-(RESET)-\n", state); } old_state = CM_INVALID; state = cm_store_state_as_string(cm->entry->cm_state); printf("%s\n-START-\n", state); fflush(NULL); while (cm_iterate_entry(cm->entry, cm->ca, cm, get_ca_by_index, get_n_cas, get_entry_by_index, get_n_entries, NULL, NULL, istate, &when, &delay, &readfd) == 0) { state = cm_store_state_as_string(cm->entry->cm_state); switch (when) { case cm_time_now: if (cm->entry->cm_state != old_state) { printf("%s\n", state); } else { printf("%s (now)\n", state); } break; case cm_time_soon: if (cm->entry->cm_state != old_state) { printf("%s\n", state); } else { printf("%s (soon)\n", state); } break; case cm_time_soonish: if (cm->entry->cm_state != old_state) { printf("%s\n", state); } else { printf("%s (soonish)\n", state); } break; case cm_time_delay: if (cm->entry->cm_state != old_state) { printf("delay=%ld\n%s\n", (long) delay, state); } else { printf("delay=%ld (again)\n%s (again)\n", (long) delay, state); } break; case cm_time_no_time: if (cm->entry->cm_state != old_state) { printf("%s\n", state); } break; } if ((cm->entry->cm_state == old_state) && ((when != cm_time_no_time) || (readfd == -1))) { /* If we didn't change state, stop. */ printf("-STUCK- (%d:%ld)\n", when, (long) delay); fflush(NULL); state = NULL; break; } if (stop_states != NULL) { /* Check if this state is in our stop-states list. */ for (p = stop_states; *p != '\0'; p = q + strspn(q, ",")) { q = p + strcspn(p, ","); tmp = talloc_strndup(parent, p, q - p); if (cm->entry->cm_state == cm_store_state_from_string(tmp)) { fflush(NULL); talloc_free(tmp); break; } talloc_free(tmp); } if (*p != '\0') { /* We found a match. Stop here. */ printf("-STOP-\n"); fflush(NULL); state = NULL; break; } } /* Check if this state is in our continue-states list. */ if (continue_states != NULL) { for (p = continue_states; *p != '\0'; p = q + strspn(q, ",")) { q = p + strcspn(p, ","); tmp = talloc_strndup(parent, p, q - p); if (cm->entry->cm_state == cm_store_state_from_string(tmp)) { fflush(NULL); talloc_free(tmp); break; } talloc_free(tmp); } /* If we didn't find a match, stop here. */ if (*p == '\0') { printf("-STOP-\n"); fflush(NULL); state = NULL; break; } } /* Wait. */ switch (when) { case cm_time_now: break; case cm_time_soon: sleep(CM_DELAY_SOON); break; case cm_time_soonish: sleep(CM_DELAY_SOONISH); break; case cm_time_delay: sleep(delay); break; case cm_time_no_time: wait_to_read(readfd); break; } state = cm_store_state_as_string(cm->entry->cm_state); old_state = cm->entry->cm_state; } if (state != NULL) { printf("-ERROR-\n"); fflush(NULL); } cm_iterate_entry_done(cm->entry, istate); talloc_free(parent); return 0; } certmonger-0.79.19/tests/tools/json-utf8.c0000644000175000017500000000547214511314133017745 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include "../../src/json.h" int main(int argc, char **argv) { uint32_t point, point2; char buf[7]; int n, o; for (point = 0; point < 0x5000000; point++) { if ((point >= 0xd800) && (point <= 0xdfff)) { continue; } n = cm_json_point_to_utf8_length(point); switch (n) { case 1: if (point > 0x7f) { fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return n; } break; case 2: if ((point < 0x80) || (point > 0x7ff)) { fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return n; } break; case 3: if ((point < 0x800) || (point > 0xffff)) { fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return n; } break; case 4: if ((point < 0x10000) || (point > 0x1fffff)) { fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return n; } break; case 5: if ((point < 0x200000) || (point > 0x3ffffff)) { fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return n; } break; case 6: if ((point < 0x4000000) || (point > 0x7fffffff)) { fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return n; } break; default: fprintf(stderr, "error at point %lu: %d\n", (unsigned long) point, n); return 7; break; } memset(buf, '\0', sizeof(buf)); o = cm_json_point_to_utf8(point, buf, sizeof(buf)); if (o != n) { fprintf(stderr, "error at encoding of %lu: %d\n", (unsigned long) point, o); return 8; } o = cm_json_utf8_to_point(buf, &point2); if (o != n) { fprintf(stderr, "error at decoding of %s (%lu): %d\n", buf, (unsigned long) point, o); return 8; } if (point2 != point) { fprintf(stderr, "decode mismatch: expected \"%s\" to be %lu, got %lu\n", buf, (unsigned long) point, (unsigned long) point2); return 9; } } return 0; } certmonger-0.79.19/tests/tools/json.c0000644000175000017500000001074514511314133017060 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include "../../src/json.h" int main(int argc, const char **argv) { struct stat st; char *e, *e2, *e3, *e4, *path = NULL; const char *left, *filename; struct cm_json *j, *j2, *j3; void *parent; int i, n, r, fd, ret = 0, quiet = 0; poptContext pctx; struct poptOption popts[] = { {"quiet", 'q', POPT_ARG_NONE, &quiet, 0, NULL, NULL}, {"path", 'p', POPT_ARG_STRING, &path, 0, NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; parent = talloc_new(NULL); pctx = poptGetContext("json", argc, argv, popts, 0); while ((i = poptGetNextOpt(pctx)) > 0) { continue; } if (i != