thooge
/
tinyca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added support for SHA256. Applied fixes from debian and some other sources. 

Improved gui behavior.
This commit is contained in:
Thomas Hooge 2016-12-05 21:25:21 +01:00
parent e136e7cbbf
commit 4bb2b88a2a
17 changed files with 255 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install.sh
View File

@ -1,9 +1,15 @@
#!/bin/bash #!/bin/bash
rm -rf locale
mkdir -p locale/de/LC_MESSAGES mkdir -p locale/de/LC_MESSAGES
mkdir -p locale/es/LC_MESSAGES mkdir -p locale/es/LC_MESSAGES
mkdir -p locale/cs/LC_MESSAGES mkdir -p locale/cs/LC_MESSAGES
mkdir -p locale/fr/LC_MESSAGES
mkdir -p locale/sv/LC_MESSAGES
msgfmt po/de.po -o locale/de/LC_MESSAGES/tinyca2.mo msgfmt po/de.po -o locale/de/LC_MESSAGES/tinyca2.mo
msgfmt po/es.po -o locale/es/LC_MESSAGES/tinyca2.mo msgfmt po/es.po -o locale/es/LC_MESSAGES/tinyca2.mo
msgfmt po/cs.po -o locale/cs/LC_MESSAGES/tinyca2.mo msgfmt po/cs.po -o locale/cs/LC_MESSAGES/tinyca2.mo
msgfmt po/fr.po -o locale/fr/LC_MESSAGES/tinyca2.mo
msgfmt po/sv.po -o locale/sv/LC_MESSAGES/tinyca2.mo

5
lib/CA.pm
View File

@ -349,7 +349,7 @@ sub get_ca_create {
$opts = {}; $opts = {};
$opts->{'days'} = 3650; # set default to 10 years $opts->{'days'} = 3650; # set default to 10 years
$opts->{'bits'} = 4096; $opts->{'bits'} = 4096;
$opts->{'digest'} = 'sha1'; $opts->{'digest'} = 'sha256';
if(defined($mode) && $mode eq "sub") { # create SubCA, use defaults if(defined($mode) && $mode eq "sub") { # create SubCA, use defaults
$opts->{'parentca'} = $main->{'CA'}->{'actca'}; $opts->{'parentca'} = $main->{'CA'}->{'actca'};
@ -453,7 +453,7 @@ sub get_ca_import {
$opts = {}; $opts = {};
$opts->{'days'} = 3650; # set default to 10 years $opts->{'days'} = 3650; # set default to 10 years
$opts->{'bits'} = 4096; $opts->{'bits'} = 4096;
$opts->{'digest'} = 'sha1'; $opts->{'digest'} = 'sha256';
$main->show_ca_import_dialog($opts); $main->show_ca_import_dialog($opts);
return; return;
@ -1062,6 +1062,7 @@ sub create_ca {
'outdir' => $self->{$ca}->{'dir'}."/newcerts/", 'outdir' => $self->{$ca}->{'dir'}."/newcerts/",
'keyfile' => $self->{$ca}->{'dir'}."/cacert.key", 'keyfile' => $self->{$ca}->{'dir'}."/cacert.key",
'cacertfile' => $self->{$ca}->{'dir'}."/cacert.pem", 'cacertfile' => $self->{$ca}->{'dir'}."/cacert.pem",
'digest' => $opts->{'digest'},
'pass' => $opts->{'passwd'}, 'pass' => $opts->{'passwd'},
'days' => $opts->{'days'}, 'days' => $opts->{'days'},
'parentpw' => $opts->{'parentpw'}, 'parentpw' => $opts->{'parentpw'},

3
lib/CERT.pm
View File

@ -480,6 +480,9 @@ sub export_cert {
$out = ''; $out = '';
$out .= "Fingerprint (MD5): $opts->{'parsed'}->{'FINGERPRINTMD5'}\n"; $out .= "Fingerprint (MD5): $opts->{'parsed'}->{'FINGERPRINTMD5'}\n";
$out .= "Fingerprint (SHA1): $opts->{'parsed'}->{'FINGERPRINTSHA1'}\n\n"; $out .= "Fingerprint (SHA1): $opts->{'parsed'}->{'FINGERPRINTSHA1'}\n\n";
$out .= "Fingerprint (SHA256): $opts->{'parsed'}->{'FINGERPRINTSHA256'}\n\n";
$out .= "Fingerprint (SHA384): $opts->{'parsed'}->{'FINGERPRINTSHA384'}\n\n";
$out .= "Fingerprint (SHA512): $opts->{'parsed'}->{'FINGERPRINTSHA512'}\n\n";
} else { } else {
$out = ''; $out = '';
} }

