]>
Commit | Line | Data |
---|---|---|
2e57b212 | 1 | /* |
19ef2aec | 2 | * Copyright (C) 2015-2016 Andreas Steffen |
2e57b212 | 3 | * Copyright (C) 2010 Martin Willi |
2e57b212 | 4 | * |
19ef2aec | 5 | * Copyright (C) secunet Security Networks AG |
3317d0e7 | 6 | * |
2e57b212 MW |
7 | * This program is free software; you can redistribute it and/or modify it |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
18 | #include "pki.h" | |
19 | ||
20 | #include <credentials/certificates/certificate.h> | |
3317d0e7 | 21 | #include <credentials/certificates/certificate_printer.h> |
2e57b212 | 22 | |
1c4a3459 | 23 | #include <errno.h> |
2e57b212 | 24 | |
2e57b212 MW |
25 | /** |
26 | * Print private key information | |
27 | */ | |
28 | static void print_key(private_key_t *key) | |
29 | { | |
30 | public_key_t *public; | |
3317d0e7 | 31 | chunk_t chunk; |
2e57b212 MW |
32 | |
33 | public = key->get_public_key(key); | |
34 | if (public) | |
35 | { | |
3317d0e7 AS |
36 | printf(" privkey: %N %d bits\n", key_type_names, |
37 | public->get_type(public), public->get_keysize(public)); | |
38 | if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk)) | |
20ea84da | 39 | { |
3317d0e7 | 40 | printf(" keyid: %#B\n", &chunk); |
20ea84da | 41 | } |
3317d0e7 | 42 | if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk)) |
20ea84da | 43 | { |
3317d0e7 | 44 | printf(" subjkey: %#B\n", &chunk); |
20ea84da | 45 | } |
3317d0e7 | 46 | public->destroy(public); |
2e57b212 MW |
47 | } |
48 | else | |
49 | { | |
3317d0e7 | 50 | printf("extracting public from private key failed\n"); |
2e57b212 | 51 | } |
2e57b212 MW |
52 | } |
53 | ||
54 | /** | |
55 | * Print a credential in a human readable form | |
56 | */ | |
57 | static int print() | |
58 | { | |
59 | credential_type_t type = CRED_CERTIFICATE; | |
60 | int subtype = CERT_X509; | |
61 | void *cred; | |
3e7a19bf AS |
62 | char *arg, *file = NULL, *keyid = NULL; |
63 | chunk_t chunk; | |
2e57b212 MW |
64 | |
65 | while (TRUE) | |
66 | { | |
67 | switch (command_getopt(&arg)) | |
68 | { | |
69 | case 'h': | |
70 | return command_usage(NULL); | |
71 | case 't': | |
72 | if (streq(arg, "x509")) | |
73 | { | |
74 | type = CRED_CERTIFICATE; | |
75 | subtype = CERT_X509; | |
76 | } | |
21f80e9d MW |
77 | else if (streq(arg, "crl")) |
78 | { | |
79 | type = CRED_CERTIFICATE; | |
80 | subtype = CERT_X509_CRL; | |
81 | } | |
20ea84da MW |
82 | else if (streq(arg, "ac")) |
83 | { | |
84 | type = CRED_CERTIFICATE; | |
85 | subtype = CERT_X509_AC; | |
86 | } | |
2e57b212 MW |
87 | else if (streq(arg, "pub")) |
88 | { | |
3317d0e7 AS |
89 | type = CRED_CERTIFICATE; |
90 | subtype = CERT_TRUSTED_PUBKEY; | |
2e57b212 | 91 | } |
05ccde0a TB |
92 | else if (streq(arg, "priv")) |
93 | { | |
94 | type = CRED_PRIVATE_KEY; | |
95 | subtype = KEY_ANY; | |
96 | } | |
1798e490 TB |
97 | else if (streq(arg, "rsa") || |
98 | streq(arg, "rsa-priv")) | |
2e57b212 MW |
99 | { |
100 | type = CRED_PRIVATE_KEY; | |
101 | subtype = KEY_RSA; | |
102 | } | |
1798e490 TB |
103 | else if (streq(arg, "ecdsa") || |
104 | streq(arg, "ecdsa-priv")) | |
2e57b212 MW |
105 | { |
106 | type = CRED_PRIVATE_KEY; | |
107 | subtype = KEY_ECDSA; | |
108 | } | |
35bc60cc AS |
109 | else if (streq(arg, "ed25519") || |
