sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

pki: Extend pki --print with --keyid parameter

Browse Source
This commit is contained in:
Andreas Steffen 2017-12-10 19:31:10 +01:00
parent acfd590ab6
commit 3e7a19bfa9
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/pki/commands/print.c
View File

@ -60,7 +60,8 @@ static int print()
credential_type_t type = CRED_CERTIFICATE; credential_type_t type = CRED_CERTIFICATE;
int subtype = CERT_X509; int subtype = CERT_X509;
void *cred; void *cred;
char *arg, *file = NULL; char *arg, *file = NULL, *keyid = NULL;
chunk_t chunk;
while (TRUE) while (TRUE)
{ {
@ -126,6 +127,9 @@ static int print()
case 'i': case 'i':
file = arg; file = arg;
continue; continue;
case 'x':
keyid = arg;
continue;
case EOF: case EOF:
break; break;
default: default:
@ -133,15 +137,20 @@ static int print()
} }
break; break;
} }
if (file) if (keyid)
{
chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_PKCS11_KEYID, chunk, BUILD_END);
free(chunk.ptr);
}
else if (file)
{ {
cred = lib->creds->create(lib->creds, type, subtype, cred = lib->creds->create(lib->creds, type, subtype,
BUILD_FROM_FILE, file, BUILD_END); BUILD_FROM_FILE, file, BUILD_END);
} }
else else
{ {
chunk_t chunk;
set_file_mode(stdin, CERT_ASN1_DER); set_file_mode(stdin, CERT_ASN1_DER);
if (!chunk_from_fd(0, &chunk)) if (!chunk_from_fd(0, &chunk))
{ {
@ -187,10 +196,12 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) command_register((command_t)
{ print, 'a', "print", { print, 'a', "print",
"print a credential in a human readable form", "print a credential in a human readable form",
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"}, {"[--in file|--keyid hex] "
"[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"},
{ {
{"help", 'h', 0, "show usage information"}, {"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"}, {"in", 'i', 1, "input file, default: stdin"},
{"keyid", 'x', 1, "smartcard or TPM object handle"},
{"type", 't', 1, "type of credential, default: x509"}, {"type", 't', 1, "type of credential, default: x509"},
} }
}); });

8
src/pki/man/pki---print.1.in
View File

@ -7,7 +7,9 @@ pki \-\-print \- Print a credential (key, certificate etc.) in human readable fo
.SH "SYNOPSIS" .SH "SYNOPSIS"
. .
.SY pki\ \-\-print .SY pki\ \-\-print
.OP \-\-in file .RB [ \-\-in
.IR file | \fB\-\-keyid\fR
.IR hex ]
.OP \-\-type type .OP \-\-type type
.OP \-\-debug level .OP \-\-debug level
.YS .YS
@ -43,6 +45,10 @@ Read command line options from \fIfile\fR.
.BI "\-i, \-\-in " file .BI "\-i, \-\-in " file
Input file. If not given the input is read from \fISTDIN\fR. Input file. If not given the input is read from \fISTDIN\fR.
.TP .TP
.BI "\-x, \-\-keyid " hex
Smartcard or TPM private key or certificate object handle in hex format with
an optional 0x prefix.
.TP
.BI "\-t, \-\-type " type .BI "\-t, \-\-type " type
Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key), Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),