pki: Add generic 'priv' key type that loads any type of private key

12 files changed, 59 insertions, 28 deletions

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index fdc43d705..b15f90199 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -117,6 +117,11 @@ static int issue()
 					type = CRED_PRIVATE_KEY;
 					subtype = KEY_BLISS;
 				}
+				else if (streq(arg, "priv"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_ANY;
+				}
 				else if (!streq(arg, "pub"))
 				{
 					error = "invalid input type";
@@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		issue, 'i', "issue",
 		"issue a certificate using a CA certificate and key",
-		{"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
+		{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
 		 " --cacert file [--dn subject-dn] [--san subjectAltName]+",
 		 "[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
 		 "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 5dfb3374d..f79120b31 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -26,7 +26,7 @@
 static int keyid()
 {
 	credential_type_t type = CRED_PRIVATE_KEY;
-	int subtype = KEY_RSA;
+	int subtype = KEY_ANY;
 	certificate_t *cert;
 	private_key_t *private;
 	public_key_t *public;
@@ -60,6 +60,11 @@ static int keyid()
 					type = CRED_PRIVATE_KEY;
 					subtype = KEY_BLISS;
 				}
+				else if (streq(arg, "priv"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_ANY;
+				}
 				else if (streq(arg, "pub"))
 				{
 					type = CRED_PUBLIC_KEY;
@@ -172,11 +177,11 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t)
 		{ keyid, 'k', "keyid",
 		"calculate key identifiers of a key/certificate",
-		{"[--in file] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]"},
+		{"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "input file, default: stdin"},
-			{"type",	't', 1, "type of key, default: rsa"},
+			{"type",	't', 1, "type of key, default: priv"},
 		}
 	});
 }
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 9dc080fbb..8cb0a7b5d 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -89,6 +89,11 @@ static int print()
 					type = CRED_CERTIFICATE;
 					subtype = CERT_TRUSTED_PUBKEY;
 				}
+				else if (streq(arg, "priv"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_ANY;
+				}
 				else if (streq(arg, "rsa") ||
 						 streq(arg, "rsa-priv"))
 				{
@@ -176,7 +181,7 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t)
 		{ print, 'a', "print",
 		"print a credential in a human readable form",
-		{"[--in file] [--type x509|crl|ac|pub|rsa|ecdsa|bliss]"},
+		{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "input file, default: stdin"},
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index ccc3c4251..1d876f6f7 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -28,7 +28,7 @@ static int pub()
 {
 	cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER;
 	credential_type_t type = CRED_PRIVATE_KEY;
-	int subtype = KEY_RSA;
+	int subtype = KEY_ANY;
 	certificate_t *cert;
 	private_key_t *private;
 	public_key_t *public;
@@ -59,6 +59,11 @@ static int pub()
 					type = CRED_PRIVATE_KEY;
 					subtype = KEY_BLISS;
 				}
+				else if (streq(arg, "priv"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_ANY;
+				}
 				else if (streq(arg, "pub"))
 				{
 					type = CRED_PUBLIC_KEY;
@@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		pub, 'p', "pub",
 		"extract the public key from a private key/certificate",
-		{"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]",
+		{"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
 		 "[--outform der|pem|dnskey|sshkey]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "input file, default: stdin"},
 			{"keyid",	'x', 1, "keyid on smartcard of private key"},
-			{"type",	't', 1, "type of credential, default: rsa"},
+			{"type",	't', 1, "type of credential, default: priv"},
 			{"outform",	'f', 1, "encoding of extracted public key, default: der"},
 		}
 	});
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 68d611250..23d07a28d 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -30,7 +30,7 @@
 static int req()
 {
 	cred_encoding_type_t form = CERT_ASN1_DER;
-	key_type_t type = KEY_RSA;
+	key_type_t type = KEY_ANY;
 	hash_algorithm_t digest = HASH_UNKNOWN;
 	certificate_t *cert = NULL;
 	private_key_t *private = NULL;
@@ -62,6 +62,10 @@ static int req()
 				{
 					type = KEY_BLISS;
 				}
+				else if (streq(arg, "priv"))
+				{
+					type = KEY_ANY;
+				}
 				else
 				{
 					error = "invalid input type";
@@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		req, 'r', "req",
 		"create a PKCS#10 certificate request",
-		{"  [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
+		{"  [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
 		 "[--san subjectAltName]+ [--password challengePassword]",
 		 "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
 		 "[--outform der|pem]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "private key input file, default: stdin"},
-			{"type",	't', 1, "type of input key, default: rsa"},
