diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-07-07 10:53:22 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-08-10 12:33:02 +0200 |
| commit | 1bc25499142adf5af44e6fca911d489e5b5129bf (patch) | |
| tree | 945c30be87b2597c5e951f2666ce3fee527a7823 /src | |
| parent | 99b1a1a1d866e1224b1132d54fa93ab88a213e86 (diff) | |
| download | strongswan-1bc25499142adf5af44e6fca911d489e5b5129bf.tar.bz2 strongswan-1bc25499142adf5af44e6fca911d489e5b5129bf.tar.xz | |
pki: Optionally extract public key from given private key in --issue
Fixes #618.
Diffstat (limited to 'src')
| -rw-r--r-- | src/pki/commands/issue.c | 31 | ||||
| -rw-r--r-- | src/pki/man/pki---issue.1.in | 5 |
2 files changed, 30 insertions, 6 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 6a2d09d78..70afc01f5 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -64,6 +64,8 @@ static int issue() certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL; private_key_t *private = NULL; public_key_t *public = NULL; + credential_type_t type = CRED_PUBLIC_KEY; + key_type_t subtype = KEY_ANY; bool pkcs10 = FALSE; char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL; char *error = NULL, *keyid = NULL; @@ -100,6 +102,21 @@ static int issue() { pkcs10 = TRUE; } + else if (streq(arg, "rsa")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_RSA; + } + else if (streq(arg, "ecdsa")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ECDSA; + } + else if (streq(arg, "bliss")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_BLISS; + } else if (!streq(arg, "pub")) { error = "invalid input type"; @@ -447,10 +464,10 @@ static int issue() } else { - DBG2(DBG_LIB, "Reading public key:"); + DBG2(DBG_LIB, "Reading key:"); if (file) { - public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + public = lib->creds->create(lib->creds, type, subtype, BUILD_FROM_FILE, file, BUILD_END); } else @@ -460,13 +477,19 @@ static int issue() if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); - error = "reading public key failed"; + error = "reading key failed"; goto end; } - public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + public = lib->creds->create(lib->creds, type, subtype, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); } + if (public && type == CRED_PRIVATE_KEY) + { + private_key_t *priv = (private_key_t*)public; + public = priv->get_public_key(priv); + priv->destroy(priv); + } } if (!public) { diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in index 3a89059c8..20238b73d 100644 --- a/src/pki/man/pki---issue.1.in +++ b/src/pki/man/pki---issue.1.in @@ -67,8 +67,9 @@ Public key or PKCS#10 certificate request file to issue. If not given the key/request is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of the input. Either \fIpub\fR for a public key, or \fIpkcs10\fR for a -PKCS#10 certificate request, defaults to \fIpub\fR. +Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key), +\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request), +defaults to \fIpub\fR. .TP .BI "\-k, \-\-cakey " file CA private key file. Either this or |