[thirdparty/strongswan.git] / src / pki / commands / print.c

/*
 * Copyright (C) 2015-2016 Andreas Steffen
 * Copyright (C) 2010 Martin Willi
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "pki.h"

#include <credentials/certificates/certificate.h>
#include <credentials/certificates/certificate_printer.h>

#include <errno.h>

/**
 * Print private key information
 */
static void print_key(private_key_t *key)
{
	public_key_t *public;
	chunk_t chunk;

	public = key->get_public_key(key);
	if (public)
	{
		printf("  privkey:   %N %d bits\n", key_type_names,
			   public->get_type(public), public->get_keysize(public));
		if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk))
		{
			printf("  keyid:     %#B\n", &chunk);
		}
		if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk))
		{
			printf("  subjkey:   %#B\n", &chunk);
		}
		public->destroy(public);
	}
	else
	{
		printf("extracting public from private key failed\n");
	}
}

/**
 * Print a credential in a human readable form
 */
static int print()
{
	credential_type_t type = CRED_CERTIFICATE;
	int subtype = CERT_X509;
	void *cred;
	char *arg, *file = NULL, *keyid = NULL;
	chunk_t chunk;

	while (TRUE)
	{
		switch (command_getopt(&arg))
		{
			case 'h':
				return command_usage(NULL);
			case 't':
				if (streq(arg, "x509"))
				{
					type = CRED_CERTIFICATE;
					subtype = CERT_X509;
				}
				else if (streq(arg, "crl"))
				{
					type = CRED_CERTIFICATE;
					subtype = CERT_X509_CRL;
				}
				else if (streq(arg, "ac"))
				{
					type = CRED_CERTIFICATE;
					subtype = CERT_X509_AC;
				}
				else if (streq(arg, "pub"))
				{
					type = CRED_CERTIFICATE;
					subtype = CERT_TRUSTED_PUBKEY;
				}
				else if (streq(arg, "priv"))
				{
					type = CRED_PRIVATE_KEY;
					subtype = KEY_ANY;
				}
				else if (streq(arg, "rsa") ||
						 streq(arg, "rsa-priv"))
				{
					type = CRED_PRIVATE_KEY;
					subtype = KEY_RSA;
				}
				else if (streq(arg, "ecdsa") ||
						 streq(arg, "ecdsa-priv"))
				{
					type = CRED_PRIVATE_KEY;
					subtype = KEY_ECDSA;
				}
				else if (streq(arg, "ed25519") ||
						 streq(arg, "ed25519-priv"))
				{
					type = CRED_PRIVATE_KEY;
					subtype = KEY_ED25519;
				}
				else if (streq(arg, "ed448") ||
						 streq(arg, "ed448-priv"))
				{
					type = CRED_PRIVATE_KEY;
					subtype = KEY_ED448;
				}
				else if (streq(arg, "bliss") ||
						 streq(arg, "bliss-priv"))
				{
					type = CRED_PRIVATE_KEY;
					subtype = KEY_BLISS;
				}
				else
				{
					return command_usage( "invalid input type");
				}
				continue;
			case 'i':
				file = arg;
				continue;
			case 'x':
				keyid = arg;
				continue;
			case EOF:
				break;
			default:
				return command_usage("invalid --print option");
		}
		break;
	}
	if (keyid)
	{
		chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
		cred = lib->creds->create(lib->creds, type, subtype,
								  BUILD_PKCS11_KEYID, chunk, BUILD_END);
		free(chunk.ptr);
	}
	else if (file)
	{
		cred = lib->creds->create(lib->creds, type, subtype,
								  BUILD_FROM_FILE, file, BUILD_END);
	}
	else
	{
		set_file_mode(stdin, CERT_ASN1_DER);
		if (!chunk_from_fd(0, &chunk))
		{
			fprintf(stderr, "reading input failed: %s\n", strerror(errno));
			return 1;
		}
		cred = lib->creds->create(lib->creds, type, subtype,
								  BUILD_BLOB, chunk, BUILD_END);
		free(chunk.ptr);
	}
	if (!cred)
	{
		fprintf(stderr, "parsing input failed\n");
		return 1;
	}

	if (type == CRED_CERTIFICATE)
	{
		certificate_t *cert = (certificate_t*)cred;
		certificate_printer_t *printer;

