diff options
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 28 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/ac.h | 28 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 43 |
3 files changed, 95 insertions, 4 deletions
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index be4570916..db9d829e1 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -20,6 +20,7 @@ #include <daemon.h> #include <utils/linked_list.h> #include <credentials/certificates/x509.h> +#include <credentials/certificates/ac.h> #include <credentials/certificates/crl.h> /* warning intervals for list functions */ @@ -471,6 +472,13 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) while (enumerator->enumerate(enumerator, (void**)&cert)) { + ac_t *ac = (ac_t*)cert; + chunk_t serial = ac->get_serial(ac); + chunk_t holderSerial = ac->get_holderSerial(ac); + identification_t *holderIssuer = ac->get_holderIssuer(ac); + identification_t *authkey = ac->get_authKeyIdentifier(ac); + identification_t *entityName = cert->get_subject(cert); + if (first) { fprintf(out, "\n"); @@ -479,8 +487,20 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } fprintf(out, "\n"); - fprintf(out, " holder: \"%D\"\n", cert->get_subject(cert)); + if (entityName) + { + fprintf(out, " holder: \"%D\"\n", entityName); + } + if (holderIssuer) + { + fprintf(out, " hissuer: \"%D\"\n", holderIssuer); + } + if (holderSerial.ptr) + { + fprintf(out, " hserial: %#B\n", &holderSerial); + } fprintf(out, " issuer: \"%D\"\n", cert->get_issuer(cert)); + fprintf(out, " serial: %#B\n", &serial); /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); @@ -499,6 +519,12 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } + + /* list optional authorityKeyIdentifier */ + if (authkey) + { + fprintf(out, " authkey: %D\n", authkey); + } } enumerator->destroy(enumerator); } diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h index c9645d68b..4e33390bb 100644 --- a/src/libstrongswan/credentials/certificates/ac.h +++ b/src/libstrongswan/credentials/certificates/ac.h @@ -45,6 +45,34 @@ struct ac_t { certificate_t certificate; /** + * Get the attribute certificate's serial number. + * + * @return chunk pointing to serialNumber + */ + chunk_t (*get_serial)(ac_t *this); + + /** + * Get the serial number of the holder certificate. + * + * @return chunk pointing to serialNumber + */ + chunk_t (*get_holderSerial)(ac_t *this); + + /** + * Get the issuer of the holder certificate. + * + * @return holderIssuer as identification_t* + */ + identification_t* (*get_holderIssuer)(ac_t *this); + + /** + * Get the thauthorityKeyIdentifier. + * + * @return authKeyIdentifier as identification_t* + */ + identification_t* (*get_authKeyIdentifier)(ac_t *this); + + /** * @brief Checks if two attribute certificates belong to the same holder * * @param this calling attribute certificate diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index a4bf0393f..4a9e1cd7b 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -276,14 +276,14 @@ static const asn1Object_t acObjects[] = ASN1_BODY }, /* 7 */ { 4, "end opt", ASN1_EOC, ASN1_END }, /* 8 */ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ - { 3, "entityName", ASN1_CONTEXT_C_1, ASN1_OPT | + { 3, "entityName", ASN1_CONTEXT_C_1, ASN1_OPT | ASN1_OBJ }, /* 10 */ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 3, "objectDigestInfo", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 12 */ - { 4, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 13*/ + { 4, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 13 */ { 4, "otherObjectTypeID", ASN1_OID, ASN1_OPT | ASN1_BODY }, /* 14 */ - { 4, "end opt", ASN1_EOC, ASN1_END }, /* 15*/ + { 4, "end opt", ASN1_EOC, ASN1_END }, /* 15 */ { 4, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 16 */ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 17 */ { 2, "v2Form", ASN1_CONTEXT_C_0, ASN1_NONE }, /* 18 */ @@ -649,6 +649,38 @@ static chunk_t build_ac(private_x509_ac_t *this) } /** + * Implementation of ac_t.get_serial. + */ +static chunk_t get_serial(private_x509_ac_t *this) +{ + return this->serialNumber; +} + +/** + * Implementation of ac_t.get_holderSerial. + */ +static chunk_t get_holderSerial(private_x509_ac_t *this) +{ + return this->holderSerial; +} + +/** + * Implementation of ac_t.get_holderIssuer. + */ +static identification_t* get_holderIssuer(private_x509_ac_t *this) +{ + return this->holderIssuer; +} + +/** + * Implementation of ac_t.get_authKeyIdentifier. + */ +static identification_t* get_authKeyIdentifier(private_x509_ac_t *this) +{ + return this->authKeyIdentifier; +} + +/** * Implementation of certificate_t.get_type */ static certificate_type_t get_type(private_x509_ac_t *this) @@ -899,6 +931,10 @@ static private_x509_ac_t *create_empty(void) private_x509_ac_t *this = malloc_thing(private_x509_ac_t); /* public functions */ + this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial; + this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial; + this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer; + this->public.interface.get_authKeyIdentifier = (identification_t* (*)(ac_t*))get_authKeyIdentifier; this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -915,6 +951,7 @@ static private_x509_ac_t *create_empty(void) /* initialize */ this->encoding = chunk_empty; + this->holderSerial = chunk_empty; this->holderIssuer = NULL; this->entityName = NULL; this->issuerName = NULL; |