scepclient: Some code cleanup.
authorTobias Brunner <tobias@strongswan.org>
Fri, 4 May 2012 12:17:59 +0000 (14:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:09:19 +0000 (17:09 +0200)
src/scepclient/scep.c
src/scepclient/scep.h
src/scepclient/scepclient.c

index 29f6eab..45a079d 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file scep.c
- * @brief SCEP specific functions
- *
- * Contains functions to build SCEP request's and to parse SCEP reply's.
- */
-
 /*
  * Copyright (C) 2005 Jan Hutter, Martin Willi
  * Hochschule fuer Technik Rapperswil
 
 #include "scep.h"
 
-static const chunk_t ASN1_messageType_oid = chunk_from_chars(
-       0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
-);
-static const chunk_t ASN1_senderNonce_oid = chunk_from_chars(
-       0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
-);
-static const chunk_t ASN1_transId_oid = chunk_from_chars(
-       0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
-);
-
 static const char *pkiStatus_values[] = { "0", "2", "3" };
 
 static const char *pkiStatus_names[] = {
@@ -112,61 +95,65 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
 
        switch (oid)
        {
-       case OID_PKCS9_CONTENT_TYPE:
-               type = ASN1_OID;
-               name = "contentType";
-               break;
-       case OID_PKCS9_SIGNING_TIME:
-               type = ASN1_UTCTIME;
-               name = "signingTime";
-               break;
-       case OID_PKCS9_MESSAGE_DIGEST:
-               type = ASN1_OCTET_STRING;
-               name = "messageDigest";
-               break;
-       case OID_PKI_MESSAGE_TYPE:
-               type = ASN1_PRINTABLESTRING;
-               name = "messageType";
-               break;
-       case OID_PKI_STATUS:
-               type = ASN1_PRINTABLESTRING;
-               name = "pkiStatus";
-               break;
-       case OID_PKI_FAIL_INFO:
-               type = ASN1_PRINTABLESTRING;
-               name = "failInfo";
-               break;
-       case OID_PKI_SENDER_NONCE:
-               type = ASN1_OCTET_STRING;
-               name = "senderNonce";
-                break;
-       case OID_PKI_RECIPIENT_NONCE:
-               type = ASN1_OCTET_STRING;
-               name = "recipientNonce";
-               break;
-       case OID_PKI_TRANS_ID:
-               type = ASN1_PRINTABLESTRING;
-               name = "transID";
-               break;
-       default:
-               break;
+               case OID_PKCS9_CONTENT_TYPE:
+                       type = ASN1_OID;
+                       name = "contentType";
+                       break;
+               case OID_PKCS9_SIGNING_TIME:
+                       type = ASN1_UTCTIME;
+                       name = "signingTime";
+                       break;
+               case OID_PKCS9_MESSAGE_DIGEST:
+                       type = ASN1_OCTET_STRING;
+                       name = "messageDigest";
+                       break;
+               case OID_PKI_MESSAGE_TYPE:
+                       type = ASN1_PRINTABLESTRING;
+                       name = "messageType";
+                       break;
+               case OID_PKI_STATUS:
+                       type = ASN1_PRINTABLESTRING;
+                       name = "pkiStatus";
+                       break;
+               case OID_PKI_FAIL_INFO:
+                       type = ASN1_PRINTABLESTRING;
+                       name = "failInfo";
+                       break;
+               case OID_PKI_SENDER_NONCE:
+                       type = ASN1_OCTET_STRING;
+                       name = "senderNonce";
+                        break;
+               case OID_PKI_RECIPIENT_NONCE:
+                       type = ASN1_OCTET_STRING;
+                       name = "recipientNonce";
+                       break;
+               case OID_PKI_TRANS_ID:
+                       type = ASN1_PRINTABLESTRING;
+                       name = "transID";
+                       break;
+               default:
+                       break;
        }
 
        if (type == ASN1_EOC)
+       {
                return TRUE;
+       }
 
        if (!asn1_parse_simple_object(&object, type, level+1, name))
+       {
                return FALSE;
+       }
 
        switch (oid)
        {
-       case OID_PKCS9_CONTENT_TYPE:
-               break;
-       case OID_PKCS9_SIGNING_TIME:
-               break;
-       case OID_PKCS9_MESSAGE_DIGEST:
-               break;
-       case OID_PKI_MESSAGE_TYPE:
+               case OID_PKCS9_CONTENT_TYPE:
+                       break;
+               case OID_PKCS9_SIGNING_TIME:
+                       break;
+               case OID_PKCS9_MESSAGE_DIGEST:
+                       break;
+               case OID_PKI_MESSAGE_TYPE:
                {
                        scep_msg_t m;
 
