output validity of raw public key if available
[strongswan.git] / src / libcharon / plugins / stroke / stroke_list.c
index d93164d..514a91e 100644 (file)
@@ -25,6 +25,7 @@
 #include <hydra.h>
 #include <daemon.h>
 #include <utils/linked_list.h>
+#include <plugins/plugin.h>
 #include <credentials/certificates/x509.h>
 #include <credentials/certificates/ac.h>
 #include <credentials/certificates/crl.h>
@@ -222,11 +223,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
                        {
                                u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED;
                                u_int16_t encr_size = 0, int_size = 0;
+                               u_int16_t esn = NO_EXT_SEQ_NUMBERS;
 
                                proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
                                                                                &encr_alg, &encr_size);
                                proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
                                                                                &int_alg, &int_size);
+                               proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
+                                                                               &esn, NULL);
 
                                if (encr_alg != ENCR_UNDEFINED)
                                {
@@ -244,6 +248,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
                                                fprintf(out, "_%u", int_size);
                                        }
                                }
+                               if (esn == EXT_SEQ_NUMBERS)
+                               {
+                                       fprintf(out, "/ESN");
+                               }
                        }
 
                        now = time_monotonic(NULL);
@@ -406,7 +414,6 @@ METHOD(stroke_list_t, status, void,
        if (all)
        {
                peer_cfg_t *peer_cfg;
-               plugin_t *plugin;
                char *pool;
                host_t *host;
                u_int32_t dpd;
@@ -441,14 +448,8 @@ METHOD(stroke_list_t, status, void,
                }
                fprintf(out, ", scheduled: %d\n",
                                lib->scheduler->get_job_load(lib->scheduler));
-               fprintf(out, "  loaded plugins: ");
-               enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
-               while (enumerator->enumerate(enumerator, &plugin))
-               {
-                       fprintf(out, "%s ", plugin->get_name(plugin));
-               }
-               enumerator->destroy(enumerator);
-               fprintf(out, "\n");
+               fprintf(out, "  loaded plugins: %s\n",
+                               lib->plugins->loaded_plugins(lib->plugins));
 
                first = TRUE;
                enumerator = this->attribute->create_pool_enumerator(this->attribute);
@@ -576,7 +577,7 @@ METHOD(stroke_list_t, status, void,
        while (enumerator->enumerate(enumerator, &ike_sa))
        {
                bool ike_printed = FALSE;
-               iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
+               enumerator_t *children = ike_sa->create_child_sa_enumerator(ike_sa);
 
                if (name == NULL || streq(name, ike_sa->get_name(ike_sa)))
                {
@@ -585,7 +586,7 @@ METHOD(stroke_list_t, status, void,
                        ike_printed = TRUE;
                }
 
-               while (children->iterate(children, (void**)&child_sa))
+               while (children->enumerate(children, (void**)&child_sa))
                {
                        if (name == NULL || streq(name, child_sa->get_name(child_sa)))
                        {
@@ -628,35 +629,30 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type)
 
        while (enumerator->enumerate(enumerator, (void**)&cert))
        {
-               iterator_t *iterator = list->create_iterator(list, TRUE);
+               enumerator_t *added = list->create_enumerator(list);
                identification_t *issuer = cert->get_issuer(cert);
-               bool previous_same, same = FALSE, last = TRUE;
+               bool previous_same, same = FALSE, found = FALSE;
                certificate_t *list_cert;
 
-               while (iterator->iterate(iterator, (void**)&list_cert))
+               while (added->enumerate(added, (void**)&list_cert))
                {
-                       /* exit if we have a duplicate? */
                        if (list_cert->equals(list_cert, cert))
-                       {
-                               last = FALSE;
+                       {       /* stop if we found a duplicate*/
+                               found = TRUE;
                                break;
                        }
-                       /* group certificates with same issuer */
                        previous_same = same;
                        same = list_cert->has_issuer(list_cert, issuer);
                        if (previous_same && !same)
-                       {
-                               iterator->insert_before(iterator, (void *)cert->get_ref(cert));
-                               last = FALSE;
+                       {       /* group certificates with same issuer */
                                break;
                        }
                }
-               iterator->destroy(iterator);
-
-               if (last)
+               if (!found)
                {
-                       list->insert_last(list, (void *)cert->get_ref(cert));
+                       list->insert_before(list, added, cert->get_ref(cert));
                }
+               added->destroy(added);
        }
        enumerator->destroy(enumerator);
        return list;
@@ -703,12 +699,14 @@ static void list_public_key(public_key_t *public, FILE *out)
 static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out)
 {
        bool first = TRUE;
-
-       enumerator_t *enumerator = list->create_enumerator(list);
+       time_t now = time(NULL), notBefore, notAfter;
+       enumerator_t *enumerator;
        certificate_t *cert;
 
+       enumerator = list->create_enumerator(list);
        while (enumerator->enumerate(enumerator, (void**)&cert))
        {
+               identification_t *subject = cert->get_subject(cert);
                public_key_t *public = cert->get_public_key(cert);
 
                if (public)
@@ -721,6 +719,41 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out)
                        }
                        fprintf(out, "\n");
 
