Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
[strongswan.git] / src / pki / commands / keyid.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pki.h"
17
18 #include <credentials/certificates/certificate.h>
19 #include <credentials/certificates/x509.h>
20
21 /**
22 * Calculate the keyid of a key/certificate
23 */
24 static int keyid()
25 {
26 credential_type_t type = CRED_PRIVATE_KEY;
27 int subtype = KEY_RSA;
28 certificate_t *cert;
29 private_key_t *private;
30 public_key_t *public;
31 char *file = NULL;
32 void *cred;
33 chunk_t id;
34 char *arg;
35
36 while (TRUE)
37 {
38 switch (command_getopt(&arg))
39 {
40 case 'h':
41 return command_usage(NULL);
42 case 't':
43 if (streq(arg, "rsa-priv"))
44 {
45 type = CRED_PRIVATE_KEY;
46 subtype = KEY_RSA;
47 }
48 else if (streq(arg, "ecdsa-priv"))
49 {
50 type = CRED_PRIVATE_KEY;
51 subtype = KEY_ECDSA;
52 }
53 else if (streq(arg, "pub"))
54 {
55 type = CRED_PUBLIC_KEY;
56 subtype = KEY_ANY;
57 }
58 else if (streq(arg, "pkcs10"))
59 {
60 type = CRED_CERTIFICATE;
61 subtype = CERT_PKCS10_REQUEST;
62 }
63 else if (streq(arg, "x509"))
64 {
65 type = CRED_CERTIFICATE;
66 subtype = CERT_X509;
67 }
68 else
69 {
70 return command_usage( "invalid input type");
71 }
72 continue;
73 case 'i':
74 file = arg;
75 continue;
76 case EOF:
77 break;
78 default:
79 return command_usage("invalid --keyid option");
80 }
81 break;
82 }
83 if (file)
84 {
85 cred = lib->creds->create(lib->creds, type, subtype,
86 BUILD_FROM_FILE, file, BUILD_END);
87 }
88 else
89 {
90 cred = lib->creds->create(lib->creds, type, subtype,
91 BUILD_FROM_FD, 0, BUILD_END);
92 }
93 if (!cred)
94 {
95 fprintf(stderr, "parsing input failed\n");
96 return 1;
97 }
98
99 if (type == CRED_PRIVATE_KEY)
100 {
101 private = cred;
102 if (private->get_fingerprint(private, KEYID_PUBKEY_SHA1, &id))
103 {
104 printf("subjectKeyIdentifier: %#B\n", &id);
105 }
106 if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &id))
107 {
108 printf("subjectPublicKeyInfo hash: %#B\n", &id);
109 }
110 private->destroy(private);
111 }
112 else if (type == CRED_PUBLIC_KEY)
113 {
114 public = cred;
115 if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id))
116 {
117 printf("subjectKeyIdentifier: %#B\n", &id);
118 }
119 if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &id))
120 {
121 printf("subjectPublicKeyInfo hash: %#B\n", &id);
122 }
123 public->destroy(public);
124 }
125 else
126 {
127 cert = cred;
128 public = cert->get_public_key(cert);
129 if (!public)
130 {
131 fprintf(stderr, "extracting public key from certificate failed");
132 return 1;
133 }
134 if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id))
135 {
136 printf("subjectKeyIdentifier: %#B\n", &id);
137 }
138 if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &id))
139 {
140 printf("subjectPublicKeyInfo hash: %#B\n", &id);
141 }
142 public->destroy(public);
143 cert->destroy(cert);
144 }
145 return 0;
146 }
147
148 /**
149 * Register the command.
150 */
151 static void __attribute__ ((constructor))reg()
152 {
153 command_register((command_t)
154 { keyid, 'k', "keyid",
155 "calculate key identifiers of a key/certificate",
156 {"[--in file] [--type rsa-priv|ecdsa-priv|pub|pkcs10|x509]"},
157 {
158 {"help", 'h', 0, "show usage information"},
159 {"in", 'i', 1, "input file, default: stdin"},
160 {"type", 't', 1, "type of key, default: rsa-priv"},
161 }
162 });
163 }
164