Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
[strongswan.git] / src / pki / commands / keyid.c
index 49cc1cc..6d2f7b9 100644 (file)
@@ -21,7 +21,7 @@
 /**
  * Calculate the keyid of a key/certificate
  */
-static int keyid(int argc, char *argv[])
+static int keyid()
 {
        credential_type_t type = CRED_PRIVATE_KEY;
        int subtype = KEY_RSA;
@@ -31,33 +31,36 @@ static int keyid(int argc, char *argv[])
        char *file = NULL;
        void *cred;
        chunk_t id;
+       char *arg;
 
        while (TRUE)
        {
-               switch (getopt_long(argc, argv, "", command_opts, NULL))
+               switch (command_getopt(&arg))
                {
                        case 'h':
                                return command_usage(NULL);
-                       case 'v':
-                               dbg_level = atoi(optarg);
-                               continue;
                        case 't':
-                               if (streq(optarg, "rsa-priv"))
+                               if (streq(arg, "rsa-priv"))
                                {
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_RSA;
                                }
-                               else if (streq(optarg, "ecdsa-priv"))
+                               else if (streq(arg, "ecdsa-priv"))
                                {
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_ECDSA;
                                }
-                               else if (streq(optarg, "pub"))
+                               else if (streq(arg, "pub"))
                                {
                                        type = CRED_PUBLIC_KEY;
                                        subtype = KEY_ANY;
                                }
-                               else if (streq(optarg, "x509"))
+                               else if (streq(arg, "pkcs10"))
+                               {
+                                       type = CRED_CERTIFICATE;
+                                       subtype = CERT_PKCS10_REQUEST;
+                               }
+                               else if (streq(arg, "x509"))
                                {
                                        type = CRED_CERTIFICATE;
                                        subtype = CERT_X509;
@@ -68,7 +71,7 @@ static int keyid(int argc, char *argv[])
                                }
                                continue;
                        case 'i':
-                               file = optarg;
+                               file = arg;
                                continue;
                        case EOF:
                                break;
@@ -96,11 +99,11 @@ static int keyid(int argc, char *argv[])
        if (type == CRED_PRIVATE_KEY)
        {
                private = cred;
-               if (private->get_fingerprint(private, KEY_ID_PUBKEY_SHA1, &id))
+               if (private->get_fingerprint(private, KEYID_PUBKEY_SHA1, &id))
                {
                        printf("subjectKeyIdentifier:      %#B\n", &id);
                }
-               if (private->get_fingerprint(private, KEY_ID_PUBKEY_INFO_SHA1, &id))
+               if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &id))
                {
                        printf("subjectPublicKeyInfo hash: %#B\n", &id);
                }
@@ -109,11 +112,11 @@ static int keyid(int argc, char *argv[])
        else if (type == CRED_PUBLIC_KEY)
        {
                public = cred;
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id))
                {
                        printf("subjectKeyIdentifier:      %#B\n", &id);
                }
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &id))
                {
                        printf("subjectPublicKeyInfo hash: %#B\n", &id);
                }
@@ -128,11 +131,11 @@ static int keyid(int argc, char *argv[])
                        fprintf(stderr, "extracting public key from certificate failed");
                        return 1;
                }
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id))
                {
                        printf("subjectKeyIdentifier:      %#B\n", &id);
                }
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &id))
                {
                        printf("subjectPublicKeyInfo hash: %#B\n", &id);
                }
@@ -150,12 +153,11 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t)
                { keyid, 'k', "keyid",
                "calculate key identifiers of a key/certificate",
-               {"[--in file] [--type rsa-priv|ecdsa-priv|pub|x509]"},
+               {"[--in file] [--type rsa-priv|ecdsa-priv|pub|pkcs10|x509]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "input file, default: stdin"},
                        {"type",        't', 1, "type of key, default: rsa-priv"},
-                       {"debug",       'v', 1, "set debug level, default: 1"},
                }
        });
 }