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } while ((filename = poptGetArg(pctx)) != NULL) { fd = open(filename, O_RDONLY); if (fd == -1) { ret = errno; fprintf(stderr, "open(\"%s\"): %s\n", filename, strerror(errno)); continue; } if (fstat(fd, &st) == -1) { ret = errno; fprintf(stderr, "stat(\"%s\"): %s\n", filename, strerror(errno)); continue; } e = talloc_size(parent, st.st_size); if (e == NULL) { ret = errno; fprintf(stderr, "malloc(): %s\n", strerror(errno)); continue; } r = 0; while (r < st.st_size) { n = read(fd, e + r, st.st_size - r); if (n <= 0) { ret = errno; break; } r += n; } if (r < st.st_size) { fprintf(stderr, "read(): %s\n", strerror(errno)); close(fd); break; } close(fd); i = cm_json_decode(parent, e, st.st_size, &j, &left); if (i != 0) { ret = -1; fprintf(stderr, "decode(\"%.*s\"): %s\n", (int) (st.st_size - (left - e)), left, cm_json_decode_strerror(i)); continue; } if (left - e != st.st_size) { if (left - e < st.st_size) { fprintf(stderr, "decode(%.*s) has %lld bytes leftover:\n%.*s\n", (int) st.st_size, filename, (long long) (st.st_size - (left - e)), (int) (st.st_size - (left - e)), left); } else { fprintf(stderr, "decode(%.*s) overran by %lld\n", (int) st.st_size, filename, (long long) (left - e - st.st_size)); } ret = -1; continue; } e2 = cm_json_encode(parent, j); if (e2 == NULL) { ret = -1; fprintf(stderr, "encode(1) failed\n"); continue; } i = cm_json_decode(parent, e2, -1, &j2, &left); if (i != 0) { ret = -1; fprintf(stderr, "decode(\"%s\"): %s\n", left, cm_json_decode_strerror(i)); continue; } st.st_size = strlen(e2); if (left - e2 != st.st_size) { ret = -1; if (left - e2 < st.st_size) { fprintf(stderr, "decode() has %lld bytes leftover:\n%s\n", (long long) (st.st_size - (left - e2)), left); } else { fprintf(stderr, "decode() overran by %lld\n", (long long) (left - e2 - st.st_size)); } continue; } e3 = cm_json_encode(parent, j2); if (e3 == NULL) { ret = -1; fprintf(stderr, "encode(2) failed\n"); continue; } if (strcmp(e2, e3) != 0) { ret = -1; fprintf(stderr, "encode() round-trip failed: \"%s\" != \"%s\"\n", e2, e3); continue; } if (path != NULL) { j3 = cm_json_find(j2, path); if (j3 == NULL) { ret = -1; fprintf(stderr, "unable to find \"%s\"\n", path); continue; } e4 = cm_json_encode(parent, j3); if (e4 == NULL) { ret = -1; fprintf(stderr, "encode(3) failed\n"); continue; } } else { j3 = NULL; e4 = NULL; } if (!quiet) { if (strchr(filename, '/') != NULL) { filename = strrchr(filename, '/') + 1; } if (path != NULL) { printf("[%s]\n%s\n", filename, e4); } else { printf("[%s]\n%s\n", filename, e3); } } } talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/keygen.c0000644000175000017500000000567614511314133017400 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include "../../src/keygen.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, char **argv) { struct cm_keygen_state *state; struct cm_store_entry *entry; int fd, ret; void *parent; const char *ktype = "UNKNOWN"; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); parent = talloc_new(NULL); if (argc > 1) { entry = cm_store_files_entry_read(parent, argv[1]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } } else { printf("Specify an entry file as the single argument.\n"); return 1; } state = cm_keygen_start(entry); if (state != NULL) { for (;;) { fd = cm_keygen_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_keygen_ready(state) == 0) { break; } } switch (entry->cm_key_storage_type) { case cm_key_storage_none: ktype = "NONE"; break; case cm_key_storage_file: ktype = "FILE"; break; case cm_key_storage_nssdb: ktype = "NSS"; break; } if (cm_keygen_saved_keypair(state) == 0) { printf("OK.\n"); ret = 0; } else if (cm_keygen_need_pin(state) == 0) { printf("Failed to save %s:%s: need PIN.\n", ktype, entry->cm_key_storage_location); ret = 1; } else if (cm_keygen_need_token(state) == 0) { printf("Failed to save %s:%s: token not present.\n", ktype, entry->cm_key_storage_location); ret = 1; } else if (cm_keygen_need_perms(state) == 0) { printf("Failed to save %s:%s: need fs permissions.\n", ktype, entry->cm_key_storage_location); ret = 1; } else { printf("Failed to save %s:%s, don't know why.\n", ktype, entry->cm_key_storage_location); ret = 1; } cm_keygen_done(state); } else { printf("Failed to start.