72
lib/GUI.pm
View File

@ -29,14 +29,16 @@ my $true=1;
# This hash maps our internal MD names to the displayed digest names. # This hash maps our internal MD names to the displayed digest names.
# Maybe it should live in a crypto-related file instead of a UI-related file? # Maybe it should live in a crypto-related file instead of a UI-related file?
my %md_algorithms = ( my %md_algorithms = (
'md5' => 'MD5', 'sha256' => 'SHA-256',
'sha1' => 'SHA1', 'md5' => 'ins.MD5',
'md2' => 'MD2', # n/a 'md2' => 'MD2',
'mdc2' => 'MDC2', # n/a 'mdc2' => 'MDC2',
'md4' => 'MD4', 'md4' => 'ins.MD4',
'ripemd160' => 'RIPEMD-160', 'ripemd160' => 'RIPEMD-160',
# 'sha' => 'SHA', # 'sha' => 'SHA',
'sha1' => 'SHA-1', 'sha1' => 'ins.SHA-1',
'sha384' => 'SHA-384',
'sha512' => 'SHA-512',
); );
my %bit_lengths = ( my %bit_lengths = (
@ -58,7 +60,7 @@ sub new {
bless($self, $class); bless($self, $class);
$self->{'version'} = '0.7.5'; $self->{'version'} = '0.7.6';
$self->{'words'} = GUI::WORDS->new(); $self->{'words'} = GUI::WORDS->new();
@ -573,6 +575,12 @@ sub create_toolbar {
} elsif($mode eq 'key') { } elsif($mode eq 'key') {
$button = Gtk2::ToolButton->new_from_stock('gtk-revert-to-saved');
$self->{'toolbar'}->insert($button, -1);
$button->set_label(_("Import"));
$button->signal_connect('clicked', sub {
$self->{'KEY'}->get_import_key($self) });
$button = Gtk2::ToolButton->new_from_stock('gtk-save'); $button = Gtk2::ToolButton->new_from_stock('gtk-save');
$self->{'toolbar'}->insert($button, -1); $self->{'toolbar'}->insert($button, -1);
$button->set_label(_("Export")); $button->set_label(_("Export"));
@ -978,7 +986,7 @@ sub create_detail_tree {
$piter = $store->append($root); $piter = $store->append($root);
$store->set($piter, 0 => $t); $store->set($piter, 0 => $t);
for my $l qw(CN EMAIL O OU C ST L) { for my $l (qw(CN EMAIL O OU C ST L)) {
if(defined($parsed->{$l})) { if(defined($parsed->{$l})) {
if($l eq "OU") { if($l eq "OU") {
foreach my $ou (@{$parsed->{'OU'}}) { foreach my $ou (@{$parsed->{'OU'}}) {
@ -1003,7 +1011,7 @@ sub create_detail_tree {
$piter = $store->append($root); $piter = $store->append($root);
$store->set($piter, 0 => $t); $store->set($piter, 0 => $t);
for my $l qw(CN EMAIL O OU C ST L) { for my $l (qw(CN EMAIL O OU C ST L)) {
if(defined($parsed->{'ISSUERDN'}->{$l})) { if(defined($parsed->{'ISSUERDN'}->{$l})) {
if($l eq "OU") { if($l eq "OU") {
foreach my $ou (@{$parsed->{'ISSUERDN'}->{'OU'}}) { foreach my $ou (@{$parsed->{'ISSUERDN'}->{'OU'}}) {
@ -1029,7 +1037,7 @@ sub create_detail_tree {
$piter = $store->append($root); $piter = $store->append($root);
$store->set($piter, 0 => $t); $store->set($piter, 0 => $t);
for my $l qw(STATUS NOTBEFORE NOTAFTER) { for my $l (qw(STATUS NOTBEFORE NOTAFTER)) {
if(defined($parsed->{$l})) { if(defined($parsed->{$l})) {
$citer = $store->append($piter); $citer = $store->append($piter);
$store->set($citer, $store->set($citer,
@ -1045,7 +1053,7 @@ sub create_detail_tree {
$store->set($piter, 0 => $t); $store->set($piter, 0 => $t);
for my $l qw(STATUS SERIAL KEYSIZE PK_ALGORITHM SIG_ALGORITHM TYPE) { for my $l (qw(STATUS SERIAL KEYSIZE PK_ALGORITHM SIG_ALGORITHM TYPE)) {
if(defined($parsed->{$l})) { if(defined($parsed->{$l})) {
$citer = $store->append($piter); $citer = $store->append($piter);
$store->set($citer, $store->set($citer,
@ -1060,7 +1068,7 @@ sub create_detail_tree {
$piter = $store->append($root); $piter = $store->append($root);
$store->set($piter, 0 => $t); $store->set($piter, 0 => $t);
for my $l qw(FINGERPRINTMD5 FINGERPRINTSHA1) { for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1 FINGERPRINTSHA256 FINGERPRINTSHA384 FINGERPRINTSHA512)) {
if(defined($parsed->{$l})) { if(defined($parsed->{$l})) {
$citer = $store->append($piter); $citer = $store->append($piter);
$store->set($citer, $store->set($citer,
@ -1171,6 +1179,7 @@ sub show_select_ca_dialog {
); );
$box = GUI::HELPERS::dialog_box($t, $t, $button_ok, $button_cancel); $box = GUI::HELPERS::dialog_box($t, $t, $button_ok, $button_cancel);
$box->set_default_size(240,320);
$button_ok->grab_default(); $button_ok->grab_default();
@ -1249,7 +1258,7 @@ sub show_req_dialog {
# table for request data # table for request data
my $cc=0; my $cc=0;
my $ous = 1; my $ous = 1;
if(defined($opts->{'OU'})) { if(defined($opts->{'OU'}) and ref($opts->{'OU'}) eq 'ARRAY') {
$ous = @{$opts->{'OU'}} - 1; $ous = @{$opts->{'OU'}} - 1;
} }
$reqtable = Gtk2::Table->new(1, 13 + $ous, 0); $reqtable = Gtk2::Table->new(1, 13 + $ous, 0);
@ -1297,7 +1306,7 @@ sub show_req_dialog {
_("Organization Name (eg. company):"), _("Organization Name (eg. company):"),
\$opts->{'O'}, $reqtable, 10, 1); \$opts->{'O'}, $reqtable, 10, 1);
if(defined($opts->{'OU'})) { if(defined($opts->{'OU'}) and ref($opts->{'OU'}) eq 'ARRAY') {
