Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
[strongswan.git] / src / pki / commands / keyid.c
index e270c94..6d2f7b9 100644 (file)
@@ -21,7 +21,7 @@
 /**
  * Calculate the keyid of a key/certificate
  */
-static int keyid(int argc, char *argv[])
+static int keyid()
 {
        credential_type_t type = CRED_PRIVATE_KEY;
        int subtype = KEY_RSA;
@@ -31,46 +31,52 @@ static int keyid(int argc, char *argv[])
        char *file = NULL;
        void *cred;
        chunk_t id;
+       char *arg;
 
        while (TRUE)
        {
-               switch (getopt_long(argc, argv, "", command_opts, NULL))
+               switch (command_getopt(&arg))
                {
                        case 'h':
-                               return command_usage(CMD_KEYID, NULL);
+                               return command_usage(NULL);
                        case 't':
-                               if (streq(optarg, "rsa-priv"))
+                               if (streq(arg, "rsa-priv"))
                                {
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_RSA;
                                }
-                               else if (streq(optarg, "ecdsa-priv"))
+                               else if (streq(arg, "ecdsa-priv"))
                                {
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_ECDSA;
                                }
-                               else if (streq(optarg, "pub"))
+                               else if (streq(arg, "pub"))
                                {
                                        type = CRED_PUBLIC_KEY;
                                        subtype = KEY_ANY;
                                }
-                               else if (streq(optarg, "x509"))
+                               else if (streq(arg, "pkcs10"))
+                               {
+                                       type = CRED_CERTIFICATE;
+                                       subtype = CERT_PKCS10_REQUEST;
+                               }
+                               else if (streq(arg, "x509"))
                                {
                                        type = CRED_CERTIFICATE;
                                        subtype = CERT_X509;
                                }
                                else
                                {
-                                       return command_usage(CMD_KEYID, "invalid input type");
+                                       return command_usage( "invalid input type");
                                }
                                continue;
                        case 'i':
-                               file = optarg;
+                               file = arg;
                                continue;
                        case EOF:
                                break;
                        default:
-                               return command_usage(CMD_KEYID, "invalid --keyid option");
+                               return command_usage("invalid --keyid option");
                }
                break;
        }
@@ -93,11 +99,11 @@ static int keyid(int argc, char *argv[])
        if (type == CRED_PRIVATE_KEY)
        {
                private = cred;
-               if (private->get_fingerprint(private, KEY_ID_PUBKEY_SHA1, &id))
+               if (private->get_fingerprint(private, KEYID_PUBKEY_SHA1, &id))
                {
                        printf("subjectKeyIdentifier:      %#B\n", &id);
                }
-               if (private->get_fingerprint(private, KEY_ID_PUBKEY_INFO_SHA1, &id))
+               if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &id))
                {
                        printf("subjectPublicKeyInfo hash: %#B\n", &id);
                }
@@ -106,11 +112,11 @@ static int keyid(int argc, char *argv[])
        else if (type == CRED_PUBLIC_KEY)
        {
                public = cred;
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id))
                {
                        printf("subjectKeyIdentifier:      %#B\n", &id);
                }
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &id))
                {
                        printf("subjectPublicKeyInfo hash: %#B\n", &id);
                }
@@ -125,11 +131,11 @@ static int keyid(int argc, char *argv[])
                        fprintf(stderr, "extracting public key from certificate failed");
                        return 1;
                }
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id))
                {
                        printf("subjectKeyIdentifier:      %#B\n", &id);
                }
-               if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id))
+               if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &id))
                {
                        printf("subjectPublicKeyInfo hash: %#B\n", &id);
                }
@@ -144,10 +150,10 @@ static int keyid(int argc, char *argv[])
  */
 static void __attribute__ ((constructor))reg()
 {
-       command_register(CMD_KEYID, (command_t)
+       command_register((command_t)
                { keyid, 'k', "keyid",
                "calculate key identifiers of a key/certificate",
-               {"[--in file] [--type rsa-priv|ecdsa-priv|pub|x509]"},
+               {"[--in file] [--type rsa-priv|ecdsa-priv|pub|pkcs10|x509]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "input file, default: stdin"},