\n"); ret = 1; } cm_store_entry_save(entry); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/keyiread.c0000644000175000017500000001357714511314133017712 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include #include "../../src/keyiread.h" #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } static const char * type_name(enum cm_key_algorithm alg) { switch (alg) { case cm_key_rsa: return "RSA"; break; #ifdef CM_ENABLE_DSA case cm_key_dsa: return "DSA"; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: return "EC"; break; #endif default: assert(0); break; } return NULL; } static void munge_key_size(struct cm_key_type *key) { switch (key->cm_key_algorithm) { case cm_key_rsa: break; #ifdef CM_ENABLE_DSA case cm_key_dsa: key->cm_key_size = howmany(key->cm_key_size, 8) * 8; break; #endif #ifdef CM_ENABLE_EC case cm_key_ecdsa: break; #endif default: assert(0); break; } } int main(int argc, const char **argv) { struct cm_keyiread_state *state; struct cm_store_entry *entry; int fd, ret, need_pin, summary = 0, minimum = -1, i; void *parent; const char *filename; poptContext pctx; struct poptOption popts[] = { {"summary", 's', POPT_ARG_NONE, &summary, 0, NULL, NULL}, {"minimum", 'm', POPT_ARG_INT, &minimum, 0, NULL, NULL}, POPT_AUTOHELP POPT_TABLEEND }; pctx = poptGetContext("keyiread", argc, argv, popts, 0); while ((i = poptGetNextOpt(pctx)) > 0) { continue; } if (i != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (poptPeekArg(pctx) != NULL) { filename = poptGetArg(pctx); entry = cm_store_files_entry_read(parent, filename); if (entry == NULL) { printf("Error reading %s: %s.\n", filename, strerror(errno)); return 1; } } else { printf("Specify an entry file as the single argument.\n"); return 1; } entry->cm_key_type.cm_key_size = 0; state = cm_keyiread_start(entry); if (state != NULL) { for (;;) { fd = cm_keyiread_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_keyiread_ready(state) == 0) { break; } } need_pin = cm_keyiread_need_pin(state); cm_keyiread_done(state); if (entry->cm_key_type.cm_key_size != 0) { munge_key_size(&entry->cm_key_type); if (entry->cm_key_next_type.cm_key_size != 0) { munge_key_size(&entry->cm_key_next_type); if (summary) { if (minimum > 0) { if ((entry->cm_key_next_type.cm_key_size >= minimum * 0.9) && (entry->cm_key_type.cm_key_size >= minimum * 0.9)) { printf("OK (%s >= ~%d after %s >= ~%d).\n", type_name(entry->cm_key_next_type.cm_key_algorithm), minimum, type_name(entry->cm_key_type.cm_key_algorithm), minimum); } else { printf("NOT OK (%s:%d < %d after %s:%d < %d).\n", type_name(entry->cm_key_next_type.cm_key_algorithm), entry->cm_key_next_type.cm_key_size, minimum, type_name(entry->cm_key_type.cm_key_algorithm), entry->cm_key_type.cm_key_size, minimum); } } else { printf("OK (%s after %s).\n", type_name(entry->cm_key_next_type.cm_key_algorithm), type_name(entry->cm_key_type.cm_key_algorithm)); } } else { printf("OK (%s:%d after %s:%d).\n", type_name(entry->cm_key_next_type.cm_key_algorithm), entry->cm_key_next_type.cm_key_size, type_name(entry->cm_key_type.cm_key_algorithm), entry->cm_key_type.cm_key_size); } } else { if (summary) { if (minimum > 0) { if (entry->cm_key_type.cm_key_size >= minimum * 0.9) { printf("OK (%s >= ~%d).\n", type_name(entry->cm_key_type.cm_key_algorithm), minimum); } else { printf("NOT OK (%s:%d < %d).\n", type_name(entry->cm_key_type.cm_key_algorithm), entry->cm_key_type.cm_key_size, minimum); } } else { printf("OK (%s).\n", type_name(entry->cm_key_type.cm_key_algorithm)); } } else { printf("OK (%s:%d).\n", type_name(entry->cm_key_type.cm_key_algorithm), entry->cm_key_type.cm_key_size); } } ret = 0; } else { switch (entry->cm_key_storage_type) { case cm_key_storage_none: printf("No key to read.\n"); break; case cm_key_storage_file: printf("Failed to read key \"%s\".\n", entry->cm_key_storage_location); break; case cm_key_storage_nssdb: printf("Failed to read key \"%s\":\"%s\".\n", entry->cm_key_storage_location, entry->cm_key_nickname); break; } if (need_pin == 0) { printf("(Need PIN.)\n"); } ret = 1; } } else { printf("Failed to start.\n"); ret = 1; } cm_store_entry_save(entry); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/libexecdir.c0000644000175000017500000000150014511314133020206 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include int main(int argc, char **argv) { printf("%s\n", CM_DEFAULT_HELPER_PATH); return 0; } certmonger-0.79.19/tests/tools/listnicks.c0000644000175000017500000000455314511314133020112 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" int main(int argc, char **argv) { struct cm_store_entry *entry; int i; void *parent; CERTCertList *certlist; CERTCertListNode *node; SECStatus error; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); parent = talloc_new(NULL); if (argc > 1) { entry = cm_store_files_entry_read(parent, argv[1]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return 1; } } else { printf("Specify an entry file as the single argument.\n"); return 1; } if (entry->cm_cert_storage_type != cm_cert_storage_nssdb) { cm_log(1, "Storage type is not NSSDB.\n"); return 1; } /* Open the database. */ error = NSS_Init(entry->cm_cert_storage_location); if (error != SECSuccess) { cm_log(1, "Unable to open NSS database.\n"); _exit(1); } /* Walk the list of names, if we got one. */ certlist = PK11_ListCerts(PK11CertListAll, NULL); if (certlist != NULL) { /* Delete the existing cert. */ i = 0; for (node = CERT_LIST_HEAD(certlist); !CERT_LIST_EMPTY(certlist) && !CERT_LIST_END(node, certlist); node = CERT_LIST_NEXT(node)) { printf("%d: \"%s\"\n", ++i, node->cert->nickname); } CERT_DestroyCertList(certlist); } talloc_free(parent); if (NSS_Shutdown() != SECSuccess) { cm_log(1, "Error shutting down NSS.