@@ -178,39 +165,46 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
                        DBG(DBG_CONTROL,
                                DBG_log("messageType:  %s", msgType_names[attrs->msgType])
                        )
+                       break;
                }
-               break;
-       case OID_PKI_STATUS:
+               case OID_PKI_STATUS:
                {
                        pkiStatus_t s;
 
                        for (s = SCEP_SUCCESS; s < SCEP_UNKNOWN; s++)
                        {
                                if (strncmp(pkiStatus_values[s], object.ptr, object.len) == 0)
+                               {
                                        attrs->pkiStatus = s;
+                               }
                        }
                        DBG(DBG_CONTROL,
                                DBG_log("pkiStatus:    %s", pkiStatus_names[attrs->pkiStatus])
                        )
+                       break;
                }
-               break;
-       case OID_PKI_FAIL_INFO:
-               if (object.len == 1
-               && *object.ptr >= '0' && *object.ptr <= '4')
+               case OID_PKI_FAIL_INFO:
                {
-                       attrs->failInfo = (failInfo_t)(*object.ptr - '0');
+                       if (object.len == 1 &&
+                               *object.ptr >= '0' && *object.ptr <= '4')
+                       {
+                               attrs->failInfo = (failInfo_t)(*object.ptr - '0');
+                       }
+                       if (attrs->failInfo != SCEP_unknown_REASON)
+                       {
+                               plog("failInfo:     %s", failInfo_reasons[attrs->failInfo]);
+                       }
+                       break;
                }
-               if (attrs->failInfo != SCEP_unknown_REASON)
-                       plog("failInfo:     %s", failInfo_reasons[attrs->failInfo]);
-               break;
-       case OID_PKI_SENDER_NONCE:
-               attrs->senderNonce = object;
-               break;
-       case OID_PKI_RECIPIENT_NONCE:
-               attrs->recipientNonce = object;
-               break;
-       case OID_PKI_TRANS_ID:
-               attrs->transID = object;
+               case OID_PKI_SENDER_NONCE:
+                       attrs->senderNonce = object;
+                       break;
+               case OID_PKI_RECIPIENT_NONCE:
+                       attrs->recipientNonce = object;
+                       break;
+               case OID_PKI_TRANS_ID:
+                       attrs->transID = object;
+                       break;
        }
        return TRUE;
 }
@@ -235,13 +229,16 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
        {
                switch (objectID)
                {
-               case ATTRIBUTE_OBJ_TYPE:
-                       oid = asn1_known_oid(object);
-                       break;
-               case ATTRIBUTE_OBJ_VALUE:
-                       if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
+                       case ATTRIBUTE_OBJ_TYPE:
+                               oid = asn1_known_oid(object);
+                               break;
+                       case ATTRIBUTE_OBJ_VALUE:
                        {
-                               goto end;
+                               if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
+                               {
+                                       goto end;
+                               }
+                               break;
                        }
                }
        }
@@ -318,12 +315,10 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
  */
 chunk_t scep_transId_attribute(chunk_t transID)
 {
-       return asn1_wrap(ASN1_SEQUENCE, "cm"
-                               , ASN1_transId_oid
-                               , asn1_wrap(ASN1_SET, "m"
-                                       , asn1_simple_object(ASN1_PRINTABLESTRING, transID)
-                                 )
-                         );
+       return asn1_wrap(ASN1_SEQUENCE, "cm",
+                               asn1_build_known_oid(OID_PKI_TRANS_ID),
+                               asn1_wrap(ASN1_SET, "m",
+                                       asn1_simple_object(ASN1_PRINTABLESTRING, transID)));
 }
 
