pki: Add simple PKCS#12 display command

5 files changed, 204 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index 6684dcd7c..4ac9bd4d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1790,6 +1790,7 @@ AC_CONFIG_FILES([
 	src/pki/man/pki---issue.1
 	src/pki/man/pki---keyid.1
 	src/pki/man/pki---pkcs7.1
+	src/pki/man/pki---pkcs12.1
 	src/pki/man/pki---print.1
 	src/pki/man/pki---pub.1
 	src/pki/man/pki---req.1
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
index 266802cf7..ab407e021 100644
--- a/src/pki/Makefile.am
+++ b/src/pki/Makefile.am
@@ -13,6 +13,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \
 	commands/signcrl.c \
 	commands/acert.c \
 	commands/pkcs7.c \
+	commands/pkcs12.c \
 	commands/verify.c
 
 pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/src/pki/command.h b/src/pki/command.h
index 9cf036bf2..d49adda09 100644
--- a/src/pki/command.h
+++ b/src/pki/command.h
@@ -24,7 +24,7 @@
 /**
  * Maximum number of commands (+1).
  */
-#define MAX_COMMANDS 12
+#define MAX_COMMANDS 13
 
 /**
  * Maximum number of options in a command (+3)
diff --git a/src/pki/commands/pkcs12.c b/src/pki/commands/pkcs12.c
new file mode 100644
index 000000000..f871042b1
--- /dev/null
+++ b/src/pki/commands/pkcs12.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <errno.h>
+
+#include "pki.h"
+
+#include <credentials/certificates/x509.h>
+#include <credentials/containers/pkcs12.h>
+
+/**
+ * Show info about PKCS#12 container
+ */
+static int show(pkcs12_t *pkcs12)
+{
+	enumerator_t *enumerator;
+	certificate_t *cert;
+	private_key_t *key;
+
+	printf("PKCS#12 contents:\n");
+
+	enumerator = pkcs12->create_cert_enumerator(pkcs12);
+	while (enumerator->enumerate(enumerator, &cert))
+	{
+		x509_t *x509 = (x509_t*)cert;
+
+		if (x509->get_flags(x509) & X509_CA)
+		{
+			printf("  CA certificate \"%Y\"\n", cert->get_subject(cert));
+		}
+		else
+		{
+			printf("  Certificate \"%Y\"\n", cert->get_subject(cert));
+		}
+	}
+	enumerator->destroy(enumerator);
+	enumerator = pkcs12->create_key_enumerator(pkcs12);
+	while (enumerator->enumerate(enumerator, &key))
+	{
+		printf("  %N private key\n", key_type_names, key->get_type(key));
+	}
+	enumerator->destroy(enumerator);
+	return 0;
+}
+
+/**
+ * Handle PKCs#12 containers
+ */
+static int pkcs12()
+{
+	char *arg, *file = NULL;
+	pkcs12_t *p12 = NULL;
+	int res = 1;
+	enum {
+		OP_NONE,
+		OP_SHOW,
+	} op = OP_NONE;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 'i':
+				file = arg;
+				continue;
+			case 'p':
+				if (op != OP_NONE)
+				{
+					goto invalid;
+				}
+				op = OP_SHOW;
+				continue;
+			case EOF:
+				break;
+			default:
+			invalid:
+				return command_usage("invalid --pkcs12 option");
+		}
+		break;
+	}
+
+	if (op != OP_SHOW)
+	{
+		return command_usage(NULL);
+	}
+
+	if (file)
+	{
+		p12 = lib->creds->create(lib->creds, CRED_CONTAINER, CONTAINER_PKCS12,
+								  BUILD_FROM_FILE, file, BUILD_END);
+	}
+	else
+	{
+		chunk_t chunk;
+
+		set_file_mode(stdin, CERT_ASN1_DER);
+		if (!chunk_from_fd(0, &chunk))
+		{
+			fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+			return 1;
+		}
+		p12 = lib->creds->create(lib->creds, CRED_CONTAINER, CONTAINER_PKCS12,
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
+	}
+
+	if (!p12)
+	{
+		fprintf(stderr, "reading input failed!\n");
+		goto end;
+	}
+
+	res = show(p12);
+end:
+	if (p12)
+	{
+		p12->container.destroy(&p12->container);
+	}
+	return res;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+	command_register((command_t) {
+		pkcs12, 'u', "pkcs12", "PKCS#12 functions",
+		{"--show [--in file]"},
+		{
+			{"help",	'h', 0, "show usage information"},
+			{"show",	'p', 0, "show info about PKCS#12, print certificates and keys"},
+			{"in",		'i', 1, "input file, default: stdin"},
+		}
+	});
+}
diff --git a/src/pki/man/pki---pkcs12.1.in b/src/pki/man/pki---pkcs12.1.in
new file mode 100644
index 000000000..2830d80e1
--- /dev/null
+++ b/src/pki/man/pki---pkcs12.1.in
@@ -0,0 +1,51 @@
+.TH "PKI \-\-PKCS12" 1 "2014-10-17" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-pkcs12 \- Provides PKCS#12 functions
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-pkcs12
+.BR \-\-show
+.OP \-\-in file
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-pkcs12
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-pkcs12"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+provides functions to work with PKCS#12 containers.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-p, \-\-show"
+Show information about PKCS#12 container, list certificates and keys.
+.TP
+.BI "\-i, \-\-in " file
+PKCS#12 input file. If not given the input is read from \fISTDIN\fR.
+.
+.SH "SEE ALSO"
+.
+.BR pki (1)
\ No newline at end of file