\n"); } return 0; } certmonger-0.79.19/tests/tools/ls.c0000644000175000017500000000360014511314133016515 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include "../../src/log.h" const char * uidname(uid_t uid) { static struct passwd *pwd; static char name[LINE_MAX]; if ((pwd != NULL) && (pwd->pw_uid == uid)) { return pwd->pw_name; } pwd = getpwuid(uid); if ((pwd != NULL) && (pwd->pw_uid == uid)) { return pwd->pw_name; } snprintf(name, sizeof(name), "%lu", (unsigned long) uid); return name; } const char * gidname(gid_t gid) { static struct group *grp; static char name[LINE_MAX]; if ((grp != NULL) && (grp->gr_gid == gid)) { return grp->gr_name; } grp = getgrgid(gid); if ((grp != NULL) && (grp->gr_gid == gid)) { return grp->gr_name; } snprintf(name, sizeof(name), "%lu", (unsigned long) gid); return name; } int main(int argc, char **argv) { struct stat st; int i; for (i = 1; i < argc; i++) { if (stat(argv[i], &st) == -1) { fprintf(stderr, "stat(%s): %s\n", argv[i], strerror(errno)); } else { printf("%s:%s|%04o|%s\n", uidname(st.st_uid), gidname(st.st_gid), st.st_mode & 07777, argv[i]); } } return 0; } certmonger-0.79.19/tests/tools/name2oid.c0000644000175000017500000000213014511314133017572 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include "../../src/log.h" #include "../../src/oiddict.h" int main(int argc, char **argv) { int i; const char *oid; void *parent; parent = talloc_new(NULL); for (i = 1; i < argc; i++) { oid = cm_oid_from_name(parent, argv[i]); if (oid != NULL) { printf("%s\n", oid); } else { return 1; } } talloc_free(parent); return 0; } certmonger-0.79.19/tests/tools/oid2name.c0000644000175000017500000000213214511314133017574 0ustar gitgit00000000000000/* * Copyright (C) 2009 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include "../../src/log.h" #include "../../src/oiddict.h" int main(int argc, char **argv) { int i; const char *name; void *parent; parent = talloc_new(NULL); for (i = 1; i < argc; i++) { name = cm_oid_to_name(parent, argv[i]); if (name != NULL) { printf("%s\n", name); } else { return 1; } } talloc_free(parent); return 0; } certmonger-0.79.19/tests/tools/payload.c0000644000175000017500000000372614511314133017541 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/store.h" #include "../../src/store-int.h" int main(int argc, char **argv) { int i; unsigned int len; unsigned char *p, *q, buf[LINE_MAX]; SECItem encoded; CERTSignedData signed_data; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); p = NULL; len = 0; while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { q = realloc(p, len + i); if (q == NULL) { perror("malloc"); free(p); return 1; } p = q; memcpy(p + len, buf, i); len += i; } memset(&encoded, 0, sizeof(encoded)); encoded.data = p; encoded.len = len; memset(&signed_data, 0, sizeof(signed_data)); if (SEC_ASN1DecodeItem(NULL, &signed_data, CERT_SignedDataTemplate, &encoded) == SECSuccess) { len = 0; while (len < signed_data.data.len) { i = write(STDOUT_FILENO, signed_data.data.data + len, signed_data.data.len - len); if (i <= 0) { perror("write"); return 1; } len += i; } } return 0; } certmonger-0.79.19/tests/tools/pem.c0000644000175000017500000000311514511314133016661 0ustar gitgit00000000000000/* * Copyright (C) 2021 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include "../../src/util-o.h" int main(int argc, const char **argv) { const char *filename; void *parent; int i, ret = 0; poptContext pctx; struct poptOption popts[] = { POPT_AUTOHELP POPT_TABLEEND }; parent = talloc_new(NULL); pctx = poptGetContext("pem", argc, argv, popts, 0); while ((i = poptGetNextOpt(pctx)) > 0) { continue; } if (i != -1) { poptPrintUsage(pctx, stdout, 0); return 1; } while ((filename = poptGetArg(pctx)) != NULL) { if (validate_pem(parent, (char *)filename) == 0) { printf("OK\n"); } else { ret = 1; } } talloc_free(parent); poptFreeContext(pctx); return ret; } certmonger-0.79.19/tests/tools/pem2base.c0000644000175000017500000000237114511314133017601 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include "../../src/submit-u.h" int main(int argc, char **argv) { char buf[LINE_MAX], *p = NULL, *q; while (fgets(buf, sizeof(buf), stdin) != NULL) { if (p == NULL) { p = strdup(buf); } else { q = malloc(strlen(p) + strlen(buf) + 1); if (q != NULL) { stpcpy(stpcpy(q, p), buf); free(p); p = q; } } } printf("%s\n", cm_submit_u_base64_from_text(p)); free(p); return 0; } certmonger-0.79.19/tests/tools/pk7decrypt.c0000644000175000017500000000560314511314133020200 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/pkcs7.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "../../src/submit-int.h" #include "../../src/util-o.h" int main(int argc, char **argv) { unsigned char *payload = NULL, *data, buf[BUFSIZ]; size_t payload_length = 0; struct cm_submit_decrypt_envelope_args args; void *parent; ssize_t len; int i; void (*decrypt)(const unsigned char *envelope, size_t length, void *decrypt_userdata, unsigned char **payload, size_t *payload_length) = NULL; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); parent = talloc_new(NULL); if (argc < 2) { fprintf(stderr, "Name of entry file required.