From: Andreas Steffen Date: Mon, 3 Jul 2023 10:42:09 +0000 (+0200) Subject: pki: Added ocsp-req and ocsp-rsp types to pki --print X-Git-Tag: 5.9.12rc1~3^2~2 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=ec325b4c090fc2dc28d1155f482c3c52e1a88756;p=thirdparty%2Fstrongswan.git pki: Added ocsp-req and ocsp-rsp types to pki --print --- diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.c b/src/libstrongswan/credentials/certificates/certificate_printer.c index b6f3247790..2e6a9d61cb 100644 --- a/src/libstrongswan/credentials/certificates/certificate_printer.c +++ b/src/libstrongswan/credentials/certificates/certificate_printer.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015-2022 Andreas Steffen + * Copyright (C) 2015-2023 Andreas Steffen * Copyright (C) 2010 Martin Willi * * Copyright (C) secunet Security Networks AG @@ -19,6 +19,7 @@ #include "credentials/certificates/x509.h" #include "credentials/certificates/crl.h" #include "credentials/certificates/ac.h" +#include "credentials/certificates/ocsp_request.h" #include "credentials/certificates/ocsp_response.h" #include "credentials/certificates/pgp_certificate.h" @@ -474,6 +475,36 @@ static void print_ac(private_certificate_printer_t *this, ac_t *ac) } } +/** + * Print OCSP request specific information + */ +static void print_ocsp_request(private_certificate_printer_t *this, + ocsp_request_t *ocsp_request) +{ + enumerator_t *enumerator; + chunk_t nonce, issuerNameHash, issuerKeyHash, serialNumber; + hash_algorithm_t hashAlgorithm; + FILE *f = this->f; + + nonce = ocsp_request->get_nonce(ocsp_request); + fprintf(f, " nonce: %#B\n", &nonce); + + enumerator = ocsp_request->create_request_enumerator(ocsp_request); + while (enumerator->enumerate(enumerator, &hashAlgorithm, &issuerNameHash, + &issuerKeyHash, &serialNumber)) + { + fprintf(f, " serial: %#B\n", &serialNumber); + fprintf(f, " issuer: keyHash: %#B\n", &issuerKeyHash); + fprintf(f, " nameHash: %#B\n", &issuerNameHash); + if (hashAlgorithm != HASH_SHA1) + { + fprintf(f, " hashAlg: %#N\n", + hash_algorithm_short_names, hashAlgorithm); + } + } + enumerator->destroy(enumerator); +} + /** * Print OCSP response specific information */ @@ -576,7 +607,8 @@ METHOD(certificate_printer_t, print, void, { fprintf(f, " subject: \"%Y\"\n", subject); } - if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG) + if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG && + type != CERT_X509_OCSP_REQUEST) { fprintf(f, " issuer: \"%Y\"\n", cert->get_issuer(cert)); } @@ -637,6 +669,9 @@ METHOD(certificate_printer_t, print, void, case CERT_X509_AC: print_ac(this, (ac_t*)cert); break; + case CERT_X509_OCSP_REQUEST: + print_ocsp_request(this, (ocsp_request_t*)cert); + break; case CERT_X509_OCSP_RESPONSE: print_ocsp_response(this, (ocsp_response_t*)cert); break; @@ -694,6 +729,9 @@ METHOD(certificate_printer_t, print_caption, void, case CERT_X509_CRL: caption = "X.509 CRL"; break; + case CERT_X509_OCSP_REQUEST: + caption = "OCSP Request"; + break; case CERT_X509_OCSP_RESPONSE: caption = "OCSP Response"; break; diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index f482500e17..6d82af6b87 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -124,6 +124,16 @@ static int print() type = CRED_PRIVATE_KEY; subtype = KEY_BLISS; } + else if (streq(arg, "ocsp-req")) + { + type = CRED_CERTIFICATE; + subtype = CERT_X509_OCSP_REQUEST; + } + else if (streq(arg, "ocsp-rsp")) + { + type = CRED_CERTIFICATE; + subtype = CERT_X509_OCSP_RESPONSE; + } else { return command_usage( "invalid input type"); @@ -202,7 +212,7 @@ static void __attribute__ ((constructor))reg() { print, 'a', "print", "print a credential in a human readable form", {"[--in file|--keyid hex]", - "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss]"}, + "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss|ocsp-req|ocsp-rsp]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "input file, default: stdin"}, diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in index 6de0e7340c..66eaf63dbc 100644 --- a/src/pki/man/pki---print.1.in +++ b/src/pki/man/pki---print.1.in @@ -54,7 +54,8 @@ Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key), \fIpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIed25519\fR (Ed25519 private key), \fIed448\fR (Ed448 private -key), \fIbliss\fR (BLISS private key), defaults to \fIx509\fR. +key), \fIbliss\fR (BLISS private key), \fIocsp-req\fR (OCSP request), +\fIocsp-rsp\fR (OCSP response), defaults to \fIx509\fR. . .SH "SEE ALSO" .