 /**
@@ -336,12 +331,10 @@ chunk_t scep_messageType_attribute(scep_msg_t m)
                strlen(msgType_values[m])
        };
 
-       return asn1_wrap(ASN1_SEQUENCE, "cm"
-                               , ASN1_messageType_oid
-                               , asn1_wrap(ASN1_SET, "m"
-                                       , asn1_simple_object(ASN1_PRINTABLESTRING, msgType)
-                                 )
-                         );
+       return asn1_wrap(ASN1_SEQUENCE, "mm",
+                               asn1_build_known_oid(OID_PKI_MESSAGE_TYPE),
+                               asn1_wrap(ASN1_SET, "m",
+                                       asn1_simple_object(ASN1_PRINTABLESTRING, msgType)));
 }
 
 /**
@@ -358,12 +351,10 @@ chunk_t scep_senderNonce_attribute(void)
        rng->get_bytes(rng, nonce_len, nonce_buf);
        rng->destroy(rng);
 
-       return asn1_wrap(ASN1_SEQUENCE, "cm"
-                               , ASN1_senderNonce_oid
-                               , asn1_wrap(ASN1_SET, "m"
-                                       , asn1_simple_object(ASN1_OCTET_STRING, senderNonce)
-                                 )
-                         );
+       return asn1_wrap(ASN1_SEQUENCE, "cm",
+                               asn1_build_known_oid(OID_PKI_SENDER_NONCE),
+                               asn1_wrap(ASN1_SET, "m",
+                                       asn1_simple_object(ASN1_OCTET_STRING, senderNonce)));
 }
 
 /**
@@ -378,16 +369,15 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
 
        envelopedData = pkcs7_build_envelopedData(data, enc_cert, enc_alg);
 
-       attributes = asn1_wrap(ASN1_SET, "mmmmm"
-                                       , pkcs7_contentType_attribute()
-                                       , pkcs7_messageDigest_attribute(envelopedData
-                                               , digest_alg)
-                                       , scep_transId_attribute(transID)
-                                       , scep_messageType_attribute(msg)
-                                       , scep_senderNonce_attribute());
+       attributes = asn1_wrap(ASN1_SET, "mmmmm",
+                                       pkcs7_contentType_attribute(),
+                                       pkcs7_messageDigest_attribute(envelopedData, digest_alg),
+                                       scep_transId_attribute(transID),
+                                       scep_messageType_attribute(msg),
+                                       scep_senderNonce_attribute());
 
-       request = pkcs7_build_signedData(envelopedData, attributes
-                                       , signer_cert, digest_alg, private_key);
+       request = pkcs7_build_signedData(envelopedData, attributes,
+                                                                        signer_cert, digest_alg, private_key);
        free(envelopedData.ptr);
        free(attributes.ptr);
        return request;
@@ -420,7 +410,9 @@ static char* escape_http_request(chunk_t req)
        while (*p1 != '\0')
        {
                if (*p1++ == '+')
+               {
                        plus++;
+               }
        }
 
        escaped_req = malloc(len + 3*(lines + plus));
@@ -513,8 +505,8 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
                /* form complete url */
                len = strlen(url) + 32 + strlen(operation) + 1;
                complete_url = malloc(len);
-               snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
-                               , url, operation);
+               snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier",
+                                url, operation);
 
                status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
                                                                         FETCH_END);
index f64c6b1..76bf210 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file scep.h
- * @brief SCEP specific functions
- *
- * Contains functions to build and parse SCEP requests and replies
- */
-
 /*
  * Copyright (C) 2005 Jan Hutter, Martin Willi
  * Hochschule fuer Technik Rapperswil
@@ -74,22 +67,22 @@ typedef struct {
 
 extern const scep_attributes_t empty_scep_attributes;
 
-extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
-extern void scep_generate_transaction_id(public_key_t *key,
-                                                                                chunk_t *transID,
-                                                                                chunk_t *serialNumber);
-extern chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
-extern chunk_t scep_transId_attribute(chunk_t transaction_id);
-extern chunk_t scep_messageType_attribute(scep_msg_t m);
-extern chunk_t scep_senderNonce_attribute(void);
-extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
-                                                                 certificate_t *enc_cert, int enc_alg,
-                                                                 certificate_t *signer_cert, int digest_alg,
-                                                                 private_key_t *private_key);
-extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
+bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
+void scep_generate_transaction_id(public_key_t *key,
+                                                                 chunk_t *transID,
+                                                                 chunk_t *serialNumber);
+chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
+chunk_t scep_transId_attribute(chunk_t transaction_id);
+chunk_t scep_messageType_attribute(scep_msg_t m);
+chunk_t scep_senderNonce_attribute(void);
+chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
+                                                  certificate_t *enc_cert, int enc_alg,
+                                                  certificate_t *signer_cert, int digest_alg,
+                                                  private_key_t *private_key);
+bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
                                                          bool http_get_request, chunk_t *response);
-extern err_t scep_parse_response(chunk_t response, chunk_t transID,
-                                                                contentInfo_t *data, scep_attributes_t *attrs,
-                                                                certificate_t *signer_cert);
+err_t scep_parse_response(chunk_t response, chunk_t transID,
+                                                 contentInfo_t *data, scep_attributes_t *attrs,
+                                                 certificate_t *signer_cert);
 
 #endif /* _SCEP_H */
index 0b54eee..44c0786 100644 (file)
  * for more details.
  */
 
-/**
- * @file main.c
- * @brief scepclient main program
- */
-
-/**
- * @mainpage SCEP for Linux strongSwan
- *
- * Documentation of SCEP for Linux StrongSwan
- */
-
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -153,8 +142,7 @@ certificate_t *pkcs10_req      = NULL;
  *
  * @param status 0 = OK, 1 = general discomfort
  */
-static void
-exit_scepclient(err_t message, ...)
+static void exit_scepclient(err_t message, ...)
 {
        int status = 0;
 
@@ -201,8 +189,7 @@ exit_scepclient(err_t message, ...)
  * @brief prints the program version and exits
  *
  */
-static void
-version(void)
+static void version(void)
 {
        printf("scepclient %s\n", scepclient_version);
        exit_scepclient(NULL);
@@ -214,8 +201,7 @@ version(void)
  * If message is set, program is exitet with 1 (error)
  * @param message message in case of an error
  */
-static void
-usage(const char *message)
+static void usage(const char *message)
 {
        fprintf(stderr,
                "Usage: scepclient\n"
@@ -429,20 +415,20 @@ int main(int argc, char **argv)
 
                switch (c)
                {
-               case EOF:       /* end of flags */
-                       break;
+                       case EOF:       /* end of flags */
+                               break;
 
-               case 'h':       /* --help */
-                       usage(NULL);
+                       case 'h':       /* --help */
+                               usage(NULL);
 
-               case 'v':       /* --version */
-                       version();
+                       case 'v':       /* --version */
+                               version();
 
-               case 'q':       /* --quiet */
-                       log_to_stderr = FALSE;
-                       continue;
+                       case 'q':       /* --quiet */
+                               log_to_stderr = FALSE;
+                               continue;
 
-               case 'i':       /* --in <type> [= <filename>] */
+                       case 'i':       /* --in <type> [= <filename>] */
                        {
                                char *filename = strstr(optarg, "=");
 
@@ -478,7 +464,7 @@ int main(int argc, char **argv)
                                continue;
                        }
 
-               case 'o':       /* --out <type> [= <filename>] */
+                       case 'o':       /* --out <type> [= <filename>] */
                        {
                                char *filename = strstr(optarg, "=");
 
@@ -532,18 +518,18 @@ int main(int argc, char **argv)
                                continue;
                        }
 
-               case 'f':       /* --force */
-                       force = TRUE;
-                       continue;
+                       case 'f':       /* --force */
+                               force = TRUE;
+                               continue;
 
-               case '+':       /* --optionsfrom <filename> */
-                       if (!options->from(options, optarg, &argc, &argv, optind))
-                       {
-                               exit_scepclient("optionsfrom failed");
-                       }
-                       continue;
+                       case '+':       /* --optionsfrom <filename> */
+                               if (!options->from(options, optarg, &argc, &argv, optind))
+                               {
+                                       exit_scepclient("optionsfrom failed");
+                               }
+                               continue;
 
