From 374b569ed02b4cfc5098e75ec9f7f35bf5be5ea7 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 5 Dec 2014 10:41:07 +0100 Subject: [PATCH] pki: Add simple PKCS#12 display command --- configure.ac | 1 + src/pki/Makefile.am | 1 + src/pki/command.h | 2 +- src/pki/commands/pkcs12.c | 150 ++++++++++++++++++++++++++++++++++ src/pki/man/pki---pkcs12.1.in | 51 ++++++++++++ 5 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 src/pki/commands/pkcs12.c create mode 100644 src/pki/man/pki---pkcs12.1.in diff --git a/configure.ac b/configure.ac index 6684dcd7c5..4ac9bd4d30 100644 --- a/configure.ac +++ b/configure.ac @@ -1790,6 +1790,7 @@ AC_CONFIG_FILES([ src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs7.1 + src/pki/man/pki---pkcs12.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index 266802cf74..ab407e0212 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -13,6 +13,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ commands/signcrl.c \ commands/acert.c \ commands/pkcs7.c \ + commands/pkcs12.c \ commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/pki/command.h b/src/pki/command.h index 9cf036bf24..d49adda099 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -24,7 +24,7 @@ /** * Maximum number of commands (+1). */ -#define MAX_COMMANDS 12 +#define MAX_COMMANDS 13 /** * Maximum number of options in a command (+3) diff --git a/src/pki/commands/pkcs12.c b/src/pki/commands/pkcs12.c new file mode 100644 index 0000000000..f871042b1d --- /dev/null +++ b/src/pki/commands/pkcs12.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "pki.h" + +#include +#include + +/** + * Show info about PKCS#12 container + */ +static int show(pkcs12_t *pkcs12) +{ + enumerator_t *enumerator; + certificate_t *cert; + private_key_t *key; + + printf("PKCS#12 contents:\n"); + + enumerator = pkcs12->create_cert_enumerator(pkcs12); + while (enumerator->enumerate(enumerator, &cert)) + { + x509_t *x509 = (x509_t*)cert; + + if (x509->get_flags(x509) & X509_CA) + { + printf(" CA certificate \"%Y\"\n", cert->get_subject(cert)); + } + else + { + printf(" Certificate \"%Y\"\n", cert->get_subject(cert)); + } + } + enumerator->destroy(enumerator); + enumerator = pkcs12->create_key_enumerator(pkcs12); + while (enumerator->enumerate(enumerator, &key)) + { + printf(" %N private key\n", key_type_names, key->get_type(key)); + } + enumerator->destroy(enumerator); + return 0; +} + +/** + * Handle PKCs#12 containers + */ +static int pkcs12() +{ + char *arg, *file = NULL; + pkcs12_t *p12 = NULL; + int res = 1; + enum { + OP_NONE, + OP_SHOW, + } op = OP_NONE; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'i': + file = arg; + continue; + case 'p': + if (op != OP_NONE) + { + goto invalid; + } + op = OP_SHOW; + continue; + case EOF: + break; + default: + invalid: + return command_usage("invalid --pkcs12 option"); + } + break; + } + + if (op != OP_SHOW) + { + return command_usage(NULL); + } + + if (file) + { + p12 = lib->creds->create(lib->creds, CRED_CONTAINER, CONTAINER_PKCS12, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + chunk_t chunk; + + set_file_mode(stdin, CERT_ASN1_DER); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading input failed: %s\n", strerror(errno)); + return 1; + } + p12 = lib->creds->create(lib->creds, CRED_CONTAINER, CONTAINER_PKCS12, + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); + } + + if (!p12) + { + fprintf(stderr, "reading input failed!\n"); + goto end; + } + + res = show(p12); +end: + if (p12) + { + p12->container.destroy(&p12->container); + } + return res; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + pkcs12, 'u', "pkcs12", "PKCS#12 functions", + {"--show [--in file]"}, + { + {"help", 'h', 0, "show usage information"}, + {"show", 'p', 0, "show info about PKCS#12, print certificates and keys"}, + {"in", 'i', 1, "input file, default: stdin"}, + } + }); +} diff --git a/src/pki/man/pki---pkcs12.1.in b/src/pki/man/pki---pkcs12.1.in new file mode 100644 index 0000000000..2830d80e11 --- /dev/null +++ b/src/pki/man/pki---pkcs12.1.in @@ -0,0 +1,51 @@ +.TH "PKI \-\-PKCS12" 1 "2014-10-17" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-pkcs12 \- Provides PKCS#12 functions +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-pkcs12 +.BR \-\-show +.OP \-\-in file +.OP \-\-debug level +.YS +. +.SY pki\ \-\-pkcs12 +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-pkcs12" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +provides functions to work with PKCS#12 containers. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-p, \-\-show" +Show information about PKCS#12 container, list certificates and keys. +.TP +.BI "\-i, \-\-in " file +PKCS#12 input file. If not given the input is read from \fISTDIN\fR. +. +.SH "SEE ALSO" +. +.BR pki (1) \ No newline at end of file -- 2.47.2