* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <errno.h>
-#include <getopt.h>
-#include <library.h>
+#include "pki.h"
-static void usage(FILE *out, char *name)
-{
- fprintf(out, "Extract the ASN.1 subject DN from a certificate\n\n");
- fprintf(out, "%s [OPTIONS]\n\n", name);
- fprintf(out, "Options:\n");
- fprintf(out, " -h, --help print this help.\n");
- fprintf(out, " -i, --in=FILE certificate file (default STDIN).\n");
- fprintf(out, " -f, --format=FORMAT output format (config, hex, base64, binary).\n");
- fprintf(out, "\n");
-}
+#include <credentials/certificates/certificate.h>
+
+#include <errno.h>
/**
- * Extract the binary ASN.1 subject DN from a certificate
+ * Extract subject DN
*/
-int main(int argc, char *argv[])
+static int dn()
{
identification_t *id;
certificate_t *cert;
FORMAT_BASE64,
FORMAT_BINARY,
} format = FORMAT_CONFIG;
- int fd = 0;
- char *fmt;
-
- library_init(NULL, "extract-dn");
- atexit(library_deinit);
+ char *arg, *file = NULL, *fmt;
- while (true)
+ while (TRUE)
{
- struct option long_opts[] = {
- {"help", no_argument, NULL, 'h' },
- {"in", required_argument, NULL, 'i' },
- {"format", required_argument, NULL, 'f' },
- {0,0,0,0 },
- };
- switch (getopt_long(argc, argv, "hi:f:", long_opts, NULL))
+ switch (command_getopt(&arg))
{
- case EOF:
- break;
case 'h':
- usage(stdout, argv[0]);
- return 0;
- case 'i':
- fd = open(optarg, O_RDONLY);
- if (fd == -1)
- {
- fprintf(stderr, "failed to open '%s': %s\n", optarg,
- strerror(errno));
- usage(stderr, argv[0]);
- return 1;
- }
- continue;
+ return command_usage(NULL);
case 'f':
- if (streq(optarg, "hex"))
+ if (streq(arg, "hex"))
{
format = FORMAT_HEX;
}
- else if (streq(optarg, "base64"))
+ else if (streq(arg, "base64"))
{
format = FORMAT_BASE64;
}
- else if (streq(optarg, "bin"))
+ else if (streq(arg, "bin"))
{
format = FORMAT_BINARY;
}
+ else if (!streq(arg, "config"))
+ {
+ return command_usage( "invalid output format");
+ }
+ continue;
+ case 'i':
+ file = arg;
continue;
+ case EOF:
+ break;
default:
- usage(stderr, argv[0]);
- return 1;
+ return command_usage("invalid --print option");
}
break;
}
- /* TODO: maybe make plugins configurable */
- lib->plugins->load(lib->plugins, PLUGINS);
-
- if (!chunk_from_fd(fd, &chunk))
+ if (file)
{
- fprintf(stderr, "reading input failed: %s\n", strerror(errno));
- return 1;
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_FROM_FILE, file, BUILD_END);
}
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB, chunk, BUILD_END);
- chunk_free(&chunk);
- if (fd != 0)
+ else
{
- close(fd);
- }
+ chunk_t chunk;
+ set_file_mode(stdin, CERT_ASN1_DER);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
+ }
if (!cert)
{
- fprintf(stderr, "failed to read certificate\n");
+ fprintf(stderr, "parsing input failed\n");
return 1;
}
id = cert->get_subject(cert);
cert->destroy(cert);
return 0;
}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t)
+ { dn, 'd', "dn",
+ "extract the subject DN of an X.509 certificate",
+ {"[--in file] [--format config|hex|base64|bin]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"in", 'i', 1, "input file, default: stdin"},
+ {"format", 'f', 1, "output format, default: config"},
+ }
+ });
+}
--- /dev/null
+.TH "PKI \-\-DN" 1 "2015-08-06" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-dn \- Extract the subject DN of an X.509 certificate
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-dn
+.OP \-\-in file
+.OP \-\-format format
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-dn
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-dn"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+extracts the ASN.1-encoded subject DistinguishedName (DN) of an X.509
+certificate and exports it in different formats. This may be useful when
+strongSwan's identity parser is unable to produce the correct binary encoding
+from a string.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Input file. If not given the input is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-format " format
+Output format. One of \fIconfig\fR (strongSwan configuration compatible),
+\fIhex\fR (hexadecimal encoding, no prefix), \fIbase64\fR (Base64 encoding,
+no prefix), \fIbin\fR (raw binary data), defaults to \fIconfig\fR.
+.
+.SH "SEE ALSO"
+.
+.BR pki (1)
projects / thirdparty / strongswan.git / commitdiff