\n"); return 1; } memset(&args, 0, sizeof(args)); args.entry = cm_store_files_entry_read(parent, argv[1]); if (args.entry == NULL) { fprintf(stderr, "Error reading entry from \"%s\".\n", argv[1]); return 1; } len = 0; data = NULL; while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { data = talloc_realloc_size(parent, data, len + i); if (data == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memcpy(data + len, buf, i); len += i; } if (len == 0) { fprintf(stderr, "No data to verify.\n"); return 1; } switch (args.entry->cm_key_storage_type) { case cm_key_storage_none: break; case cm_key_storage_nssdb: decrypt = cm_submit_n_decrypt_envelope; break; case cm_key_storage_file: decrypt = cm_submit_o_decrypt_envelope; break; } if (decrypt != NULL) { (*decrypt)(data, len, &args, &payload, &payload_length); } if ((payload != NULL) && (payload_length > 0)) { printf("payload:%s\n", cm_store_base64_from_bin(parent, payload, payload_length)); } else { printf("decrypt error\n"); } talloc_free(parent); return ((payload != NULL) && (payload_length > 0)) ? 0 : 1; } certmonger-0.79.19/tests/tools/pk7env.c0000644000175000017500000001103714511314133017314 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/pkcs7.h" #include "../../src/store.h" #define CSR1 "-----BEGIN CERTIFICATE REQUEST-----" #define CSR2 "-----BEGIN NEW CERTIFICATE REQUEST-----" #define CERT "-----BEGIN CERTIFICATE-----" int main(int argc, char **argv) { struct stat st; int fd, i, j; ssize_t len; size_t length; void *parent; char *p[3]; unsigned char *enveloped; parent = talloc_new(NULL); i = 1; while (i < argc) { fd = open(argv[i], O_RDONLY); if (fd == -1) { fprintf(stderr, "Error opening \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } if (fstat(fd, &st) == -1) { fprintf(stderr, "Error statting \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } p[0] = talloc_size(parent, st.st_size + 1); if (p[0] == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memset(p[0], 0, st.st_size + 1); len = 0; while (len < st.st_size) { j = read(fd, p[0] + len, st.st_size - len); if (j <= 0) { fprintf(stderr, "Read error on \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } len += j; } close(fd); i++; if (i >= argc) { return 1; } fd = open(argv[i], O_RDONLY); if (fd == -1) { fprintf(stderr, "Error opening \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } if (fstat(fd, &st) == -1) { fprintf(stderr, "Error statting \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } p[1] = talloc_size(parent, st.st_size + 1); if (p[1] == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memset(p[1], 0, st.st_size + 1); len = 0; while (len < st.st_size) { j = read(fd, p[1] + len, st.st_size - len); if (j <= 0) { fprintf(stderr, "Read error on \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } len += j; } p[1][len] = '\0'; close(fd); i++; if ((strncmp(p[1], CSR1, strlen(CSR1)) == 0) || (strncmp(p[1], CSR2, strlen(CSR2)) == 0)) { if (cm_pkcs7_envelope_csr(p[0], cm_prefs_des3, p[1], &enveloped, &length) != 0) { fprintf(stderr, "\"%s\"(\"%s\"): enveloping error.\n", argv[i - 2], argv[i - 1]); return 1; } printf("%s\n", cm_store_base64_from_bin(NULL, enveloped, length)); free(enveloped); continue; } if (i >= argc) { return 1; } fd = open(argv[i], O_RDONLY); if (fd == -1) { fprintf(stderr, "Error opening \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } if (fstat(fd, &st) == -1) { fprintf(stderr, "Error statting \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } p[2] = talloc_size(parent, st.st_size + 1); if (p[2] == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memset(p[2], 0, st.st_size + 1); len = 0; while (len < st.st_size) { j = read(fd, p[2] + len, st.st_size - len); if (j <= 0) { fprintf(stderr, "Read error on \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } len += j; } close(fd); i++; if ((strncmp(p[1], CERT, strlen(CERT)) == 0) && (strncmp(p[2], CERT, strlen(CERT)) == 0)) { if (cm_pkcs7_generate_ias(p[1], p[2], &enveloped, &length) != 0) { fprintf(stderr, "\"%s\",\"%s\": generating error.\n", argv[i - 2], argv[i - 1]); return 1; } printf("%s\n", cm_store_base64_from_bin(NULL, enveloped, length)); free(enveloped); if (cm_pkcs7_envelope_ias(p[0], cm_prefs_des3, p[1], p[2], &enveloped, &length) != 0) { fprintf(stderr, "\"%s\"(\"%s\",\"%s\"): enveloping error.