diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-01-05 05:34:12 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-01-09 07:23:30 +0100 |
| commit | 4c38c79452d3b4768792a0d4ba78cf6ba00c7fba (patch) | |
| tree | 3afa45e43c017be6d03f6470d447720da3f8e616 | |
| parent | 87371460f660e245bae49d60b5ed26e7b8c8e0b0 (diff) | |
| download | strongswan-4c38c79452d3b4768792a0d4ba78cf6ba00c7fba.tar.bz2 strongswan-4c38c79452d3b4768792a0d4ba78cf6ba00c7fba.tar.xz | |
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
| -rw-r--r-- | src/libcharon/plugins/vici/README.md | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_query.c | 26 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/asn1.h | 1 | ||||
| -rw-r--r-- | src/swanctl/commands/list_certs.c | 41 |
4 files changed, 65 insertions, 6 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 133d9aee4..405cfbad3 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -760,6 +760,9 @@ _list-certs_ command. flag = <X.509 certificate flag, NONE|CA|AA|OCSP> has_privkey = <set if a private key for the certificate is available> data = <ASN1 encoded certificate data> + subject = <subject string if defined and certificate type is PUBKEY> + not-before = <time string if defined and certificate type is PUBKEY> + not-after = <time string if defined and certificate type is PUBKEY> } ### list-authority ### diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 99cd3481f..512c2ba7b 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -52,6 +52,7 @@ #endif #include <daemon.h> +#include <asn1/asn1.h> #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> @@ -866,8 +867,10 @@ static void enum_others(private_vici_query_t *this, u_int id, enumerator_t *enumerator; certificate_t *cert; vici_builder_t *b; - chunk_t encoding; + chunk_t encoding, t_ch; cred_encoding_type_t encoding_type; + identification_t *subject; + time_t not_before, not_after; encoding_type = (type == CERT_TRUSTED_PUBKEY) ? PUBKEY_SPKI_ASN1_DER : CERT_ASN1_DER; @@ -886,6 +889,27 @@ static void enum_others(private_vici_query_t *this, u_int id, b->add(b, VICI_KEY_VALUE, "data", encoding); free(encoding.ptr); + if (type == CERT_TRUSTED_PUBKEY) + { + subject = cert->get_subject(cert); + if (subject->get_type(subject) != ID_KEY_ID) + { + b->add_kv(b, "subject", "%Y", cert->get_subject(cert)); + } + cert->get_validity(cert, NULL, ¬_before, ¬_after); + if (not_before != UNDEFINED_TIME) + { + t_ch = asn1_from_time(¬_before, ASN1_GENERALIZEDTIME); + b->add(b, VICI_KEY_VALUE, "not-before", chunk_skip(t_ch, 2)); + chunk_free(&t_ch); + } + if (not_after != UNDEFINED_TIME) + { + t_ch = asn1_from_time(¬_after, ASN1_GENERALIZEDTIME); + b->add(b, VICI_KEY_VALUE, "not-after", chunk_skip(t_ch, 2)); + chunk_free(&t_ch); + } + } this->dispatcher->raise_event(this->dispatcher, "list-cert", id, b->finalize(b)); } diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 7a48292af..8ac005610 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -26,6 +26,7 @@ #include <stdarg.h> #include <library.h> +#include <asn1/asn1.h> /** * Definition of some primitive ASN1 types diff --git a/src/swanctl/commands/list_certs.c b/src/swanctl/commands/list_certs.c index 2c314d8b2..e9c964771 100644 --- a/src/swanctl/commands/list_certs.c +++ b/src/swanctl/commands/list_certs.c @@ -58,6 +58,10 @@ CALLBACK(list_cb, void, certificate_t *cert; certificate_type_t type; x509_flag_t flag = X509_NONE; + identification_t *subject = NULL; + time_t not_before = UNDEFINED_TIME; + time_t not_after = UNDEFINED_TIME; + chunk_t t_ch; bool has_privkey; char *str; void *buf; @@ -93,11 +97,38 @@ CALLBACK(list_cb, void, return; } } - - /* Parse certificate data blob */ - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type, - BUILD_BLOB_ASN1_DER, chunk_create(buf, len), - BUILD_END); + if (type == CERT_TRUSTED_PUBKEY) + { + str = vici_find_str(res, NULL, "subject"); + if (str) + { + subject = identification_create_from_string(str); + } + str = vici_find_str(res, NULL, "not-before"); + if (str) + { + t_ch = chunk_from_str(str); + not_before = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME); + } + str = vici_find_str(res, NULL, "not-after"); + if (str) + { + t_ch = chunk_from_str(str); + not_after = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME); + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type, + BUILD_BLOB_ASN1_DER, chunk_create(buf, len), + BUILD_NOT_BEFORE_TIME, not_before, + BUILD_NOT_AFTER_TIME, not_after, + BUILD_SUBJECT, subject, BUILD_END); + DESTROY_IF(subject); + } + else + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type, + BUILD_BLOB_ASN1_DER, chunk_create(buf, len), + BUILD_END); + } if (cert) { if (*format & COMMAND_FORMAT_PEM) |