Annotation of embedaddon/strongswan/src/swanctl/commands/list_certs.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2014 Martin Willi
! 3: * Copyright (C) 2014 revosec AG
! 4: *
! 5: * Copyright (C) 2015 Andreas Steffen
! 6: * HSR Hochschule fuer Technik Rapperswil
! 7: *
! 8: * This program is free software; you can redistribute it and/or modify it
! 9: * under the terms of the GNU General Public License as published by the
! 10: * Free Software Foundation; either version 2 of the License, or (at your
! 11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 12: *
! 13: * This program is distributed in the hope that it will be useful, but
! 14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 16: * for more details.
! 17: */
! 18:
! 19: #define _GNU_SOURCE
! 20: #include <stdio.h>
! 21: #include <errno.h>
! 22: #include <time.h>
! 23:
! 24: #include <asn1/asn1.h>
! 25: #include <asn1/oid.h>
! 26: #include <credentials/certificates/certificate.h>
! 27: #include <credentials/certificates/certificate_printer.h>
! 28: #include <selectors/traffic_selector.h>
! 29:
! 30: #include "command.h"
! 31:
! 32: /**
! 33: * Static certificate printer object
! 34: */
! 35: static certificate_printer_t *cert_printer = NULL;
! 36:
! 37: /**
! 38: * Print PEM encoding of a certificate
! 39: */
! 40: static void print_pem(certificate_t *cert)
! 41: {
! 42: chunk_t encoding;
! 43:
! 44: if (cert->get_encoding(cert, CERT_PEM, &encoding))
! 45: {
! 46: printf("%.*s", (int)encoding.len, encoding.ptr);
! 47: free(encoding.ptr);
! 48: }
! 49: else
! 50: {
! 51: fprintf(stderr, "PEM encoding certificate failed\n");
! 52: }
! 53: }
! 54:
! 55: CALLBACK(list_cb, void,
! 56: command_format_options_t *format, char *name, vici_res_t *res)
! 57: {
! 58: certificate_t *cert;
! 59: certificate_type_t type;
! 60: x509_flag_t flag = X509_NONE;
! 61: identification_t *subject = NULL;
! 62: time_t not_before = UNDEFINED_TIME;
! 63: time_t not_after = UNDEFINED_TIME;
! 64: chunk_t t_ch;
! 65: bool has_privkey;
! 66: char *str;
! 67: void *buf;
! 68: int len;
! 69:
! 70: if (*format & COMMAND_FORMAT_RAW)
! 71: {
! 72: vici_dump(res, "list-cert event", *format & COMMAND_FORMAT_PRETTY,
! 73: stdout);
! 74: return;
! 75: }
! 76:
! 77: buf = vici_find(res, &len, "data");
! 78: if (!buf)
! 79: {
! 80: fprintf(stderr, "received incomplete certificate data\n");
! 81: return;
! 82: }
! 83: has_privkey = streq(vici_find_str(res, "no", "has_privkey"), "yes");
! 84:
! 85: str = vici_find_str(res, "ANY", "type");
! 86: if (!enum_from_name(certificate_type_names, str, &type) || type == CERT_ANY)
! 87: {
! 88: fprintf(stderr, "unsupported certificate type '%s'\n", str);
! 89: return;
! 90: }
! 91: if (type == CERT_X509)
! 92: {
! 93: str = vici_find_str(res, "ANY", "flag");
! 94: if (!enum_from_name(x509_flag_names, str, &flag) || flag == X509_ANY)
! 95: {
! 96: fprintf(stderr, "unsupported certificate flag '%s'\n", str);
! 97: return;
! 98: }
! 99: }
! 100: if (type == CERT_TRUSTED_PUBKEY)
! 101: {
! 102: str = vici_find_str(res, NULL, "subject");
! 103: if (str)
! 104: {
! 105: subject = identification_create_from_string(str);
! 106: }
! 107: str = vici_find_str(res, NULL, "not-before");
! 108: if (str)
! 109: {
! 110: t_ch = chunk_from_str(str);
! 111: not_before = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
! 112: }
! 113: str = vici_find_str(res, NULL, "not-after");
! 114: if (str)
! 115: {
! 116: t_ch = chunk_from_str(str);
! 117: not_after = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
! 118: }
! 119: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
! 120: BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
! 121: BUILD_NOT_BEFORE_TIME, not_before,
! 122: BUILD_NOT_AFTER_TIME, not_after,
! 123: BUILD_SUBJECT, subject, BUILD_END);
! 124: DESTROY_IF(subject);
! 125: }
! 126: else
! 127: {
