/*
- * Copyright (C) 2015-2022 Andreas Steffen
+ * Copyright (C) 2015-2023 Andreas Steffen
* Copyright (C) 2010 Martin Willi
*
* Copyright (C) secunet Security Networks AG
#include "credentials/certificates/x509.h"
#include "credentials/certificates/crl.h"
#include "credentials/certificates/ac.h"
+#include "credentials/certificates/ocsp_request.h"
#include "credentials/certificates/ocsp_response.h"
#include "credentials/certificates/pgp_certificate.h"
}
}
+/**
+ * Print OCSP request specific information
+ */
+static void print_ocsp_request(private_certificate_printer_t *this,
+ ocsp_request_t *ocsp_request)
+{
+ enumerator_t *enumerator;
+ chunk_t nonce, issuerNameHash, issuerKeyHash, serialNumber;
+ hash_algorithm_t hashAlgorithm;
+ FILE *f = this->f;
+
+ nonce = ocsp_request->get_nonce(ocsp_request);
+ fprintf(f, " nonce: %#B\n", &nonce);
+
+ enumerator = ocsp_request->create_request_enumerator(ocsp_request);
+ while (enumerator->enumerate(enumerator, &hashAlgorithm, &issuerNameHash,
+ &issuerKeyHash, &serialNumber))
+ {
+ fprintf(f, " serial: %#B\n", &serialNumber);
+ fprintf(f, " issuer: keyHash: %#B\n", &issuerKeyHash);
+ fprintf(f, " nameHash: %#B\n", &issuerNameHash);
+ if (hashAlgorithm != HASH_SHA1)
+ {
+ fprintf(f, " hashAlg: %#N\n",
+ hash_algorithm_short_names, hashAlgorithm);
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
/**
* Print OCSP response specific information
*/
{
fprintf(f, " subject: \"%Y\"\n", subject);
}
- if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG)
+ if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG &&
+ type != CERT_X509_OCSP_REQUEST)
{
fprintf(f, " issuer: \"%Y\"\n", cert->get_issuer(cert));
}
case CERT_X509_AC:
print_ac(this, (ac_t*)cert);
break;
+ case CERT_X509_OCSP_REQUEST:
+ print_ocsp_request(this, (ocsp_request_t*)cert);
+ break;
case CERT_X509_OCSP_RESPONSE:
print_ocsp_response(this, (ocsp_response_t*)cert);
break;
case CERT_X509_CRL:
caption = "X.509 CRL";
break;
+ case CERT_X509_OCSP_REQUEST:
+ caption = "OCSP Request";
+ break;
case CERT_X509_OCSP_RESPONSE:
caption = "OCSP Response";
break;
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "ocsp-req"))
+ {
+ type = CRED_CERTIFICATE;
+ subtype = CERT_X509_OCSP_REQUEST;
+ }
+ else if (streq(arg, "ocsp-rsp"))
+ {
+ type = CRED_CERTIFICATE;
+ subtype = CERT_X509_OCSP_RESPONSE;
+ }
else
{
return command_usage( "invalid input type");
{ print, 'a', "print",
"print a credential in a human readable form",
{"[--in file|--keyid hex]",
- "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss]"},
+ "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss|ocsp-req|ocsp-rsp]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
\fIpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
private key), \fIed25519\fR (Ed25519 private key), \fIed448\fR (Ed448 private
-key), \fIbliss\fR (BLISS private key), defaults to \fIx509\fR.
+key), \fIbliss\fR (BLISS private key), \fIocsp-req\fR (OCSP request),
+\fIocsp-rsp\fR (OCSP response), defaults to \fIx509\fR.
.
.SH "SEE ALSO"
.