diff options
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 54 | ||||
| -rwxr-xr-x | src/ipsec/ipsec.in | 16 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pubkey/pubkey_cert.c | 2 | ||||
| -rw-r--r-- | src/stroke/stroke.c | 2 | ||||
| -rw-r--r-- | src/stroke/stroke_keywords.h | 3 | ||||
| -rw-r--r-- | src/stroke/stroke_keywords.txt | 1 | ||||
| -rw-r--r-- | src/stroke/stroke_msg.h | 24 |
7 files changed, 81 insertions, 21 deletions
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index 5c2069cf7..d531dca47 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -507,6 +507,53 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type) } /** + * list all raw public keys + */ +static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) +{ + bool first = TRUE; + + enumerator_t *enumerator = list->create_enumerator(list); + certificate_t *cert; + + while (enumerator->enumerate(enumerator, (void**)&cert)) + { + public_key_t *public = cert->get_public_key(cert); + + if (public) + { + private_key_t *private = NULL; + identification_t *id, *keyid; + + if (first) + { + fprintf(out, "\n"); + fprintf(out, "List of Raw Public Keys:\n"); + first = FALSE; + } + fprintf(out, "\n"); + + /* list public key information */ + id = public->get_id(public, ID_PUBKEY_SHA1); + keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); + + private = charon->credentials->get_private( + charon->credentials, + public->get_type(public), keyid, NULL); + fprintf(out, " pubkey: %N %d bits%s\n", + key_type_names, public->get_type(public), + public->get_keysize(public) * 8, + private ? ", has private key" : ""); + fprintf(out, " keyid: %D\n", keyid); + fprintf(out, " subjkey: %D\n", id); + DESTROY_IF(private); + public->destroy(public); + } + } + enumerator->destroy(enumerator); +} + +/** * list all X.509 certificates matching the flags */ static void stroke_list_certs(linked_list_t *list, char *label, @@ -849,6 +896,13 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) { linked_list_t *cert_list = NULL; + if (msg->list.flags & LIST_PUBKEYS) + { + linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY); + + stroke_list_pubkeys(pubkey_list, msg->list.utc, out); + pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); + } if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS)) { cert_list = create_unique_cert_list(CERT_X509); diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in index 1fbcb5091..ed2863681 100755 --- a/src/ipsec/ipsec.in +++ b/src/ipsec/ipsec.in @@ -131,22 +131,22 @@ down-srcip) fi exit "$rc" ;; -listalgs|listpubkeys|\listcards|\rereadgroups) +listcards|rereadgroups) op="$1" - rc=7 shift if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK "$@" "--$op" rc="$?" fi - if [ -e $IPSEC_CHARON_PID ] - then - $IPSEC_STROKE "$op" - rc="$?" - fi - exit "$rc" + if [ -e $IPSEC_CHARON_PID ] + then + exit 3 + else + exit 7 + fi ;; +listalgs|\listpubkeys|\ listcerts|listcacerts|listaacerts|\ listacerts|listgroups|listocspcerts|\ listcainfos|listcrls|listocsp|listall|\ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index 24a44d1db..762557094 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -114,7 +114,7 @@ static bool equals(private_pubkey_cert_t *this, certificate_t *other) { return FALSE; } - return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_SHA1)); + return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_INFO_SHA1)); } /** diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index cfaf65d5d..9a1554768 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -200,6 +200,7 @@ static int show_status(stroke_keyword_t kw, char *connection) } static int list_flags[] = { + LIST_PUBKEYS, LIST_CERTS, LIST_CACERTS, LIST_OCSPCERTS, @@ -403,6 +404,7 @@ int main(int argc, char *argv[]) case STROKE_STATUSALL: res = show_status(token->kw, argc > 2 ? argv[2] : NULL); break; + case STROKE_LIST_PUBKEYS: case STROKE_LIST_CERTS: case STROKE_LIST_CACERTS: case STROKE_LIST_OCSPCERTS: diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h index b7c206846..0d71d2461 100644 --- a/src/stroke/stroke_keywords.h +++ b/src/stroke/stroke_keywords.h @@ -30,6 +30,7 @@ typedef enum { STROKE_LOGLEVEL, STROKE_STATUS, STROKE_STATUSALL, + STROKE_LIST_PUBKEYS, STROKE_LIST_CERTS, STROKE_LIST_CACERTS, STROKE_LIST_OCSPCERTS, @@ -51,7 +52,7 @@ typedef enum { STROKE_PURGE_OCSP } stroke_keyword_t; -#define STROKE_LIST_FIRST STROKE_LIST_CERTS +#define STROKE_LIST_FIRST STROKE_LIST_PUBKEYS #define STROKE_REREAD_FIRST STROKE_REREAD_SECRETS #define STROKE_PURGE_FIRST STROKE_PURGE_OCSP diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt index a9b031630..21aa80fa2 100644 --- a/src/stroke/stroke_keywords.txt +++ b/src/stroke/stroke_keywords.txt @@ -37,6 +37,7 @@ down-srcip, STROKE_DOWN_SRCIP loglevel, STROKE_LOGLEVEL status, STROKE_STATUS statusall, STROKE_STATUSALL +listpubkeys, STROKE_LIST_PUBKEYS listcerts, STROKE_LIST_CERTS listcacerts, STROKE_LIST_CACERTS listocspcerts, STROKE_LIST_OCSPCERTS diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index b9d7cc488..3ab1c4643 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -43,28 +43,30 @@ typedef enum list_flag_t list_flag_t; enum list_flag_t { /** don't list anything */ LIST_NONE = 0x0000, + /** list all raw public keys */ + LIST_PUBKEYS = 0x0001, /** list all host/user certs */ - LIST_CERTS = 0x0001, + LIST_CERTS = 0x0002, /** list all ca certs */ - LIST_CACERTS = 0x0002, + LIST_CACERTS = 0x0004, /** list all ocsp signer certs */ - LIST_OCSPCERTS = 0x0004, + LIST_OCSPCERTS = 0x0008, /** list all aa certs */ - LIST_AACERTS = 0x0008, + LIST_AACERTS = 0x0010, /** list all attribute certs */ - LIST_ACERTS = 0x0010, + LIST_ACERTS = 0x0020, /** list all access control groups */ - LIST_GROUPS = 0x0020, + LIST_GROUPS = 0x0040, /** list all ca information records */ - LIST_CAINFOS = 0x0040, + LIST_CAINFOS = 0x0080, /** list all crls */ - LIST_CRLS = 0x0080, + LIST_CRLS = 0x0100, /** list all ocsp cache entries */ - LIST_OCSP = 0x0100, + LIST_OCSP = 0x0200, /** list all supported algorithms */ - LIST_ALGS = 0x0200, + LIST_ALGS = 0x0400, /** all list options */ - LIST_ALL = 0x03FF, + LIST_ALL = 0x07FF, }; typedef enum reread_flag_t reread_flag_t; |