		printer = certificate_printer_create(stdout, TRUE, FALSE);
		printer->print(printer, cert, FALSE);
		printer->destroy(printer);
		cert->destroy(cert);
	}
	if (type == CRED_PRIVATE_KEY)
	{
		private_key_t *key = (private_key_t*)cred;

		print_key(key);
		key->destroy(key);
	}

	return 0;
}

/**
 * Register the command.
 */
static void __attribute__ ((constructor))reg()
{
	command_register((command_t)
		{ print, 'a', "print",
		"print a credential in a human readable form",
		{"[--in file|--keyid hex]",
		 "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss]"},
		{
			{"help",	'h', 0, "show usage information"},
			{"in",		'i', 1, "input file, default: stdin"},
			{"keyid",	'x', 1, "smartcard or TPM object handle"},
			{"type",	't', 1, "type of credential, default: x509"},
		}
	});
}
Commit	Line	Data
2e57b212	1	/*
19ef2aec	2	* Copyright (C) 2015-2016 Andreas Steffen
2e57b212	3	* Copyright (C) 2010 Martin Willi
2e57b212	4	*
19ef2aec	5	* Copyright (C) secunet Security Networks AG
3317d0e7	6	*
2e57b212 MW	7	* This program is free software; you can redistribute it and/or modify it
	8	* under the terms of the GNU General Public License as published by the
	9	* Free Software Foundation; either version 2 of the License, or (at your
	10	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	11	*
	12	* This program is distributed in the hope that it will be useful, but
	13	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	14	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	15	* for more details.
	16	*/
	17
	18	#include "pki.h"
	19
	20	#include <credentials/certificates/certificate.h>
3317d0e7	21	#include <credentials/certificates/certificate_printer.h>
2e57b212	22
1c4a3459	23	#include <errno.h>
2e57b212	24
2e57b212 MW	25	/**
	26	* Print private key information
	27	*/
	28	static void print_key(private_key_t *key)
	29	{
	30	public_key_t *public;
3317d0e7	31	chunk_t chunk;
2e57b212 MW	32
	33	public = key->get_public_key(key);
	34	if (public)
	35	{
3317d0e7 AS	36	printf(" privkey: %N %d bits\n", key_type_names,
	37	public->get_type(public), public->get_keysize(public));
	38	if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk))
20ea84da	39	{
3317d0e7	40	printf(" keyid: %#B\n", &chunk);
20ea84da	41	}
3317d0e7	42	if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk))
20ea84da	43	{
3317d0e7	44	printf(" subjkey: %#B\n", &chunk);
20ea84da	45	}
3317d0e7	46	public->destroy(public);
2e57b212 MW	47	}
	48	else
	49	{
3317d0e7	50	printf("extracting public from private key failed\n");
2e57b212	51	}
2e57b212 MW	52	}
	53
	54	/**
	55	* Print a credential in a human readable form
	56	*/
	57	static int print()
	58	{
	59	credential_type_t type = CRED_CERTIFICATE;
	60	int subtype = CERT_X509;
	61	void *cred;
3e7a19bf AS	62	char arg, file = NULL, *keyid = NULL;
3e7a19bf AS	63	chunk_t chunk;
2e57b212 MW	64
	65	while (TRUE)
	66	{
	67	switch (command_getopt(&arg))
	68	{
	69	case 'h':
	70	return command_usage(NULL);
	71	case 't':
	72	if (streq(arg, "x509"))
	73	{
	74	type = CRED_CERTIFICATE;
	75	subtype = CERT_X509;
	76	}
21f80e9d MW	77	else if (streq(arg, "crl"))
	78	{
	79	type = CRED_CERTIFICATE;
	80	subtype = CERT_X509_CRL;
	81	}
20ea84da MW	82	else if (streq(arg, "ac"))
	83	{
	84	type = CRED_CERTIFICATE;
	85	subtype = CERT_X509_AC;
	86	}
2e57b212 MW	87	else if (streq(arg, "pub"))
2e57b212 MW	88	{
3317d0e7 AS	89	type = CRED_CERTIFICATE;