-               case 'k':        /* --keylength <length> */
+                       case 'k':        /* --keylength <length> */
                        {
                                div_t q;
 
@@ -561,45 +547,56 @@ int main(int argc, char **argv)
                                continue;
                        }
 
-               case 'D':       /* --days */
-                       if (optarg == NULL || !isdigit(optarg[0]))
-                               usage("missing number of days");
-                       {
-                               char *endptr;
-                               long days = strtol(optarg, &endptr, 0);
+                       case 'D':       /* --days */
+                               if (optarg == NULL || !isdigit(optarg[0]))
+                               {
+                                       usage("missing number of days");
+                               }
+                               else
+                               {
+                                       char *endptr;
+                                       long days = strtol(optarg, &endptr, 0);
 
-                               if (*endptr != '\0' || endptr == optarg
-                               || days <= 0)
-                                       usage("<days> must be a positive number");
-                               validity = 24*3600*days;
-                       }
-                       continue;
+                                       if (*endptr != '\0' || endptr == optarg
+                                       || days <= 0)
+                                               usage("<days> must be a positive number");
+                                       validity = 24*3600*days;
+                               }
+                               continue;
 
-               case 'S':       /* --startdate */
-                       if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
-                               usage("date format must be YYMMDDHHMMSSZ");
-                       {
-                               chunk_t date = { optarg, 13 };
-                               notBefore = asn1_to_time(&date, ASN1_UTCTIME);
-                       }
-                       continue;
+                       case 'S':       /* --startdate */
+                               if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
+                               {
+                                       usage("date format must be YYMMDDHHMMSSZ");
+                               }
+                               else
+                               {
+                                       chunk_t date = { optarg, 13 };
+                                       notBefore = asn1_to_time(&date, ASN1_UTCTIME);
+                               }
+                               continue;
 
-               case 'E':       /* --enddate */
-                       if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
-                               usage("date format must be YYMMDDHHMMSSZ");
-                       {
-                               chunk_t date = { optarg, 13 };
-                               notAfter = asn1_to_time(&date, ASN1_UTCTIME);
-                       }
-                       continue;
+                       case 'E':       /* --enddate */
+                               if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
+                               {
+                                       usage("date format must be YYMMDDHHMMSSZ");
+                               }
+                               else
+                               {
+                                       chunk_t date = { optarg, 13 };
+                                       notAfter = asn1_to_time(&date, ASN1_UTCTIME);
+                               }
+                               continue;
 
-               case 'd':       /* --dn */
-                       if (distinguishedName)
-                               usage("only one distinguished name allowed");
-                       distinguishedName = optarg;
-                       continue;
+                       case 'd':       /* --dn */
+                               if (distinguishedName)
+                               {
+                                       usage("only one distinguished name allowed");
+                               }
+                               distinguishedName = optarg;
+                               continue;
 
-               case 's':       /* --subjectAltName */
+                       case 's':       /* --subjectAltName */
                        {
                                char *value = strstr(optarg, "=");
 
@@ -612,7 +609,7 @@ int main(int argc, char **argv)
                                }
 
                                if (strcaseeq("email", optarg) ||
-                                       strcaseeq("dns", optarg)   ||
+                                       strcaseeq("dns", optarg) ||
                                        strcaseeq("ip", optarg))
                                {
                                        subjectAltNames->insert_last(subjectAltNames,
@@ -626,106 +623,107 @@ int main(int argc, char **argv)
                                }
                        }
 