foreach my $ou (@{$opts->{'OU'}}) { foreach my $ou (@{$opts->{'OU'}}) {
$entry = GUI::HELPERS::entry_to_table( $entry = GUI::HELPERS::entry_to_table(
_("Organizational Unit Name (eg. section):"), _("Organizational Unit Name (eg. section):"),
@ -1616,6 +1625,17 @@ sub show_ca_export_dialog {
return; return;
} }
#
# get filename for importing keys
#
sub show_key_import_dialog {
my ($self, $opts) = @_;
# my $opts = {};
my($box, $button_ok, $button_cancel, $button, $entry, $table, $label);
}
# #
# get password for exporting keys # get password for exporting keys
# #
@ -1746,6 +1766,7 @@ sub show_export_dialog {
} }
$box = GUI::HELPERS::dialog_box($title, $text, $button_ok, $button_cancel); $box = GUI::HELPERS::dialog_box($title, $text, $button_ok, $button_cancel);
$box->set_default_size(640, -1);
# small table for file selection # small table for file selection
$table = Gtk2::Table->new(1, 3, 0); $table = Gtk2::Table->new(1, 3, 0);
@ -1753,7 +1774,7 @@ sub show_export_dialog {
$box->vbox->add($table); $box->vbox->add($table);
$label = GUI::HELPERS::create_label(_("File:"), 'left', 0, 0); $label = GUI::HELPERS::create_label(_("File:"), 'left', 0, 0);
$table->attach_defaults($label, 0, 1, 0, 1); $table->attach($label, 0, 1, 0, 1, 'fill', 'fill', 0, 0);
if($mode eq 'cert') { if($mode eq 'cert') {
$t = _("Export Certificate"); $t = _("Export Certificate");
@ -1773,7 +1794,7 @@ sub show_export_dialog {
$button->signal_connect('clicked' => $button->signal_connect('clicked' =>
sub{GUI::HELPERS::browse_file( sub{GUI::HELPERS::browse_file(
$t, $fileentry, 'save')}); $t, $fileentry, 'save')});
$table->attach_defaults($button, 2, 3, 0, 1); $table->attach($button, 2, 3, 0, 1, 'fill', 'fill', 0, 0);
$label = GUI::HELPERS::create_label( $label = GUI::HELPERS::create_label(
_("Export Format:"), 'center', 0, 0); _("Export Format:"), 'center', 0, 0);
@ -2521,12 +2542,14 @@ sub about {
my ($aboutdialog, $href, $label); my ($aboutdialog, $href, $label);
$aboutdialog = Gtk2::AboutDialog->new(); $aboutdialog = Gtk2::AboutDialog->new();
$aboutdialog->set_name("TinyCA2"); $aboutdialog->set_program_name("TinyCA2");
$aboutdialog->set_version($main->{'version'}); $aboutdialog->set_version($main->{'version'});
$aboutdialog->set_copyright("2002-2006 Stephan Martin"); $aboutdialog->set_copyright("2002-2006 Stephan Martin");
$aboutdialog->set_license("GNU Public License (GPL)"); $aboutdialog->set_license("GNU Public License (GPL)");
$aboutdialog->set_website("http://tinyca.sm-zone.net/"); $aboutdialog->set_website("http://tinyca.sm-zone.net/");
$aboutdialog->set_authors("Stephan Martin <sm\@sm-zone.net>"); $aboutdialog->set_authors(
"Stephan Martin <sm\@sm-zone.net>"."\n".
"Thomas Hooge <thomas\@hoogi.de>");
$aboutdialog->set_translator_credits( $aboutdialog->set_translator_credits(
_("Czech: Robert Wolf <gentoo\@slave.umbr.cas.cz>")."\n". _("Czech: Robert Wolf <gentoo\@slave.umbr.cas.cz>")."\n".
_("Swedish: Daniel Nylander <yeager\@lidkoping.net>")."\n". _("Swedish: Daniel Nylander <yeager\@lidkoping.net>")."\n".
@ -2534,6 +2557,8 @@ sub about {
_("French: Thibault Le Meur <Thibault.Lemeur\@supelec.fr>")); _("French: Thibault Le Meur <Thibault.Lemeur\@supelec.fr>"));
$aboutdialog->show_all(); $aboutdialog->show_all();
$aboutdialog->run;
$aboutdialog->destroy;
return; return;
} }
@ -2634,7 +2659,7 @@ sub show_req_date_warning {
my ($box, $button_ok, $button_cancel, $t); my ($box, $button_ok, $button_cancel, $t);
$t = _("The Certificate will be longer valid than your CA!"); $t = _("The certificate will be valid longer than its CA!");
$t .= "\n"; $t .= "\n";
$t .= _("This may cause problems with some software!!"); $t .= _("This may cause problems with some software!!");
@ -3088,18 +3113,21 @@ sub _create_req_menu {
sub _fill_radiobox { sub _fill_radiobox {
my($radiobox, $var, %values) = @_; my($radiobox, $var, %values) = @_;
my($previous_key, $value); my($active_key, $previous_key, $value);
$active_key = undef;
$previous_key = undef; $previous_key = undef;
for $value (keys %values) { for $value (sort keys %values) {
my $display_name = $values{$value}; my $display_name = $values{$value};
my $key = Gtk2::RadioButton->new($previous_key, $display_name); my $key = Gtk2::RadioButton->new($previous_key, $display_name);
$key->set_active(1) if(defined($$var) && $$var eq $value); #$key->set_active(1) if(defined($$var) && $$var eq $value);
$active_key = $key if(defined($$var) && $$var eq $value);
$key->signal_connect('toggled' => $key->signal_connect('toggled' =>
sub{GUI::CALLBACK::toggle_to_var($key, $var, $value)}); sub{GUI::CALLBACK::toggle_to_var($key, $var, $value)});
$radiobox->add($key); $radiobox->add($key);
$previous_key = $key; $previous_key = $key;
} }
$active_key->set_active(1) if ($active_key);
} }
1 1

