Use bits instead of bytes for a private/public key
[strongswan.git] / src / pki / commands / print.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pki.h"
17
18 #include <credentials/certificates/certificate.h>
19 #include <credentials/certificates/x509.h>
20 #include <selectors/traffic_selector.h>
21
22 #include <time.h>
23
24 /**
25 * Print public key information
26 */
27 static void print_pubkey(public_key_t *key)
28 {
29 chunk_t chunk;
30
31 printf("pubkey: %N %d bits\n", key_type_names, key->get_type(key),
32 key->get_keysize(key));
33 if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk))
34 {
35 printf("keyid: %#B\n", &chunk);
36 }
37 if (key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &chunk))
38 {
39 printf("subjkey: %#B\n", &chunk);
40 }
41 }
42
43 /**
44 * Print private key information
45 */
46 static void print_key(private_key_t *key)
47 {
48 public_key_t *public;
49
50 public = key->get_public_key(key);
51 if (public)
52 {
53 printf("private key with:\n");
54 print_pubkey(public);
55 public->destroy(public);
56 }
57 else
58 {
59 printf("extracting public from private key failed\n");
60 }
61 }
62
63 /**
64 * Print X509 specific certificate information
65 */
66 static void print_x509(x509_t *x509)
67 {
68 enumerator_t *enumerator;
69 identification_t *id;
70 traffic_selector_t *block;
71 chunk_t chunk;
72 bool first;
73 char *uri;
74 int len;
75 x509_flag_t flags;
76
77 chunk = x509->get_serial(x509);
78 printf("serial: %#B\n", &chunk);
79
80 first = TRUE;
81 enumerator = x509->create_subjectAltName_enumerator(x509);
82 while (enumerator->enumerate(enumerator, &id))
83 {
84 if (first)
85 {
86 printf("altNames: ");
87 first = FALSE;
88 }
89 else
90 {
91 printf(", ");
92 }
93 printf("%Y", id);
94 }
95 if (!first)
96 {
97 printf("\n");
98 }
99 enumerator->destroy(enumerator);
100
101 flags = x509->get_flags(x509);
102 printf("flags: ");
103 if (flags & X509_CA)
104 {
105 printf("CA ");
106 }
107 if (flags & X509_AA)
108 {
109 printf("AA ");
110 }
111 if (flags & X509_OCSP_SIGNER)
112 {
113 printf("OCSP ");
114 }
115 if (flags & X509_AA)
116 {
117 printf("AA ");
118 }
119 if (flags & X509_SERVER_AUTH)
120 {
121 printf("serverAuth ");
122 }
123 if (flags & X509_CLIENT_AUTH)
124 {
125 printf("clientAuth ");
126 }
127 if (flags & X509_SELF_SIGNED)
128 {
129 printf("self-signed ");
130 }
131 printf("\n");
132
133 first = TRUE;
134 enumerator = x509->create_crl_uri_enumerator(x509);
135 while (enumerator->enumerate(enumerator, &uri))
136 {
137 if (first)
138 {
139 printf("CRL URIs: %s\n", uri);
140 first = FALSE;
141 }
142 else
143 {
144 printf(" %s\n", uri);
145 }
146 }
147 enumerator->destroy(enumerator);
148
149 first = TRUE;
150 enumerator = x509->create_ocsp_uri_enumerator(x509);
151 while (enumerator->enumerate(enumerator, &uri))
152 {
153 if (first)
154 {
155 printf("OCSP URIs: %s\n", uri);
156 first = FALSE;
157 }
158 else
159 {
160 printf(" %s\n", uri);
161 }
162 }
163 enumerator->destroy(enumerator);
164
165 len = x509->get_pathLenConstraint(x509);
166 if (len != X509_NO_PATH_LEN_CONSTRAINT)
167 {
168 printf("pathlen: %d\n", len);
169 }
170
171 chunk = x509->get_authKeyIdentifier(x509);
172 if (chunk.ptr)
173 {
174 printf("authkeyId: %#B\n", &chunk);
175 }
176
177 chunk = x509->get_subjectKeyIdentifier(x509);
178 if (chunk.ptr)
179 {
180 printf("subjkeyId: %#B\n", &chunk);
181 }
182 if (x509->get_flags(x509) & X509_IP_ADDR_BLOCKS)
183 {
184 first = TRUE;
185 printf("addresses: ");
186 enumerator = x509->create_ipAddrBlock_enumerator(x509);
187 while (enumerator->enumerate(enumerator, &block))
188 {
189 if (first)
190 {
191 first = FALSE;
192 }