\n", argv[i - 3], argv[i - 2], argv[i - 1]); return 1; } printf("%s\n", cm_store_base64_from_bin(NULL, enveloped, length)); free(enveloped); continue; } } return 0; } certmonger-0.79.19/tests/tools/pk7parse.c0000644000175000017500000000520714511314133017640 0ustar gitgit00000000000000/* * Copyright (C) 2014 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/pkcs7.h" int main(int argc, char **argv) { struct stat st; int fd, i, j, n_buffers = 0; ssize_t len; void *parent; unsigned char *p; const unsigned char **buffers; size_t *lengths; char *label, *leaf, *top, **certs; parent = talloc_new(NULL); buffers = talloc_array_ptrtype(parent, buffers, argc); lengths = talloc_array_ptrtype(parent, lengths, argc); label = ""; for (i = 1; i < argc; i++) { fd = open(argv[i], O_RDONLY); if (fd == -1) { fprintf(stderr, "Error opening \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } if (fstat(fd, &st) == -1) { fprintf(stderr, "Error statting \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } p = talloc_size(buffers, st.st_size); if (p == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memset(p, 0, st.st_size); len = 0; while (len < st.st_size) { j = read(fd, p + len, st.st_size - len); if (j <= 0) { fprintf(stderr, "Read error on \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } len += j; } close(fd); buffers[n_buffers] = p; lengths[n_buffers] = st.st_size; if (n_buffers > 0) { label = talloc_asprintf_append(label, ",%s", argv[i]); } else { label = talloc_strdup(parent, argv[i]); } n_buffers++; } if (cm_pkcs7_parsev(CM_PKCS7_LEAF_PREFER_ENCRYPT, parent, &leaf, &top, &certs, NULL, NULL, n_buffers, buffers, lengths) != 0) { fprintf(stderr, "\"%s\": parse error.\n", argv[i]); return 1; } printf("[%s]\nTOP:\n%sLEAF:\n%s", label, top ? top : "", leaf ? leaf : ""); for (i = 0; (certs != NULL) && (certs[i] != NULL); i++) { printf("%d:\n%s", i + 1, certs[i]); } talloc_free(parent); return 0; } certmonger-0.79.19/tests/tools/pk7verify.c0000644000175000017500000001014014511314133020022 0ustar gitgit00000000000000/* * Copyright (C) 2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/pkcs7.h" #include "../../src/store.h" #include "../../src/util-o.h" int main(int argc, char **argv) { struct stat st; int fd, i, j, root = 0, n_roots = 0, n_others = 0; ssize_t len; void *parent; char **roots, **others, *p, *digest = NULL; char *tx = NULL, *msgtype = NULL, *pkistatus = NULL, *failinfo = NULL; unsigned char *snonce = NULL, *rnonce = NULL, *payload = NULL; size_t snonce_length = 0, rnonce_length = 0, payload_length = 0; unsigned char *data, buf[BUFSIZ]; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); util_o_init(); ERR_load_crypto_strings(); parent = talloc_new(NULL); roots = talloc_array_ptrtype(parent, roots, argc); others = talloc_array_ptrtype(parent, others, argc); for (i = 1; i < argc; i++) { if (strcmp(argv[i], "-r") == 0) { root = 1; continue; } fd = open(argv[i], O_RDONLY); if (fd == -1) { fprintf(stderr, "Error opening \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } if (fstat(fd, &st) == -1) { fprintf(stderr, "Error statting \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } p = talloc_size(parent, st.st_size + 1); if (p == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memset(p, '\0', st.st_size + 1); len = 0; while (len < st.st_size) { j = read(fd, p + len, st.st_size - len); if (j <= 0) { fprintf(stderr, "Read error on \"%s\": %s.\n", argv[i], strerror(errno)); return 1; } len += j; } close(fd); if (root) { roots[n_roots++] = p; root = 0; } else { others[n_others++] = p; } } roots[n_roots] = NULL; others[n_others] = NULL; len = 0; data = NULL; while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { data = talloc_realloc_size(parent, data, len + i); if (data == NULL) { fprintf(stderr, "Out of memory.\n"); return 1; } memcpy(data + len, buf, i); len += i; } if (len == 0) { fprintf(stderr, "No data to verify.\n"); return 1; } i = cm_pkcs7_verify_signed(data, len, (const char **) roots, (const char **) others, NID_pkcs7_data, parent, &digest, &tx, &msgtype, &pkistatus, &failinfo, &snonce, &snonce_length, &rnonce, &rnonce_length, &payload, &payload_length); if (i == 0) { printf("verify passed\n"); } else { printf("verify failed\n"); } if (digest != NULL) { printf("digest:%s\n", digest); } if (tx != NULL) { printf("tx:%s\n", tx); } if (msgtype != NULL) { printf("msgtype:%s\n", msgtype); } if (pkistatus != NULL) { printf("pkistatus:%s\n", pkistatus); } if (failinfo != NULL) { printf("failinfo:%s\n", failinfo); } if (snonce != NULL) { printf("snonce:%s\n", cm_store_base64_from_bin(parent, snonce, snonce_length)); } if (rnonce != NULL) { printf("rnonce:%s\n", cm_store_base64_from_bin(parent, rnonce, rnonce_length)); } if (payload != NULL) { printf("payload:%s\n", cm_store_base64_from_bin(parent, payload, payload_length)); } talloc_free(parent); return i; } certmonger-0.79.19/tests/tools/prefs.c0000644000175000017500000000601614511314133017222 0ustar gitgit00000000000000/* * Copyright (C) 2010 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include "../../src/prefs.h" #include "../../src/store-int.h" int main(int argc, char **argv) { const char *dest; const time_t *ttls; unsigned int i, n_ttls; switch (cm_prefs_preferred_cipher()) { case cm_prefs_aes128: printf("cipher: AES128\n"); break; case cm_prefs_aes192: printf("cipher: AES192\n"); break; case cm_prefs_aes256: printf("cipher: AES256\n"); break; case cm_prefs_des: printf("cipher: DES\n"); break; case cm_prefs_des3: printf("cipher: DES3\n"); break; case cm_prefs_nocipher: printf("No cipher selected. Shouldn't happen\n"); break; } switch (cm_prefs_preferred_digest()) { case