110 | streq(arg, "ed25519-priv")) | |
111 | { | |
112 | type = CRED_PRIVATE_KEY; | |
113 | subtype = KEY_ED25519; | |
114 | } | |
878afdf9 TB |
115 | else if (streq(arg, "ed448") || |
116 | streq(arg, "ed448-priv")) | |
117 | { | |
118 | type = CRED_PRIVATE_KEY; | |
119 | subtype = KEY_ED448; | |
120 | } | |
1798e490 TB |
121 | else if (streq(arg, "bliss") || |
122 | streq(arg, "bliss-priv")) | |
56009f20 AS |
123 | { |
124 | type = CRED_PRIVATE_KEY; | |
125 | subtype = KEY_BLISS; | |
126 | } | |
2e57b212 MW |
127 | else |
128 | { | |
129 | return command_usage( "invalid input type"); | |
130 | } | |
131 | continue; | |
132 | case 'i': | |
133 | file = arg; | |
134 | continue; | |
3e7a19bf AS |
135 | case 'x': |
136 | keyid = arg; | |
137 | continue; | |
2e57b212 MW |
138 | case EOF: |
139 | break; | |
140 | default: | |
141 | return command_usage("invalid --print option"); | |
142 | } | |
143 | break; | |
144 | } | |
3e7a19bf AS |
145 | if (keyid) |
146 | { | |
147 | chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); | |
148 | cred = lib->creds->create(lib->creds, type, subtype, | |
149 | BUILD_PKCS11_KEYID, chunk, BUILD_END); | |
150 | free(chunk.ptr); | |
151 | } | |
152 | else if (file) | |
2e57b212 MW |
153 | { |
154 | cred = lib->creds->create(lib->creds, type, subtype, | |
155 | BUILD_FROM_FILE, file, BUILD_END); | |
156 | } | |
157 | else | |
158 | { | |
13298719 | 159 | set_file_mode(stdin, CERT_ASN1_DER); |
1c4a3459 MW |
160 | if (!chunk_from_fd(0, &chunk)) |
161 | { | |
162 | fprintf(stderr, "reading input failed: %s\n", strerror(errno)); | |
163 | return 1; | |
164 | } | |
2e57b212 | 165 | cred = lib->creds->create(lib->creds, type, subtype, |
71c9565a TB |
166 | BUILD_BLOB, chunk, BUILD_END); |
167 | free(chunk.ptr); | |
2e57b212 MW |
168 | } |
169 | if (!cred) | |
170 | { | |
171 | fprintf(stderr, "parsing input failed\n"); | |
172 | return 1; | |
173 | } | |
174 | ||
175 | if (type == CRED_CERTIFICATE) | |
176 | { | |
177 | certificate_t *cert = (certificate_t*)cred; | |
3317d0e7 | 178 | certificate_printer_t *printer; |
2e57b212 | 179 | |
3317d0e7 AS |
180 | printer = certificate_printer_create(stdout, TRUE, FALSE); |
181 | printer->print(printer, cert, FALSE); | |
182 | printer->destroy(printer); | |
2e57b212 MW |
183 | cert->destroy(cert); |
184 | } | |
2e57b212 MW |
185 | if (type == CRED_PRIVATE_KEY) |
186 | { | |
187 | private_key_t *key = (private_key_t*)cred; | |
188 | ||
189 | print_key(key); | |
190 | key->destroy(key); | |
191 | } | |
3317d0e7 | 192 | |
2e57b212 MW |
193 | return 0; |
194 | } | |
195 | ||
196 | /** | |
197 | * Register the command. | |
198 | */ | |
199 | static void __attribute__ ((constructor))reg() | |
200 | { | |
201 | command_register((command_t) | |
202 | { print, 'a', "print", | |
203 | "print a credential in a human readable form", | |
878afdf9 TB |
204 | {"[--in file|--keyid hex]", |
205 | "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss]"}, | |
2e57b212 MW |
206 | { |
207 | {"help", 'h', 0, "show usage information"}, | |
208 | {"in", 'i', 1, "input file, default: stdin"}, | |
3e7a19bf | 209 | {"keyid", 'x', 1, "smartcard or TPM object handle"}, |
2e57b212 MW |
210 | {"type", 't', 1, "type of credential, default: x509"}, |
211 | } | |
212 | }); | |
213 | } |