3
lib/GUI/WORDS.pm
View File

@ -70,6 +70,9 @@ sub new {
'STATUS' => _("Status"), 'STATUS' => _("Status"),
'FINGERPRINTMD5' => _("Fingerprint (MD5)"), 'FINGERPRINTMD5' => _("Fingerprint (MD5)"),
'FINGERPRINTSHA1' => _("Fingerprint (SHA1)"), 'FINGERPRINTSHA1' => _("Fingerprint (SHA1)"),
'FINGERPRINTSHA256' => _("Fingerprint (SHA256)"),
'FINGERPRINTSHA384' => _("Fingerprint (SHA384)"),
'FINGERPRINTSHA512' => _("Fingerprint (SHA512)"),
_("Not set") => 'none', _("Not set") => 'none',
_("Ask User") => 'user', _("Ask User") => 'user',
_("critical") => 'critical', _("critical") => 'critical',

2
lib/GUI/X509_browser.pm
View File

@ -624,7 +624,7 @@ sub selection_cadir {
$dir = $self->{'actdir'}; $dir = $self->{'actdir'};
# cut off the last directory name to provide the ca-directory # cut off the last directory name to provide the ca-directory
$dir =~ s/\/certs|\/req|\/keys$//; $dir =~ s/(\/certs|\/req|\/keys)$//;
return($dir); return($dir);
} }

