pki: Added ocsp-req and ocsp-rsp types to pki --print

src/libstrongswan/credentials/certificates/certificate_printer.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2022 Andreas Steffen
+ * Copyright (C) 2015-2023 Andreas Steffen
  * Copyright (C) 2010 Martin Willi
  *
  * Copyright (C) secunet Security Networks AG
@@ -19,6 +19,7 @@
 #include "credentials/certificates/x509.h"
 #include "credentials/certificates/crl.h"
 #include "credentials/certificates/ac.h"
+#include "credentials/certificates/ocsp_request.h"
 #include "credentials/certificates/ocsp_response.h"
 #include "credentials/certificates/pgp_certificate.h"
 
@@ -474,6 +475,36 @@ static void print_ac(private_certificate_printer_t *this, ac_t *ac)
 	}
 }
 
+/**
+ * Print OCSP request specific information
+ */
+static void print_ocsp_request(private_certificate_printer_t *this,
+							   ocsp_request_t *ocsp_request)
+{
+	enumerator_t *enumerator;
+	chunk_t nonce, issuerNameHash, issuerKeyHash, serialNumber;
+	hash_algorithm_t hashAlgorithm;
+	FILE *f = this->f;
+
+	nonce = ocsp_request->get_nonce(ocsp_request);
+	fprintf(f, "  nonce:     %#B\n", &nonce);
+
+	enumerator = ocsp_request->create_request_enumerator(ocsp_request);
+	while (enumerator->enumerate(enumerator, &hashAlgorithm, &issuerNameHash,
+											 &issuerKeyHash, &serialNumber))
+	{
+		fprintf(f, "  serial:    %#B\n", &serialNumber);
+		fprintf(f, "  issuer:    keyHash:  %#B\n", &issuerKeyHash);
+		fprintf(f, "             nameHash: %#B\n", &issuerNameHash);
+		if (hashAlgorithm != HASH_SHA1)
+		{
+			fprintf(f, "             hashAlg:  %#N\n",
+									 hash_algorithm_short_names, hashAlgorithm);
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
 /**
  * Print OCSP response specific information
  */
@@ -576,7 +607,8 @@ METHOD(certificate_printer_t, print, void,
 	{
 		fprintf(f, "  subject:  \"%Y\"\n", subject);
 	}
-	if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG)
+	if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG &&
+		type != CERT_X509_OCSP_REQUEST)
 	{
 		fprintf(f, "  issuer:   \"%Y\"\n", cert->get_issuer(cert));
 	}
@@ -637,6 +669,9 @@ METHOD(certificate_printer_t, print, void,
 		case CERT_X509_AC:
 			print_ac(this, (ac_t*)cert);
 			break;
+		case CERT_X509_OCSP_REQUEST:
+			print_ocsp_request(this, (ocsp_request_t*)cert);
+			break;
 		case CERT_X509_OCSP_RESPONSE:
 			print_ocsp_response(this, (ocsp_response_t*)cert);
 			break;
@@ -694,6 +729,9 @@ METHOD(certificate_printer_t, print_caption, void,
 			case CERT_X509_CRL:
 				caption = "X.509 CRL";
 				break;
+			case CERT_X509_OCSP_REQUEST:
+				caption = "OCSP Request";
+				break;
 			case CERT_X509_OCSP_RESPONSE:
 				caption = "OCSP Response";
 				break;

src/pki/commands/print.c

@@ -124,6 +124,16 @@ static int print()
 					type = CRED_PRIVATE_KEY;
 					subtype = KEY_BLISS;
 				}
+				else if (streq(arg, "ocsp-req"))
+				{
+					type = CRED_CERTIFICATE;
+					subtype = CERT_X509_OCSP_REQUEST;
+				}
+				else if (streq(arg, "ocsp-rsp"))
+				{
+					type = CRED_CERTIFICATE;
+					subtype = CERT_X509_OCSP_RESPONSE;
+				}
 				else
 				{
 					return command_usage( "invalid input type");
@@ -202,7 +212,7 @@ static void __attribute__ ((constructor))reg()
 		{ print, 'a', "print",
 		"print a credential in a human readable form",
 		{"[--in file|--keyid hex]",
-		 "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss]"},
+		 "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss|ocsp-req|ocsp-rsp]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "input file, default: stdin"},

src/pki/man/pki---print.1.in

@@ -54,7 +54,8 @@ Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
 Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
 \fIpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
 private key), \fIed25519\fR (Ed25519 private key), \fIed448\fR (Ed448 private
-key), \fIbliss\fR (BLISS private key), defaults to \fIx509\fR.
+key), \fIbliss\fR (BLISS private key), \fIocsp-req\fR (OCSP request),
+\fIocsp-rsp\fR (OCSP response), defaults to \fIx509\fR.
 .
 .SH "SEE ALSO"
 .