! 128: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
! 129: BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
! 130: BUILD_END);
! 131: }
! 132: if (cert)
! 133: {
! 134: if (*format & COMMAND_FORMAT_PEM)
! 135: {
! 136: print_pem(cert);
! 137: }
! 138: else
! 139: {
! 140: cert_printer->print_caption(cert_printer, type, flag);
! 141: cert_printer->print(cert_printer, cert, has_privkey);
! 142: }
! 143: cert->destroy(cert);
! 144: }
! 145: else
! 146: {
! 147: fprintf(stderr, "parsing certificate failed\n");
! 148: }
! 149: }
! 150:
! 151: static int list_certs(vici_conn_t *conn)
! 152: {
! 153: vici_req_t *req;
! 154: vici_res_t *res;
! 155: command_format_options_t format = COMMAND_FORMAT_NONE;
! 156: char *arg, *subject = NULL, *type = NULL, *flag = NULL;
! 157: bool detailed = TRUE, utc = FALSE;
! 158: int ret;
! 159:
! 160: while (TRUE)
! 161: {
! 162: switch (command_getopt(&arg))
! 163: {
! 164: case 'h':
! 165: return command_usage(NULL);
! 166: case 's':
! 167: subject = arg;
! 168: continue;
! 169: case 't':
! 170: type = arg;
! 171: continue;
! 172: case 'f':
! 173: flag = arg;
! 174: continue;
! 175: case 'p':
! 176: format |= COMMAND_FORMAT_PEM;
! 177: continue;
! 178: case 'P':
! 179: format |= COMMAND_FORMAT_PRETTY;
! 180: /* fall through to raw */
! 181: case 'r':
! 182: format |= COMMAND_FORMAT_RAW;
! 183: continue;
! 184: case 'S':
! 185: detailed = FALSE;
! 186: continue;
! 187: case 'U':
! 188: utc = TRUE;
! 189: continue;
! 190: case EOF:
! 191: break;
! 192: default:
! 193: return command_usage("invalid --list-certs option");
! 194: }
! 195: break;
! 196: }
! 197: if (vici_register(conn, "list-cert", list_cb, &format) != 0)
! 198: {
! 199: ret = errno;
! 200: fprintf(stderr, "registering for certificates failed: %s\n",
! 201: strerror(errno));
! 202: return ret;
! 203: }
! 204: req = vici_begin("list-certs");
! 205:
! 206: if (type)
! 207: {
! 208: vici_add_key_valuef(req, "type", "%s", type);
! 209: }
! 210: if (flag)
! 211: {
! 212: vici_add_key_valuef(req, "flag", "%s", flag);
! 213: }
! 214: if (subject)
! 215: {
! 216: vici_add_key_valuef(req, "subject", "%s", subject);
! 217: }
! 218: cert_printer = certificate_printer_create(stdout, detailed, utc);
! 219:
! 220: res = vici_submit(req, conn);
! 221: if (!res)
! 222: {
! 223: ret = errno;
! 224: fprintf(stderr, "list-certs request failed: %s\n", strerror(errno));
! 225: cert_printer->destroy(cert_printer);
! 226: cert_printer = NULL;
! 227: return ret;
! 228: }
! 229: if (format & COMMAND_FORMAT_RAW)
! 230: {
! 231: vici_dump(res, "list-certs reply", format & COMMAND_FORMAT_PRETTY,
! 232: stdout);
! 233: }
! 234: vici_free_res(res);
! 235:
! 236: cert_printer->destroy(cert_printer);
! 237: cert_printer = NULL;
! 238: return 0;
! 239: }
! 240:
! 241: /**
! 242: * Register the command.
! 243: */
! 244: static void __attribute__ ((constructor))reg()
! 245: {
! 246: command_register((command_t) {
! 247: list_certs, 'x', "list-certs", "list stored certificates",
! 248: {"[--subject <dn/san>] [--pem]",
! 249: "[--type x509|x509_ac|x509_crl|ocsp_response|pubkey]",
! 250: "[--flag none|ca|aa|ocsp|any] [--raw|--pretty|--short|--utc]"},
! 251: {
! 252: {"help", 'h', 0, "show usage information"},
! 253: {"subject", 's', 1, "filter by certificate subject"},
! 254: {"type", 't', 1, "filter by certificate type"},
! 255: {"flag", 'f', 1, "filter by X.509 certificate flag"},
! 256: {"pem", 'p', 0, "print PEM encoding of certificate"},
! 257: {"raw", 'r', 0, "dump raw response message"},
! 258: {"pretty", 'P', 0, "dump raw response message in pretty print"},
! 259: {"short", 'S', 0, "omit some certificate details"},
! 260: {"utc", 'U', 0, "use UTC for time fields"},
! 261: }
! 262: });
! 263: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to list_certs.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / swanctl / commands