9
lib/GUI/X509_infobox.pm
View File

@ -90,6 +90,15 @@ sub display {
'center', 0, 0); 'center', 0, 0);
$self->{'x509textbox'}->pack_start($self->{'certfingerprintsha1'}, $self->{'x509textbox'}->pack_start($self->{'certfingerprintsha1'},
0, 0, 0); 0, 0, 0);
if(defined($self->{'certfingerprintsha256'})) {
$self->{'certfingerprintsha256'}->destroy();
}
$self->{'certfingerprintsha256'} = GUI::HELPERS::create_label(
_("Fingerprint (SHA256)").": ".$parsed->{'FINGERPRINTSHA256'},
'center', 0, 0);
$self->{'x509textbox'}->pack_start($self->{'certfingerprintsha256'},
0, 0, 0);
} }
if (($mode eq 'cert') || ($mode eq 'cacert')) { if (($mode eq 'cert') || ($mode eq 'cacert')) {

17
lib/KEY.pm
View File

@ -30,6 +30,23 @@ sub new {
bless($self, $class); bless($self, $class);
} }
#
# get informations to import key from file
#
sub get_import_key {
my ($self, $main, $opts, $box) = @_;
$box->destroy() if(defined($box));
GUI::HELPERS::print_warning(_("Import Key: Function does not yet exist."));
# if(not defined($opts)) {
# $main->show_key_import_dialog();
# return;
# }
}
# #
# get name of keyfile to delete # get name of keyfile to delete
# #