193 else
194 {
195 printf(", ");
196 }
197 printf("%R", block);
198 }
199 enumerator->destroy(enumerator);
200 printf("\n");
201 }
202 }
203
204 /**
205 * Print certificate information
206 */
207 static void print_cert(certificate_t *cert)
208 {
209 time_t now, notAfter, notBefore;
210 public_key_t *key;
211
212 now = time(NULL);
213
214 printf("cert: %N\n", certificate_type_names, cert->get_type(cert));
215 printf("subject: \"%Y\"\n", cert->get_subject(cert));
216 printf("issuer: \"%Y\"\n", cert->get_issuer(cert));
217
218 cert->get_validity(cert, &now, &notBefore, &notAfter);
219 printf("validity: not before %T, ", &notBefore, FALSE);
220 if (now < notBefore)
221 {
222 printf("not valid yet (valid in %V)\n", &now, &notBefore);
223 }
224 else
225 {
226 printf("ok\n");
227 }
228 printf(" not after %T, ", &notAfter, FALSE);
229 if (now > notAfter)
230 {
231 printf("expired (%V ago)\n", &now, &notAfter);
232 }
233 else
234 {
235 printf("ok (expires in %V)\n", &now, &notAfter);
236 }
237
238 switch (cert->get_type(cert))
239 {
240 case CERT_X509:
241 print_x509((x509_t*)cert);
242 break;
243 default:
244 printf("parsing certificate subtype %N not implemented\n",
245 certificate_type_names, cert->get_type(cert));
246 break;
247 }
248
249 key = cert->get_public_key(cert);
250 if (key)
251 {
252 print_pubkey(key);
253 key->destroy(key);
254 }
255 else
256 {
257 printf("unable to extract public key\n");
258 }
259 }
260
261 /**
262 * Print a credential in a human readable form
263 */
264 static int print()
265 {
266 credential_type_t type = CRED_CERTIFICATE;
267 int subtype = CERT_X509;
268 void *cred;
269 char *arg, *file = NULL;
270
271 while (TRUE)
272 {
273 switch (command_getopt(&arg))
274 {
275 case 'h':
276 return command_usage(NULL);
277 case 't':
278 if (streq(arg, "x509"))
279 {
280 type = CRED_CERTIFICATE;
281 subtype = CERT_X509;
282 }
283 else if (streq(arg, "pub"))
284 {
285 type = CRED_PUBLIC_KEY;
286 subtype = KEY_ANY;
287 }
288 else if (streq(arg, "rsa-priv"))
289 {
290 type = CRED_PRIVATE_KEY;
291 subtype = KEY_RSA;
292 }
293 else if (streq(arg, "ecdsa-priv"))
294 {
295 type = CRED_PRIVATE_KEY;
296 subtype = KEY_ECDSA;
297 }
298 else
299 {
300 return command_usage( "invalid input type");
301 }
302 continue;
303 case 'i':
304 file = arg;
305 continue;
306 case EOF:
307 break;
308 default:
309 return command_usage("invalid --print option");
310 }
311 break;
312 }
313 if (file)
314 {
315 cred = lib->creds->create(lib->creds, type, subtype,
316 BUILD_FROM_FILE, file, BUILD_END);
317 }
318 else
319 {
320 cred = lib->creds->create(lib->creds, type, subtype,
321 BUILD_FROM_FD, 0, BUILD_END);
322 }
323 if (!cred)
324 {
325 fprintf(stderr, "parsing input failed\n");
326 return 1;
327 }
328
329 if (type == CRED_CERTIFICATE)
330 {
331 certificate_t *cert = (certificate_t*)cred;
332
333 print_cert(cert);
334 cert->destroy(cert);
335 }
336 if (type == CRED_PUBLIC_KEY)
337 {
338 public_key_t *key = (public_key_t*)cred;
339
340 print_pubkey(key);
341 key->destroy(key);
342 }
343 if (type == CRED_PRIVATE_KEY)
344 {
345 private_key_t *key = (private_key_t*)cred;
346
347 print_key(key);
348 key->destroy(key);
349 }
350 return 0;
351 }
352
353 /**
354 * Register the command.
355 */
356 static void __attribute__ ((constructor))reg()
357 {
358 command_register((command_t)
359 { print, 'a', "print",
360 "print a credential in a human readable form",
361 {"[--in file] [--type rsa-priv|ecdsa-priv|pub|x509]"},
362 {
363 {"help", 'h', 0, "show usage information"},
364 {"in", 'i', 1, "input file, default: stdin"},
365 {"type", 't', 1, "type of credential, default: x509"},
366 }
367 });
368 }