3317d0e7 AS	90	subtype = CERT_TRUSTED_PUBKEY;
2e57b212	91	}
05ccde0a TB	92	else if (streq(arg, "priv"))
	93	{
	94	type = CRED_PRIVATE_KEY;
	95	subtype = KEY_ANY;
	96	}
1798e490 TB	97	else if (streq(arg, "rsa") \|\|
1798e490 TB	98	streq(arg, "rsa-priv"))
2e57b212 MW	99	{
	100	type = CRED_PRIVATE_KEY;
	101	subtype = KEY_RSA;
	102	}
1798e490 TB	103	else if (streq(arg, "ecdsa") \|\|
1798e490 TB	104	streq(arg, "ecdsa-priv"))
2e57b212 MW	105	{
	106	type = CRED_PRIVATE_KEY;
	107	subtype = KEY_ECDSA;
	108	}
35bc60cc AS	109	else if (streq(arg, "ed25519") \|\|
	110	streq(arg, "ed25519-priv"))
	111	{
	112	type = CRED_PRIVATE_KEY;
	113	subtype = KEY_ED25519;
	114	}
878afdf9 TB	115	else if (streq(arg, "ed448") \|\|
	116	streq(arg, "ed448-priv"))
	117	{
	118	type = CRED_PRIVATE_KEY;
	119	subtype = KEY_ED448;
	120	}
1798e490 TB	121	else if (streq(arg, "bliss") \|\|
1798e490 TB	122	streq(arg, "bliss-priv"))
56009f20 AS	123	{
	124	type = CRED_PRIVATE_KEY;
	125	subtype = KEY_BLISS;
	126	}
2e57b212 MW	127	else
	128	{
	129	return command_usage( "invalid input type");
	130	}
	131	continue;
	132	case 'i':
	133	file = arg;
	134	continue;
3e7a19bf AS	135	case 'x':
	136	keyid = arg;
	137	continue;
2e57b212 MW	138	case EOF:
	139	break;
	140	default:
	141	return command_usage("invalid --print option");
	142	}
	143	break;
	144	}
3e7a19bf AS	145	if (keyid)
	146	{
	147	chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
	148	cred = lib->creds->create(lib->creds, type, subtype,
	149	BUILD_PKCS11_KEYID, chunk, BUILD_END);
	150	free(chunk.ptr);
	151	}
	152	else if (file)
2e57b212 MW	153	{
	154	cred = lib->creds->create(lib->creds, type, subtype,
	155	BUILD_FROM_FILE, file, BUILD_END);
	156	}
	157	else
	158	{
13298719	159	set_file_mode(stdin, CERT_ASN1_DER);
1c4a3459 MW	160	if (!chunk_from_fd(0, &chunk))
	161	{
	162	fprintf(stderr, "reading input failed: %s\n", strerror(errno));
	163	return 1;
	164	}
2e57b212	165	cred = lib->creds->create(lib->creds, type, subtype,
71c9565a TB	166	BUILD_BLOB, chunk, BUILD_END);
71c9565a TB	167	free(chunk.ptr);
2e57b212 MW	168	}
	169	if (!cred)
	170	{
	171	fprintf(stderr, "parsing input failed\n");
	172	return 1;
	173	}
	174
	175	if (type == CRED_CERTIFICATE)
	176	{
	177	certificate_t cert = (certificate_t)cred;
3317d0e7	178	certificate_printer_t *printer;
2e57b212	179
3317d0e7 AS	180	printer = certificate_printer_create(stdout, TRUE, FALSE);
	181	printer->print(printer, cert, FALSE);
	182	printer->destroy(printer);
2e57b212 MW	183	cert->destroy(cert);
2e57b212 MW	184	}
2e57b212 MW	185	if (type == CRED_PRIVATE_KEY)
	186	{
	187	private_key_t key = (private_key_t)cred;
	188
	189	print_key(key);
	190	key->destroy(key);
	191	}
3317d0e7	192
2e57b212 MW	193	return 0;
	194	}
	195
	196	/**
	197	* Register the command.
	198	*/
	199	static void __attribute__ ((constructor))reg()
	200	{
	201	command_register((command_t)
	202	{ print, 'a', "print",
	203	"print a credential in a human readable form",
878afdf9 TB	204	{"[--in file\|--keyid hex]",
878afdf9 TB	205	"[--type x509\|crl\|ac\|pub\|priv\|rsa\|ecdsa\|ed25519\|ed448\|bliss]"},
2e57b212 MW	206	{
	207	{"help", 'h', 0, "show usage information"},
	208	{"in", 'i', 1, "input file, default: stdin"},
3e7a19bf	209	{"keyid", 'x', 1, "smartcard or TPM object handle"},
2e57b212 MW	210	{"type", 't', 1, "type of credential, default: x509"},
	211	}
	212	});
	213	}