150
lib/OpenSSL.pm
View File

@ -22,6 +22,7 @@ package OpenSSL;
use POSIX; use POSIX;
use IPC::Open3; use IPC::Open3;
use IO::Select;
use Time::Local; use Time::Local;
sub new { sub new {
@ -41,7 +42,7 @@ sub new {
close(TEST); close(TEST);
# set version (format: e.g. 0.9.7 or 0.9.7a) # set version (format: e.g. 0.9.7 or 0.9.7a)
if($v =~ /\b(0\.9\.[678][a-z]?)\b/) { if($v =~ /\b(0\.9\.[6-9][a-z]?)\b/ || $v =~ /\b(1\.0\.[01][a-z]?)\b/) {
$self->{'version'} = $1; $self->{'version'} = $1;
} }
@ -142,7 +143,13 @@ sub signreq {
$cmd .= " -in \"$opts->{'reqfile'}\""; $cmd .= " -in \"$opts->{'reqfile'}\"";
$cmd .= " -days $opts->{'days'}"; $cmd .= " -days $opts->{'days'}";
$cmd .= " -preserveDN"; $cmd .= " -preserveDN";
$cmd .= " -md $opts->{'digest'}" if($opts->{'digest'}); if($opts->{'digest'}){
if (lc $opts->{'digest'} eq 'sha1') {
# force sha256 instead of deprecated sha1
$opts->{'digest'} = "sha256";
}
$cmd .= " -md $opts->{'digest'}";
};
if(defined($opts->{'mode'}) && $opts->{'mode'} eq "sub") { if(defined($opts->{'mode'}) && $opts->{'mode'} eq "sub") {
$cmd .= " -keyfile \"$opts->{'keyfile'}\""; $cmd .= " -keyfile \"$opts->{'keyfile'}\"";
@ -673,6 +680,47 @@ sub parsecert {
GUI::HELPERS::print_warning($t, $ext); GUI::HELPERS::print_warning($t, $ext);
} }
$cmd = "$self->{'bin'} x509 -noout -fingerprint -sha256 -in $file";
$ext = "$cmd\n\n";
$pid = open3($wtfh, $rdfh, $rdfh, $cmd);
while(<$rdfh>){
$ext .= $_;
($k, $v) = split(/=/);
$tmp->{'FINGERPRINTSHA256'} = $v if($k =~ /SHA256 Fingerprint/i);
chomp($tmp->{'FINGERPRINTSHA256'});
}
waitpid($pid, 0);
$ret = $? >> 8;
$cmd = "$self->{'bin'} x509 -noout -fingerprint -sha384 -in $file";
$ext = "$cmd\n\n";
$pid = open3($wtfh, $rdfh, $rdfh, $cmd);
while(<$rdfh>){
$ext .= $_;
($k, $v) = split(/=/);
$tmp->{'FINGERPRINTSHA384'} = $v if($k =~ /SHA384 Fingerprint/i);
chomp($tmp->{'FINGERPRINTSHA384'});
}
waitpid($pid, 0);
$ret = $? >> 8;
$cmd = "$self->{'bin'} x509 -noout -fingerprint -sha512 -in $file";
$ext = "$cmd\n\n";
$pid = open3($wtfh, $rdfh, $rdfh, $cmd);
while(<$rdfh>){
$ext .= $_;
($k, $v) = split(/=/);
$tmp->{'FINGERPRINTSHA512'} = $v if($k =~ /SHA512 Fingerprint/i);
chomp($tmp->{'FINGERPRINTSHA512'});
}
waitpid($pid, 0);
$ret = $? >> 8;
if($ret) {
$t = _("Error reading fingerprint from Certificate");
GUI::HELPERS::print_warning($t, $ext);
}
# get subject in openssl format # get subject in openssl format
$cmd = "$self->{'bin'} x509 -noout -subject -in $file"; $cmd = "$self->{'bin'} x509 -noout -subject -in $file";
$ext = "$cmd\n\n"; $ext = "$cmd\n\n";
@ -817,7 +865,7 @@ sub convdata {
my $self = shift; my $self = shift;
my $opts = { @_ }; my $opts = { @_ };
my ($tmp, $ext, $ret, $file, $pid, $cmd); my ($tmp, $ext, $ret, $file, $pid, $cmd, $cmdout, $cmderr);
$file = HELPERS::mktmp($self->{'tmp'}."/data"); $file = HELPERS::mktmp($self->{'tmp'}."/data");
$cmd = "$self->{'bin'} $opts->{'cmd'}"; $cmd = "$self->{'bin'} $opts->{'cmd'}";
@ -830,16 +878,7 @@ sub convdata {
$cmd .= " -outform $opts->{'outform'}"; $cmd .= " -outform $opts->{'outform'}";
} }
my($rdfh, $wtfh); ($ret, $tmp, $ext) = _run_with_fixed_input($cmd, $opts->{'data'});
$ext = "$cmd\n\n";
$pid = open3($wtfh, $rdfh, $rdfh, $cmd);
print $wtfh "$opts->{'data'}\n";
while(<$rdfh>){
$ext .= $_;
# print STDERR "DEBUG: cmd ret: $_";
};
waitpid($pid, 0);
$ret = $?>>8;
if($self->{'broken'}) { if($self->{'broken'}) {
if(($ret != 0 && $opts->{'cmd'} ne 'crl') || if(($ret != 0 && $opts->{'cmd'} ne 'crl') ||
@ -859,14 +898,15 @@ sub convdata {
} }
} }
open(IN, $file) || do { if (-s $file) { # If the file is empty, the payload is in $tmp (via STDOUT of the called process).
my $t = sprintf(_("Can't open file %s: %s"), $file, $!); open(IN, $file) || do {
GUI::HELPERS::print_warning($t); my $t = sprintf(_("Can't open file %s: %s"), $file, $!);
return; GUI::HELPERS::print_warning($t);
}; return;
$tmp .= $_ while(<IN>); };
close(IN); $tmp .= $_ while(<IN>);
close(IN);
}
unlink($file); unlink($file);
return($ret, $tmp, $ext); return($ret, $tmp, $ext);
@ -1076,4 +1116,72 @@ sub _get_index {
} }
} }
=over
=item _run_with_fixed_input($cmd, $input)
This function runs C<$cmd> and writes the C<$input> to STDIN of the
new process (all at once).
While the command runs, all of its output to STDOUT and STDERR is
collected.
After the command terminates (closes both STDOUT and STDIN) the
function returns the command's return value as well as everything it
wrote to its STDOUT and STDERR in a list.
=back
=cut
sub _run_with_fixed_input {
my $cmd = shift;
my $input = shift;
my ($wtfh, $rdfh, $erfh, $pid, $sel, $ret, $stdout, $stderr);
$erfh = Symbol::gensym; # Must not be false, otherwise it is lumped together with rdfh
# Run the command
$pid = open3($wtfh, $rdfh, $erfh, $cmd);
print $wtfh $input, "\n";
$stdout = '';
$stderr = '';
$sel = new IO::Select($rdfh, $erfh);
while (my @fhs = $sel->can_read()) {
foreach my $fh (@fhs) {
if ($fh == $rdfh) { # STDOUT
my $bytes_read = sysread($fh, my $buf='', 1024);
if ($bytes_read == -1) {
warn("Error reading from child's STDOUT: $!\n");
$sel->remove($fh);
} elsif ($bytes_read == 0) {
# print("Child's STDOUT closed.\n");
$sel->remove($fh);
} else {
$stdout .= $buf;
}
}
elsif ($fh == $erfh) { # STDERR
my $bytes_read = sysread($fh, my $buf='', 1024);
if ($bytes_read == -1) {
warn("Error reading from child's STDERR: $!\n");
$sel->remove($fh);
} elsif ($bytes_read == 0) {
# print("Child's STDERR closed.\n");
$sel->remove($fh);
} else {
$stderr .= $buf;
}
}
}
}
waitpid($pid, 0);
$ret = $?>>8;
return ($ret, $stdout, $stderr)
}
1 1