-               case 'p':       /* --password */
-                       if (challengePassword.len > 0)
-                       {
-                               usage("only one challenge password allowed");
-                       }
-                       if (strcaseeq("%prompt", optarg))
-                       {
-                               printf("Challenge password: ");
-                               if (fgets(challenge_password_buffer, sizeof(challenge_password_buffer)-1, stdin))
+                       case 'p':       /* --password */
+                               if (challengePassword.len > 0)
+                               {
+                                       usage("only one challenge password allowed");
+                               }
+                               if (strcaseeq("%prompt", optarg))
                                {
-                                       challengePassword.ptr = challenge_password_buffer;
-                                       /* discard the terminating '\n' from the input */
-                                       challengePassword.len = strlen(challenge_password_buffer) - 1;
+                                       printf("Challenge password: ");
+                                       if (fgets(challenge_password_buffer,
+                                                       sizeof(challenge_password_buffer) - 1, stdin))
+                                       {
+                                               challengePassword.ptr = challenge_password_buffer;
+                                               /* discard the terminating '\n' from the input */
+                                               challengePassword.len = strlen(challenge_password_buffer) - 1;
+                                       }
+                                       else
+                                       {
+                                               usage("challenge password could not be read");
+                                       }
                                }
                                else
                                {
-                                       usage("challenge password could not be read");
+                                       challengePassword.ptr = optarg;
+                                       challengePassword.len = strlen(optarg);
                                }
-                       }
-                       else
-                       {
-                               challengePassword.ptr = optarg;
-                               challengePassword.len = strlen(optarg);
-                       }
-                       continue;
-
-               case 'u':       /* -- url */
-                       if (scep_url)
-                       {
-                               usage("only one URL argument allowed");
-                       }
-                       scep_url = optarg;
-                       continue;
+                               continue;
 
-               case 'm':       /* --method */
-                       if (strcaseeq("get", optarg))
-                       {
-                               http_get_request = TRUE;
-                       }
-                       else if (strcaseeq("post", optarg))
-                       {
-                               http_get_request = FALSE;
-                       }
-                       else
-                       {
-                               usage("invalid http request method specified");
-                       }
-                       continue;
+                       case 'u':       /* -- url */
+                               if (scep_url)
+                               {
+                                       usage("only one URL argument allowed");
+                               }
+                               scep_url = optarg;
+                               continue;
 
-               case 't':       /* --interval */
-                       poll_interval = atoi(optarg);
-                       if (poll_interval <= 0)
-                       {
-                               usage("invalid interval specified");
-                       }
-                       continue;
+                       case 'm':       /* --method */
+                               if (strcaseeq("get", optarg))
+                               {
+                                       http_get_request = TRUE;
+                               }
+                               else if (strcaseeq("post", optarg))
+                               {
+                                       http_get_request = FALSE;
+                               }
+                               else
+                               {
+                                       usage("invalid http request method specified");
+                               }
+                               continue;
 
-               case 'x':       /* --maxpolltime */
-                       max_poll_time = atoi(optarg);
-                       continue;
+                       case 't':       /* --interval */
+                               poll_interval = atoi(optarg);
+                               if (poll_interval <= 0)
+                               {
+                                       usage("invalid interval specified");
+                               }
+                               continue;
 
-               case 'a':       /*--algorithm */
-               {
-                       const proposal_token_t *token;
+                       case 'x':       /* --maxpolltime */
+                               max_poll_time = atoi(optarg);
+                               continue;
 
