vici: list-cert sends subject, not-before and not-after attributes for pubkeys
[strongswan.git] / src / swanctl / commands / list_certs.c
index b2ff3b5..e9c9647 100644 (file)
@@ -58,6 +58,10 @@ CALLBACK(list_cb, void,
        certificate_t *cert;
        certificate_type_t type;
        x509_flag_t flag = X509_NONE;
+       identification_t *subject = NULL;
+       time_t not_before = UNDEFINED_TIME;
+       time_t not_after  = UNDEFINED_TIME;
+       chunk_t t_ch;
        bool has_privkey;
        char *str;
        void *buf;
@@ -93,11 +97,38 @@ CALLBACK(list_cb, void,
                        return;
                }
        }
-
-       /* Parse certificate data blob */
-       cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
-                                                         BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
-                                                         BUILD_END);
+       if (type == CERT_TRUSTED_PUBKEY)
+       {
+               str = vici_find_str(res, NULL, "subject");
+               if (str)
+               {
+                       subject = identification_create_from_string(str);
+               }
+               str = vici_find_str(res, NULL, "not-before");
+               if (str)
+               {
+                       t_ch = chunk_from_str(str);
+                       not_before = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
+               }
+               str = vici_find_str(res, NULL, "not-after");
+               if (str)
+               {
+                       t_ch = chunk_from_str(str);
+                       not_after = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
+               }
+               cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+                                                                 BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
+                                                                 BUILD_NOT_BEFORE_TIME, not_before,
+                                                                 BUILD_NOT_AFTER_TIME, not_after,
+                                                                 BUILD_SUBJECT, subject, BUILD_END);
+               DESTROY_IF(subject);
+       }
+       else
+       {
+               cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+                                                                 BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
+                                                                 BUILD_END);
+       }
        if (cert)
        {
                if (*format & COMMAND_FORMAT_PEM)
@@ -214,10 +245,9 @@ static void __attribute__ ((constructor))reg()
 {
        command_register((command_t) {
                list_certs, 'x', "list-certs", "list stored certificates",
-               {"[--subject <dn/san>] "
-                "[--type x509|x509_ac|x509_crl|ocsp_response|pubkey]\n         "
-                "[--flag none|ca|aa|ocsp|any] "
-                "[--pem] [--raw|--pretty|--short|--utc]"},
+               {"[--subject <dn/san>] [--pem]",
+                "[--type x509|x509_ac|x509_crl|ocsp_response|pubkey]",
+                "[--flag none|ca|aa|ocsp|any] [--raw|--pretty|--short|--utc]"},
                {
                        {"help",                'h', 0, "show usage information"},
                        {"subject",             's', 1, "filter by certificate subject"},