}
}
+/**
+ * Print a certificate in PEM to out
+ */
+static void print_pem_cert(FILE *out, certificate_t *cert)
+{
+ chunk_t encoded;
+
+ if (cert->get_encoding(cert, CERT_PEM, &encoded))
+ {
+ fprintf(out, "%.*s", (int)encoded.len, encoded.ptr);
+ free(encoded.ptr);
+ }
+}
+
/**
* Export in-memory credentials
*/
enumerator_t *enumerator;
identification_t *id;
certificate_t *cert;
- chunk_t encoded;
id = identification_create_from_string(msg->export.selector);
enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
CERT_X509, KEY_ANY, id, FALSE);
while (enumerator->enumerate(enumerator, &cert))
{
- if (cert->get_encoding(cert, CERT_PEM, &encoded))
- {
- fprintf(out, "%.*s", (int)encoded.len, encoded.ptr);
- free(encoded.ptr);
- }
+ print_pem_cert(out, cert);
}
enumerator->destroy(enumerator);
id->destroy(id);
}
+
+ if (msg->export.flags & (EXPORT_CONN_CERT | EXPORT_CONN_CHAIN))
+ {
+ enumerator_t *sas, *auths, *certs;
+ ike_sa_t *ike_sa;
+ auth_cfg_t *auth;
+ certificate_t *cert;
+ auth_rule_t rule;
+
+ sas = charon->ike_sa_manager->create_enumerator(
+ charon->ike_sa_manager, TRUE);
+ while (sas->enumerate(sas, &ike_sa))
+ {
+ if (streq(msg->export.selector, ike_sa->get_name(ike_sa)))
+ {
+ auths = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
+ while (auths->enumerate(auths, &auth))
+ {
+ bool got_subject = FALSE;
+
+ certs = auth->create_enumerator(auth);
+ while (certs->enumerate(certs, &rule, &cert))
+ {
+ switch (rule)
+ {
+ case AUTH_RULE_CA_CERT:
+ case AUTH_RULE_IM_CERT:
+ if (msg->export.flags & EXPORT_CONN_CHAIN)
+ {
+ print_pem_cert(out, cert);
+ }
+ break;
+ case AUTH_RULE_SUBJECT_CERT:
+ if (!got_subject)
+ {
+ print_pem_cert(out, cert);
+ got_subject = TRUE;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ certs->destroy(certs);
+ }
+ auths->destroy(auths);
+ }
+ }
+ sas->destroy(sas);
+ }
}
/**
static int export_flags[] = {
EXPORT_X509,
+ EXPORT_CONN_CERT,
+ EXPORT_CONN_CHAIN,
};
static int export(stroke_keyword_t kw, char *selector)
printf(" stroke purgeike\n");
printf(" Export credentials to the console:\n");
printf(" stroke exportx509 DN\n");
+ printf(" stroke exportconncert connname\n");
+ printf(" stroke exportconnchain connname\n");
printf(" Show current memory usage:\n");
printf(" stroke memusage\n");
printf(" Show leases of a pool:\n");
res = purge(token->kw);
break;
case STROKE_EXPORT_X509:
+ case STROKE_EXPORT_CONN_CERT:
+ case STROKE_EXPORT_CONN_CHAIN:
if (argc != 3)
{
- exit_usage("\"exportx509\" needs a distinguished name");
+ exit_usage("\"export\" needs a name");
}
res = export(token->kw, argv[2]);
break;
purgecerts, STROKE_PURGE_CERTS
purgeike, STROKE_PURGE_IKE
exportx509, STROKE_EXPORT_X509
+exportconncert, STROKE_EXPORT_CONN_CERT
+exportconnchain, STROKE_EXPORT_CONN_CHAIN
leases, STROKE_LEASES
memusage, STROKE_MEMUSAGE
user-creds, STROKE_USER_CREDS
projects / thirdparty / strongswan.git / commitdiff