-                       token = proposal_get_token(optarg, strlen(optarg));
-                       if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
-                       {
-                               usage("invalid algorithm specified");
-                       }
-                       pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
-                                                                               token->algorithm, token->keysize);
-                       if (pkcs7_symmetric_cipher == OID_UNKNOWN)
+                       case 'a':       /*--algorithm */
                        {
-                               usage("unsupported encryption algorithm specified");
+                               const proposal_token_t *token;
+
+                               token = proposal_get_token(optarg, strlen(optarg));
+                               if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
+                               {
+                                       usage("invalid algorithm specified");
+                               }
+                               pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
+                                                                                       token->algorithm, token->keysize);
+                               if (pkcs7_symmetric_cipher == OID_UNKNOWN)
+                               {
+                                       usage("unsupported encryption algorithm specified");
+                               }
+                               continue;
                        }
-                       continue;
-               }
 #ifdef DEBUG
-               case 'A':       /* --debug-all */
-                       base_debugging |= DBG_ALL;
-                       continue;
-               case 'P':       /* debug parsing */
-                       base_debugging |= DBG_PARSING;
-                       continue;
-               case 'R':       /* debug raw */
-                       base_debugging |= DBG_RAW;
-                       continue;
-               case 'C':       /* debug control */
-                       base_debugging |= DBG_CONTROL;
-                       continue;
-               case 'M':       /* debug control more */
-                       base_debugging |= DBG_CONTROLMORE;
-                       continue;
-               case 'X':       /* debug private */
-                       base_debugging |= DBG_PRIVATE;
-                       continue;
+                       case 'A':       /* --debug-all */
+                               base_debugging |= DBG_ALL;
+                               continue;
+                       case 'P':       /* debug parsing */
+                               base_debugging |= DBG_PARSING;
+                               continue;
+                       case 'R':       /* debug raw */
+                               base_debugging |= DBG_RAW;
+                               continue;
+                       case 'C':       /* debug control */
+                               base_debugging |= DBG_CONTROL;
+                               continue;
+                       case 'M':       /* debug control more */
+                               base_debugging |= DBG_CONTROLMORE;
+                               continue;
+                       case 'X':       /* debug private */
+                               base_debugging |= DBG_PRIVATE;
+                               continue;
 #endif
-               default:
-                       usage("unknown option");
+                       default:
+                               usage("unknown option");
                }
                /* break from loop */
                break;
@@ -807,8 +805,8 @@ int main(int argc, char **argv)
        /* check for minimum key length */
        if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
        {
-               exit_scepclient("length of RSA key has to be at least %d bits"
-                       ,RSA_MIN_OCTETS * BITS_PER_BYTE);
+               exit_scepclient("length of RSA key has to be at least %d bits",
+                                               RSA_MIN_OCTETS * BITS_PER_BYTE);
        }
 
        /*
@@ -853,13 +851,13 @@ int main(int argc, char **argv)
                        DBG_log("building pkcs10 object:")
                )
                pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
-                                               CERT_PKCS10_REQUEST,
-                                               BUILD_SIGNING_KEY, private_key,
-                                               BUILD_SUBJECT, subject,
-                                               BUILD_SUBJECT_ALTNAMES, subjectAltNames,
-                                               BUILD_CHALLENGE_PWD, challengePassword,
-                                               BUILD_DIGEST_ALG, pkcs10_signature_alg,
-                                               BUILD_END);
+                                                                               CERT_PKCS10_REQUEST,
+                                                                               BUILD_SIGNING_KEY, private_key,
+                                                                               BUILD_SUBJECT, subject,
+                                                                               BUILD_SUBJECT_ALTNAMES, subjectAltNames,
+                                                                               BUILD_CHALLENGE_PWD, challengePassword,
+                                                                               BUILD_DIGEST_ALG, pkcs10_signature_alg,
+                                                                               BUILD_END);
                if (!pkcs10_req)
                {
                        exit_scepclient("generating pkcs10 request failed");
@@ -919,14 +917,14 @@ int main(int argc, char **argv)
 
        /* generate a self-signed X.509 certificate */
        x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-                                               BUILD_SIGNING_KEY, private_key,
-                                               BUILD_PUBLIC_KEY, public_key,
-                                               BUILD_SUBJECT, subject,
-                                               BUILD_NOT_BEFORE_TIME, notBefore,
-                                               BUILD_NOT_AFTER_TIME, notAfter,
-                                               BUILD_SERIAL, serialNumber,
-                                               BUILD_SUBJECT_ALTNAMES, subjectAltNames,
-                                               BUILD_END);
+                                                                        BUILD_SIGNING_KEY, private_key,
+                                                                        BUILD_PUBLIC_KEY, public_key,
+                                                                        BUILD_SUBJECT, subject,
+                                                                        BUILD_NOT_BEFORE_TIME, notBefore,
+                                                                        BUILD_NOT_AFTER_TIME, notAfter,
+                                                                        BUILD_SERIAL, serialNumber,
+                                                                        BUILD_SUBJECT_ALTNAMES, subjectAltNames,
+                                                                        BUILD_END);
        if (!x509_signer)
        {
                exit_scepclient("generating certificate failed");
@@ -989,9 +987,9 @@ int main(int argc, char **argv)
                        DBG_log("building pkcs7 request")
                )
                pkcs7 = scep_build_request(pkcs10_encoding,
-                                               transID, SCEP_PKCSReq_MSG,
-                                               x509_ca_enc, pkcs7_symmetric_cipher,
-                                               x509_signer, pkcs7_digest_alg, private_key);
+                                                                  transID, SCEP_PKCSReq_MSG,
+                                                                  x509_ca_enc, pkcs7_symmetric_cipher,
+                                                                  x509_signer, pkcs7_digest_alg, private_key);
        }
 