+			{"type",	't', 1, "type of input key, default: priv"},
 			{"dn",		'd', 1, "subject distinguished name"},
 			{"san",		'a', 1, "subjectAltName to include in cert request"},
 			{"password",'p', 1, "challengePassword to include in cert request"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index f4e83c76c..6fb7b75ae 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -94,6 +94,10 @@ static int self()
 				{
 					type = KEY_BLISS;
 				}
+				else if (streq(arg, "priv"))
+				{
+					type = KEY_ANY;
+				}
 				else
 				{
 					error = "invalid input type";
@@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		self, 's', "self",
 		"create a self signed certificate",
-		{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]",
+		{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
 		 " --dn distinguished-name [--san subjectAltName]+",
 		 "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
 		 "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg()
 			{"help",			'h', 0, "show usage information"},
 			{"in",				'i', 1, "private key input file, default: stdin"},
 			{"keyid",			'x', 1, "keyid on smartcard of private key"},
-			{"type",			't', 1, "type of input key, default: rsa"},
+			{"type",			't', 1, "type of input key, default: priv"},
 			{"dn",				'd', 1, "subject and issuer distinguished name"},
 			{"san",				'a', 1, "subjectAltName to include in certificate"},
 			{"lifetime",		'l', 1, "days the certificate is valid, default: 1095"},
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in
index 20238b73d..bfc7bb1a5 100644
--- a/src/pki/man/pki---issue.1.in
+++ b/src/pki/man/pki---issue.1.in
@@ -67,9 +67,10 @@ Public key or PKCS#10 certificate request file to issue. If not given the
 key/request is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key),
-\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request),
-defaults to \fIpub\fR.
+Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
+\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
+private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
+\fIpub\fR.
 .TP
 .BI "\-k, \-\-cakey " file
 CA private key file. Either this or
diff --git a/src/pki/man/pki---keyid.1.in b/src/pki/man/pki---keyid.1.in
index ecd81321a..c69f7cbc7 100644
--- a/src/pki/man/pki---keyid.1.in
+++ b/src/pki/man/pki---keyid.1.in
@@ -44,10 +44,10 @@ Read command line options from \fIfile\fR.
 Input file. If not given the input is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
-private key), \fIbliss\fR (BLISS private key), \fIpub\fR (public key),
-\fIpkcs10\fR (PKCS#10 certificate request), \fIx509\fR (X.509 certificate),
-defaults to \fIrsa\fR.
+Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
+\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
+\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request),
+\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
 .
 .SH "EXAMPLES"
 .
diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in
index a3b10e758..09f81cdaa 100644
--- a/src/pki/man/pki---print.1.in
+++ b/src/pki/man/pki---print.1.in
@@ -46,8 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR.
 .BI "\-t, \-\-type " type
 Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
 Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
-\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
-private key), defaults to \fIx509\fR.
+\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
+key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
+\fIx509\fR.
 .
 .SH "SEE ALSO"
 .
diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in
index c57e03a40..fe6c520f4 100644
--- a/src/pki/man/pki---pub.1.in
+++ b/src/pki/man/pki---pub.1.in
@@ -47,10 +47,9 @@ Read command line options from \fIfile\fR.
 Input file. If not given the input is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
-private key), \fIpub\fR (public key),
-\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
-defaults to \fIrsa\fR.
+Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
+\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10
+certificate request), or \fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
 .TP
 .BI "\-f, \-\-outform " encoding
 Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in
index a6f6a480a..4a39c5c94 100644
--- a/src/pki/man/pki---req.1.in
+++ b/src/pki/man/pki---req.1.in
@@ -49,7 +49,8 @@ Read command line options from \fIfile\fR.
 Private key input file. If not given the key is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+defaults to \fIpriv\fR.
 .TP
 .BI "\-d, \-\-dn " distinguished-name
 Subject distinguished name (DN). Required.
diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in
index 53f53f816..9461e3eff 100644
--- a/src/pki/man/pki---self.1.in
+++ b/src/pki/man/pki---self.1.in
@@ -68,7 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
 Key ID of a private key on a smartcard.
 .TP
 .BI "\-t, \-\-type " type
-Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+defaults to \fIpriv\fR.
 .TP
 .BI "\-d, \-\-dn " distinguished-name
 Subject and issuer distinguished name (DN). Required.