flag = <X.509 certificate flag, NONE|CA|AA|OCSP>
has_privkey = <set if a private key for the certificate is available>
data = <ASN1 encoded certificate data>
+ subject = <subject string if defined and certificate type is PUBKEY>
+ not-before = <time string if defined and certificate type is PUBKEY>
+ not-after = <time string if defined and certificate type is PUBKEY>
}
### list-authority ###
#endif
#include <daemon.h>
+#include <asn1/asn1.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
enumerator_t *enumerator;
certificate_t *cert;
vici_builder_t *b;
- chunk_t encoding;
+ chunk_t encoding, t_ch;
cred_encoding_type_t encoding_type;
+ identification_t *subject;
+ time_t not_before, not_after;
encoding_type = (type == CERT_TRUSTED_PUBKEY) ? PUBKEY_SPKI_ASN1_DER :
CERT_ASN1_DER;
b->add(b, VICI_KEY_VALUE, "data", encoding);
free(encoding.ptr);
+ if (type == CERT_TRUSTED_PUBKEY)
+ {
+ subject = cert->get_subject(cert);
+ if (subject->get_type(subject) != ID_KEY_ID)
+ {
+ b->add_kv(b, "subject", "%Y", cert->get_subject(cert));
+ }
+ cert->get_validity(cert, NULL, ¬_before, ¬_after);
+ if (not_before != UNDEFINED_TIME)
+ {
+ t_ch = asn1_from_time(¬_before, ASN1_GENERALIZEDTIME);
+ b->add(b, VICI_KEY_VALUE, "not-before", chunk_skip(t_ch, 2));
+ chunk_free(&t_ch);
+ }
+ if (not_after != UNDEFINED_TIME)
+ {
+ t_ch = asn1_from_time(¬_after, ASN1_GENERALIZEDTIME);
+ b->add(b, VICI_KEY_VALUE, "not-after", chunk_skip(t_ch, 2));
+ chunk_free(&t_ch);
+ }
+ }
this->dispatcher->raise_event(this->dispatcher, "list-cert", id,
b->finalize(b));
}
certificate_t *cert;
certificate_type_t type;
x509_flag_t flag = X509_NONE;
+ identification_t *subject = NULL;
+ time_t not_before = UNDEFINED_TIME;
+ time_t not_after = UNDEFINED_TIME;
+ chunk_t t_ch;
bool has_privkey;
char *str;
void *buf;
return;
}
}
-
- /* Parse certificate data blob */
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
- BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
- BUILD_END);
+ if (type == CERT_TRUSTED_PUBKEY)
+ {
+ str = vici_find_str(res, NULL, "subject");
+ if (str)
+ {
+ subject = identification_create_from_string(str);
+ }
+ str = vici_find_str(res, NULL, "not-before");
+ if (str)
+ {
+ t_ch = chunk_from_str(str);
+ not_before = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
+ }
+ str = vici_find_str(res, NULL, "not-after");
+ if (str)
+ {
+ t_ch = chunk_from_str(str);
+ not_after = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
+ }
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+ BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
+ BUILD_NOT_BEFORE_TIME, not_before,
+ BUILD_NOT_AFTER_TIME, not_after,
+ BUILD_SUBJECT, subject, BUILD_END);
+ DESTROY_IF(subject);
+ }
+ else
+ {
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+ BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
+ BUILD_END);
+ }
if (cert)
{
if (*format & COMMAND_FORMAT_PEM)
projects / thirdparty / strongswan.git / commitdiff