        /*
@@ -1002,8 +1000,9 @@ int main(int argc, char **argv)
                char *path = concatenate_paths(REQ_PATH, file_out_pkcs7);
 
                if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
+               {
                        exit_scepclient("could not write pkcs7 file '%s'", path);
-;
+               }
                filetype_out &= ~PKCS7;   /* delete PKCS7 flag */
        }
 
@@ -1037,12 +1036,12 @@ int main(int argc, char **argv)
                }
 
                if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION,
-                       http_get_request, &scep_response))
+                               http_get_request, &scep_response))
                {
                        exit_scepclient("did not receive a valid scep response");
                }
-               ugh = scep_parse_response(scep_response, transID, &data, &attrs
-                                                                , x509_ca_sig);
+               ugh = scep_parse_response(scep_response, transID, &data, &attrs,
+                                                                 x509_ca_sig);
                if (ugh != NULL)
                {
                        exit_scepclient(ugh);
@@ -1053,8 +1052,8 @@ int main(int argc, char **argv)
                {
                        identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig);
 
-                       plog("  scep request pending, polling every %d seconds"
-                               , poll_interval);
+                       plog("  scep request pending, polling every %d seconds",
+                                poll_interval);
                        poll_start = time_monotonic(NULL);
                        issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc",
                                                                        issuer->get_encoding(issuer),
@@ -1062,8 +1061,8 @@ int main(int argc, char **argv)
                }
                while (attrs.pkiStatus == SCEP_PENDING)
                {
-                       if (max_poll_time > 0
-                       && (time_monotonic(NULL) - poll_start >= max_poll_time))
+                       if (max_poll_time > 0 &&
+                               (time_monotonic(NULL) - poll_start >= max_poll_time))
                        {
                                exit_scepclient("maximum poll time reached: %d seconds"
                                                           , max_poll_time);
@@ -1080,18 +1079,18 @@ int main(int argc, char **argv)
                        )
 
                        chunk_free(&getCertInitial);
-                       getCertInitial = scep_build_request(issuerAndSubject
-                                                               , transID, SCEP_GetCertInitial_MSG
-                                                               , x509_ca_enc, pkcs7_symmetric_cipher
-                                                               , x509_signer, pkcs7_digest_alg, private_key);
+                       getCertInitial = scep_build_request(issuerAndSubject,
+                                                                       transID, SCEP_GetCertInitial_MSG,
+                                                                       x509_ca_enc, pkcs7_symmetric_cipher,
+                                                                       x509_signer, pkcs7_digest_alg, private_key);
 
                        if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION,
                                http_get_request, &scep_response))
                        {
                                exit_scepclient("did not receive a valid scep response");
                        }
-                       ugh = scep_parse_response(scep_response, transID, &data, &attrs
-                                                                        , x509_ca_sig);
+                       ugh = scep_parse_response(scep_response, transID, &data, &attrs,
+                                                                         x509_ca_sig);
                        if (ugh != NULL)
                        {
                                exit_scepclient(ugh);
@@ -1105,13 +1104,13 @@ int main(int argc, char **argv)
 
                envelopedData = data.content;
 
-               if (data.type != OID_PKCS7_DATA
-               || !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
+               if (data.type != OID_PKCS7_DATA ||
+                       !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
                {
                        exit_scepclient("contentInfo is not of type 'data'");
                }
-               if (!pkcs7_parse_envelopedData(envelopedData, &certData
-                       , serialNumber, private_key))
+               if (!pkcs7_parse_envelopedData(envelopedData, &certData,
+                               serialNumber, private_key))
                {
                        exit_scepclient("could not decrypt envelopedData");
                }