8
lib/REQ.pm
View File

@ -59,7 +59,7 @@ sub get_req_create {
GUI::HELPERS::print_error($t); GUI::HELPERS::print_error($t);
} }
$opts->{'bits'} = 4096; $opts->{'bits'} = 4096;
$opts->{'digest'} = 'sha1'; $opts->{'digest'} = 'sha256';
$opts->{'algo'} = 'rsa'; $opts->{'algo'} = 'rsa';
if(defined($opts) && $opts eq "sign") { if(defined($opts) && $opts eq "sign") {
$opts->{'sign'} = 1; $opts->{'sign'} = 1;
@ -426,6 +426,12 @@ sub get_sign_req {
$opts->{'digest'} = "md5"; $opts->{'digest'} = "md5";
} elsif ($opts->{'digest'} =~ /^sha1/) { } elsif ($opts->{'digest'} =~ /^sha1/) {
$opts->{'digest'} = "sha1"; $opts->{'digest'} = "sha1";
} elsif ($opts->{'digest'} =~ /^sha256/) {
$opts->{'digest'} = "sha256";
} elsif ($opts->{'digest'} =~ /^sha384/) {
$opts->{'digest'} = "sha384";
} elsif ($opts->{'digest'} =~ /^sha512/) {
$opts->{'digest'} = "sha512";
} elsif ($opts->{'digest'} =~ /^ripemd160/) { } elsif ($opts->{'digest'} =~ /^ripemd160/) {
$opts->{'digest'} = "ripemd160"; $opts->{'digest'} = "ripemd160";
} else { } else {

2
po/cs.po
View File

@ -1257,7 +1257,7 @@ msgid "if the corresponding certificate is still valid"
msgstr "pokud odpovídající certifikát je stále platný" msgstr "pokud odpovídající certifikát je stále platný"
#: ../lib/GUI.pm:2636 #: ../lib/GUI.pm:2636
msgid "The Certificate will be longer valid than your CA!" msgid "The certificate will be valid longer than its CA!"
msgstr "Certifikát bude platný déle než Vaše CA!" msgstr "Certifikát bude platný déle než Vaše CA!"
#: ../lib/GUI.pm:2638 #: ../lib/GUI.pm:2638

2
po/de.po
View File

@ -1245,7 +1245,7 @@ msgid "if the corresponding certificate is still valid"
msgstr "falls das Zertifikat noch gültig ist" msgstr "falls das Zertifikat noch gültig ist"
#: ../lib/GUI.pm:2636 #: ../lib/GUI.pm:2636
msgid "The Certificate will be longer valid than your CA!" msgid "The certificate will be valid longer than its CA!"
msgstr "Das Zertifikat wird länger gültig sein als die CA!" msgstr "Das Zertifikat wird länger gültig sein als die CA!"
#: ../lib/GUI.pm:2638 #: ../lib/GUI.pm:2638

2
po/es.po
View File

@ -1260,7 +1260,7 @@ msgid "if the corresponding certificate is still valid"
msgstr "¡Si el Certificado correspondiente no ha caducado o ha sido revocado " msgstr "¡Si el Certificado correspondiente no ha caducado o ha sido revocado "
#: ../lib/GUI.pm:2636 #: ../lib/GUI.pm:2636
msgid "The Certificate will be longer valid than your CA!" msgid "The certificate will be valid longer than its CA!"
msgstr "¡El Certificado tendrá mayor duración que la CA!" msgstr "¡El Certificado tendrá mayor duración que la CA!"
#: ../lib/GUI.pm:2638 #: ../lib/GUI.pm:2638

2
po/fr.po
View File

@ -1257,7 +1257,7 @@ msgid "if the corresponding certificate is still valid"
msgstr "Si le Certificat correspondant est tjours valide" msgstr "Si le Certificat correspondant est tjours valide"
#: ../lib/GUI.pm:2636 #: ../lib/GUI.pm:2636
msgid "The Certificate will be longer valid than your CA!" msgid "The certificate will be valid longer than its CA!"
msgstr "" msgstr ""
"La date de validité du Certificat dépasse la date de validité de la CA!" "La date de validité du Certificat dépasse la date de validité de la CA!"