cm_prefs_md5: printf("digest: MD5\n"); break; case cm_prefs_sha1: printf("digest: SHA1\n"); break; case cm_prefs_sha256: printf("digest: SHA256\n"); break; case cm_prefs_sha384: printf("digest: SHA384\n"); break; case cm_prefs_sha512: printf("digest: SHA512\n"); break; case cm_prefs_nodigest: printf("No cipher selected. Shouldn't happen\n"); break; } if (cm_prefs_notify_ttls(&ttls, &n_ttls) == 0) { printf("notify_ttls: "); for (i = 0; i < n_ttls; i++) { printf("%s%llu", ((i > 0) ? ", " : ""), (unsigned long long) ttls[i]); } printf("\n"); } if (cm_prefs_enroll_ttls(&ttls, &n_ttls) == 0) { printf("enroll_ttls: "); for (i = 0; i < n_ttls; i++) { printf("%s%llu", ((i > 0) ? ", " : ""), (unsigned long long) ttls[i]); } printf("\n"); } dest = cm_prefs_notification_destination(); switch (cm_prefs_notification_method()) { case cm_notification_unspecified: printf("notification: UNSPECIFIED:%s\n", dest); break; case cm_notification_none: printf("notification: NONE\n"); break; case cm_notification_syslog: printf("notification: SYSLOG:%s\n", dest); break; case cm_notification_email: printf("notification: MAILTO:%s\n", dest); break; case cm_notification_stdout: printf("notification: STDOUT\n"); break; case cm_notification_command: printf("notification: COMMAND:%s\n", dest); break; } if (cm_prefs_preferred_rsa_key_size() == CM_DEFAULT_PUBKEY_SIZE) { // So we don't have to dynamically update expected.out printf("RSA key size: default\n"); } else { printf("RSA key size: %d\n", cm_prefs_preferred_rsa_key_size()); } return 0; } certmonger-0.79.19/tests/tools/printenv.c0000644000175000017500000000201614511314133017744 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include int main(int argc, char **argv) { int i, result = 0; char *value; for (i = 1; i < argc; i++) { value = getenv(argv[i]); if (value == NULL) { result = ENOENT; } else { printf("%s\n", value); } } return result; } certmonger-0.79.19/tests/tools/scepgen.c0000644000175000017500000000674714511314133017542 0ustar gitgit00000000000000/* * Copyright (C) 2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/scepgen.h" #include "../../src/store.h" #include "../../src/store-int.h" #include "../../src/submit-u.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, char **argv) { struct cm_scepgen_state *state; struct cm_store_ca *ca; struct cm_store_entry *entry; int fd, ret; void *parent; cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (argc > 2) { ca = cm_store_files_ca_read(parent, argv[1]); if (ca == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return -1; } entry = cm_store_files_entry_read(parent, argv[2]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[2], strerror(errno)); return 1; } } else { printf("Specify a CA file and an entry file as the two " "arguments.\n"); return 1; } state = cm_scepgen_start(ca, entry); if (state != NULL) { for (;;) { fd = cm_scepgen_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_scepgen_ready(state) == 0) { break; } } if (cm_scepgen_save_scep(state) == 0) { if (entry->cm_minicert != NULL) { printf("minicert:%s\n", entry->cm_minicert); } if (entry->cm_scep_tx != NULL) { printf("tx:%s\n", entry->cm_scep_tx); } if (entry->cm_scep_nonce != NULL) { printf("nonce:%s\n", entry->cm_scep_nonce); } if (entry->cm_scep_req != NULL) { printf("req:%s\n", cm_submit_u_base64_from_text(entry->cm_scep_req)); } if (entry->cm_scep_gic != NULL) { printf("gic:%s\n", cm_submit_u_base64_from_text(entry->cm_scep_gic)); } if (entry->cm_scep_req_next != NULL) { printf("req(next):%s\n", cm_submit_u_base64_from_text(entry->cm_scep_req_next)); } if (entry->cm_scep_gic_next != NULL) { printf("gic(next):%s\n", cm_submit_u_base64_from_text(entry->cm_scep_gic_next)); } ret = 0; } else { printf("Failed to save.\n"); if (cm_scepgen_need_token(state) == 0) { printf("(Need token.)\n"); } else if (cm_scepgen_need_pin(state) == 0) { printf("(Need PIN.)\n"); } else if (cm_scepgen_need_encryption_certs(state) == 0) { printf("(Need server certificates.)\n"); } ret = 1; } cm_scepgen_done(state); } else { printf("Failed to start.\n"); ret = 1; } cm_store_entry_save(entry); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/srv.c0000644000175000017500000000265314511314133016720 0ustar gitgit00000000000000/* * Copyright (C) 2014,2015,2017 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #ifdef HAVE_INTTYPES_H #include #endif #include #include #include #include #include #include #include #include "../../src/srvloc.h" int main(int argc, char **argv) { int i; struct cm_srvloc *results; for (i = 2; i < argc; i++) { if (cm_srvloc_resolve(NULL, argv[i], argv[1], &results) != 0) { printf("Error resolving \"%s.%s\".\n", argv[i], argv[1]); continue; } while (results != NULL) { printf("%s.