+                       /* list subject if available */
+                       if (subject->get_type(subject) != ID_KEY_ID)
+                       {
+                               fprintf(out, "  subject:   %#Y\n", subject);
+                       }
+
+                       /* list validity if available*/
+                       cert->get_validity(cert, &now, &notBefore, &notAfter);
+                       if (notBefore != UNDEFINED_TIME && notAfter != UNDEFINED_TIME)
+                       {
+                               fprintf(out, "  validity:  not before %T, ", &notBefore, utc);
+                               if (now < notBefore)
+                               {
+                                       fprintf(out, "not valid yet (valid in %V)\n", &now, &notBefore);
+                               }
+                               else
+                               {
+                                       fprintf(out, "ok\n");
+                               }
+                               fprintf(out, "             not after  %T, ", &notAfter, utc);
+                               if (now > notAfter)
+                               {
+                                       fprintf(out, "expired (%V ago)\n", &now, &notAfter);
+                               }
+                               else
+                               {
+                                       fprintf(out, "ok");
+                                       if (now > notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
+                                       {
+                                               fprintf(out, " (expires in %V)", &now, &notAfter);
+                                       }
+                                       fprintf(out, " \n");
+                               }
+                       }
+
                        list_public_key(public, out);
                        public->destroy(public);
                }
@@ -837,7 +870,7 @@ static void stroke_list_certs(linked_list_t *list, char *label,
 
                        fprintf(out, "  subject:  \"%Y\"\n", cert->get_subject(cert));
                        fprintf(out, "  issuer:   \"%Y\"\n", cert->get_issuer(cert));
-                       serial = x509->get_serial(x509);
+                       serial = chunk_skip_zero(x509->get_serial(x509));
                        fprintf(out, "  serial:    %#B\n", &serial);
 
                        /* list validity */
@@ -950,7 +983,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
                {
                        fprintf(out, "  hissuer:  \"%Y\"\n", id);
                }
-               chunk = ac->get_holderSerial(ac);
+               chunk = chunk_skip_zero(ac->get_holderSerial(ac));
                if (chunk.ptr)
                {
                        fprintf(out, "  hserial:   %#B\n", &chunk);
@@ -962,7 +995,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
                        groups->destroy(groups);
                }
                fprintf(out, "  issuer:   \"%Y\"\n", cert->get_issuer(cert));
-               chunk  = ac->get_serial(ac);
+               chunk  = chunk_skip_zero(ac->get_serial(ac));
                fprintf(out, "  serial:    %#B\n", &chunk);
 
                /* list validity */
@@ -1019,13 +1052,14 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
                fprintf(out, "  issuer:   \"%Y\"\n", cert->get_issuer(cert));
 
                /* list optional crlNumber */
-               chunk = crl->get_serial(crl);
+               chunk = chunk_skip_zero(crl->get_serial(crl));
                if (chunk.ptr)
                {
                        fprintf(out, "  serial:    %#B\n", &chunk);
                }
                if (crl->is_delta_crl(crl, &chunk))
                {
+                       chunk = chunk_skip_zero(chunk);         
                        fprintf(out, "  delta for: %#B\n", &chunk);
                }
 
@@ -1203,6 +1237,58 @@ static void list_algs(FILE *out)
        fprintf(out, "\n");
 }
 
+/**
+ * List loaded plugin information
+ */
+static void list_plugins(FILE *out)
+{
+       plugin_feature_t *features, *fp;
+       enumerator_t *enumerator;
+       linked_list_t *list;
+       plugin_t *plugin;
+       int count, i;
+       bool loaded;
+       char *str;
+
+       fprintf(out, "\n");
+       fprintf(out, "List of loaded Plugins:\n");
+       fprintf(out, "\n");
+
+       enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
+       while (enumerator->enumerate(enumerator, &plugin, &list))
+       {
+               fprintf(out, "%s:\n", plugin->get_name(plugin));
+               if (plugin->get_features)
+               {
+                       count = plugin->get_features(plugin, &features);
+                       for (i = 0; i < count; i++)
+                       {
+                               str = plugin_feature_get_string(&features[i]);
+                               switch (features[i].kind)
+                               {
+                                       case FEATURE_PROVIDE:
+                                               fp = &features[i];
+                                               loaded = list->find_first(list, NULL,
+                                                                                                 (void**)&fp) == SUCCESS;
+                                               fprintf(out, "    %s%s\n",
+                                                               str, loaded ? "" : " (not loaded)");
+                                               break;
+                                       case FEATURE_DEPENDS:
+                                               fprintf(out, "        %s\n", str);
+                                               break;
+                                       case FEATURE_SDEPEND:
+                                               fprintf(out, "        %s(soft)\n", str);
+                                               break;
+                                       default:
+                                               break;
+                               }
+                               free(str);
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+}
+
 METHOD(stroke_list_t, list, void,
        private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
 {
@@ -1274,6 +1360,10 @@ METHOD(stroke_list_t, list, void,
        {
                list_algs(out);
        }
+       if (msg->list.flags & LIST_PLUGINS)
+       {
+               list_plugins(out);
+       }
 }
 
 /**