14
po/sv.po
View File

@ -1,19 +1,23 @@
# Swedish translation of tinyca. # Swedish translation of tinyca.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the tinyca package. # This file is distributed under the same license as the tinyca package.
#
# Daniel Nylander <po@danielnylander.se>, 2006. # Daniel Nylander <po@danielnylander.se>, 2006.
# Marcus Better <marcus@better.se>, 2009.
# #
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: tinyca\n" "Project-Id-Version: tinyca\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2005-06-05 18:44+0200\n" "POT-Creation-Date: 2005-06-05 18:44+0200\n"
"PO-Revision-Date: 2006-07-10 16:23+0100\n" "PO-Revision-Date: 2009-10-19 12:02+0200\n"
"Last-Translator: Daniel Nylander <po@danielnylander.se>\n" "Last-Translator: Marcus Better <marcus@better.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n" "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n" "Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"X-Generator: Lokalize 1.0\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#: ../lib/CA.pm:45 #: ../lib/CA.pm:45
msgid "error: can't open basedir: " msgid "error: can't open basedir: "
@ -253,7 +257,7 @@ msgstr "Kan inte skriva certifikatfil: %s"
#: ../lib/CA.pm:766 #: ../lib/CA.pm:766
#: ../lib/CA.pm:912 #: ../lib/CA.pm:912
msgid "Can't open Index file: " msgid "Can't open Index file: "
msgstr "Kan inte öppna Index-fil: " msgstr "Kan inte öppna indexfil: "
#: ../lib/CA.pm:774 #: ../lib/CA.pm:774
#: ../lib/CA.pm:919 #: ../lib/CA.pm:919
@ -652,7 +656,7 @@ msgstr "Typ"
#: ../lib/GUI.pm:246 #: ../lib/GUI.pm:246
msgid "Keys" msgid "Keys"
msgstr "Tangenter" msgstr "Nycklar"
#: ../lib/GUI.pm:289 #: ../lib/GUI.pm:289
msgid "Requests" msgid "Requests"
@ -1383,7 +1387,7 @@ msgid "if the corresponding certificate is still valid"
msgstr "om det korresponderande certifikatet är giltigt fortfarande" msgstr "om det korresponderande certifikatet är giltigt fortfarande"
#: ../lib/GUI.pm:2675 #: ../lib/GUI.pm:2675
msgid "The Certificate will be longer valid than your CA!" msgid "The certificate will be valid longer than its CA!"
msgstr "Certifikatet kommer vara giltigt längre än ditt CA!" msgstr "Certifikatet kommer vara giltigt längre än ditt CA!"
#: ../lib/GUI.pm:2677 #: ../lib/GUI.pm:2677

6
templates/openssl.cnf
View File

@ -15,7 +15,7 @@ RANDFILE = $dir/.rand
x509_extensions = client_cert x509_extensions = client_cert
default_days = 365 default_days = 365
default_crl_days= 30 default_crl_days= 30
default_md = sha1 default_md = sha256
preserve = no preserve = no
policy = policy_client policy = policy_client
@ -33,7 +33,7 @@ RANDFILE = $dir/.rand
x509_extensions = server_cert x509_extensions = server_cert
default_days = 365 default_days = 365
default_crl_days= 30 default_crl_days= 30
default_md = sha1 default_md = sha256
preserve = no preserve = no
policy = policy_server policy = policy_server
@ -51,7 +51,7 @@ RANDFILE = $dir/.rand
x509_extensions = v3_ca x509_extensions = v3_ca
default_days = 365 default_days = 365
default_crl_days= 30 default_crl_days= 30
default_md = sha1 default_md = sha256
preserve = no preserve = no
policy = policy_ca policy = policy_ca

13
tinyca2
View File

@ -85,8 +85,17 @@ if(not -d $init->{'templatedir'}) {
} }
# location for CA files # location for CA files
$init->{'basedir'} = $ENV{HOME}."/.TinyCA"; if( exists $ENV{'TINYCA_BASEDIR'}) {
$init->{'exportdir'} = $ENV{HOME}; $init->{'basedir'} = $ENV{'TINYCA_BASEDIR'}
} else {
$init->{'basedir'} = $ENV{HOME}."/.TinyCA";
}
if( exists $ENV{'TINYCA_EXPORTDIR'}) {
$init->{'exportdir'} = $ENV{'TINYCA_EXPORTDIR'};
} else {
$init->{'exportdir'} = $ENV{HOME};
}
umask(0077); umask(0077);