%s: %s:%d (%d,%d)\n", argv[i], argv[1], results->host, results->port, results->priority, results->weight); results = results->next; } } return 0; } certmonger-0.79.19/tests/tools/submit.c0000644000175000017500000001074414511314133017411 0ustar gitgit00000000000000/* * Copyright (C) 2009,2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include #include #include #include #include #include #include #include "../../src/log.h" #include "../../src/store-int.h" #include "../../src/store.h" #include "../../src/submit.h" #include "../../src/submit-e.h" #include "../../src/submit-u.h" #include "tools.h" static void wait_to_read(int fd) { fd_set rfds; struct timeval tv; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = 1; tv.tv_usec = 0; select(fd + 1, &rfds, NULL, NULL, &tv); } int main(int argc, char **argv) { struct cm_submit_state *state; struct cm_store_ca *ca; struct cm_store_entry *entry; int fd, ret, i; void *parent; char *p; #ifdef HAVE_UUID cm_submit_uuid_fixed_for_testing = 1; /* use fixed UUIDs */ #endif cm_log_set_method(cm_log_stderr); cm_log_set_level(3); cm_set_fips_from_env(); parent = talloc_new(NULL); if (argc > 2) { ca = cm_store_files_ca_read(parent, argv[1]); if (ca == NULL) { printf("Error reading %s: %s.\n", argv[1], strerror(errno)); return -1; } entry = cm_store_files_entry_read(parent, argv[2]); if (entry == NULL) { printf("Error reading %s: %s.\n", argv[2], strerror(errno)); return -1; } } else { printf("Specify a CA file and an entry file as the two " "arguments.\n"); return -1; } state = cm_submit_start(ca, entry); if (state != NULL) { for (;;) { fd = cm_submit_get_fd(state); if (fd != -1) { wait_to_read(fd); } else { sleep(1); } if (cm_submit_ready(state) == 0) { break; } } if (cm_submit_issued(state) == 0) { while (strlen(entry->cm_cert) > 0) { i = strlen(entry->cm_cert) - 1; if (entry->cm_cert[i] == '\n') { entry->cm_cert[i] = '\0'; } else { break; } } p = talloc_asprintf(entry, "%s\n", entry->cm_cert); talloc_free(entry->cm_cert); entry->cm_cert = p; printf("%s", entry->cm_cert); ret = CM_SUBMIT_STATUS_ISSUED; } else if (cm_submit_save_ca_cookie(state) == 0) { printf("Certificate not issued, saved a cookie.\n"); ret = CM_SUBMIT_STATUS_WAIT; } else if (cm_submit_rejected(state) == 0) { if (entry->cm_ca_error != NULL) { printf("Request rejected: %s.\n", entry->cm_ca_error); } else { printf("Request rejected.\n"); } ret = CM_SUBMIT_STATUS_REJECTED; } else if (cm_submit_unreachable(state) == 0) { if (entry->cm_ca_error != NULL) { printf("CA was unreachable: %s.\n", entry->cm_ca_error); } else { printf("CA was unreachable.\n"); } ret = CM_SUBMIT_STATUS_UNREACHABLE; } else if (cm_submit_unconfigured(state) == 0) { if (entry->cm_ca_error != NULL) { printf("CA helper was un- or " "under-configured: %s.\n", entry->cm_ca_error); } else { printf("CA helper was un- or " "under-configured.\n"); } ret = CM_SUBMIT_STATUS_UNCONFIGURED; } else if (cm_submit_need_scep_messages(state) == 0) { if (entry->cm_ca_error != NULL) { printf("CA helper needs SCEP " "messages: %s.\n", entry->cm_ca_error); } else { printf("CA helper needs SCEP " "messages.\n"); } ret = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; } else if (cm_submit_need_rekey(state) == 0) { if (entry->cm_ca_error != NULL) { printf("CA helper says we need to " "rekey: %s.\n", entry->cm_ca_error); } else { printf("CA helper says we need to " "rekey.\n"); } ret = CM_SUBMIT_STATUS_NEED_REKEY; } else { printf("Can't explain what happened.\n"); ret = -1; } cm_submit_done(state); } else { printf("Failed to start.\n"); ret = -1; } cm_store_entry_save(entry); cm_store_ca_save(ca); talloc_free(parent); return ret; } certmonger-0.79.19/tests/tools/tm.c0000644000175000017500000000173214511314133016523 0ustar gitgit00000000000000/* * Copyright (C) 2011 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include "../../src/tm.h" time_t cm_time(time_t *dest) { long t; if (getenv("CM_FORCE_TIME") != NULL) { t = atol(getenv("CM_FORCE_TIME")); if (dest != NULL) { *dest = t; } return t; } else { return time(dest); } } certmonger-0.79.19/tests/tools/tools.c0000644000175000017500000000206714511314133017245 0ustar gitgit00000000000000/* * Copyright (C) 2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "../../src/config.h" #include #include #include "../../src/util-n.h" #include "tools.h" void cm_set_fips_from_env(void) { enum force_fips_mode force; if ((getenv("CERTMONGER_FORCE_FIPS") != NULL) && (atoi(getenv("CERTMONGER_FORCE_FIPS")) != 0)) { force = do_force_fips; } else { force = do_not_force_fips; } util_n_set_fips(force); } certmonger-0.79.19/tests/tools/tools.h0000644000175000017500000000140014511314133017240 0ustar gitgit00000000000000/* * Copyright (C) 2012 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef tools_h #define tools_h void cm_set_fips_from_env(void); #endif certmonger-0.79.19/zanata.xml0000644000175000017500000000540214511314133015433 0ustar gitgit00000000000000 https://fedora.zanata.org/ certmonger master gettext po po af am anp ar as ast bal be bg bn bn-IN bo br brx bs ca cs cy da de de-CH el en-GB eo es et eu fa fi fr gl gu he hi hr hu ia id ilo is it ja ka kk km kn ko kw kw-GB kw@kkcor kw@uccor ky lt lv mai mk ml mn mr ms nb nds ne nl nn nso or pa pl pt pt-BR ro ru si sk sl sq sr sr@latin sv ta te tg th tr tw uk ur vi wba yo zh-CN zh-HK zh-TW zu