added display of holderIssuer, holderSerial, and authorityKeyIdentifier
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 23 May 2008 14:24:24 +0000 (14:24 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 23 May 2008 14:24:24 +0000 (14:24 -0000)
src/charon/plugins/stroke/stroke_list.c
src/libstrongswan/credentials/certificates/ac.h
src/libstrongswan/plugins/x509/x509_ac.c

index be45709..db9d829 100644 (file)
@@ -20,6 +20,7 @@
 #include <daemon.h>
 #include <utils/linked_list.h>
 #include <credentials/certificates/x509.h>
+#include <credentials/certificates/ac.h>
 #include <credentials/certificates/crl.h>
 
 /* warning intervals for list functions */
@@ -471,6 +472,13 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
 
        while (enumerator->enumerate(enumerator, (void**)&cert))
        {
+               ac_t *ac = (ac_t*)cert;
+               chunk_t serial  = ac->get_serial(ac);
+               chunk_t holderSerial = ac->get_holderSerial(ac);
+               identification_t *holderIssuer = ac->get_holderIssuer(ac);
+               identification_t *authkey = ac->get_authKeyIdentifier(ac);
+               identification_t *entityName = cert->get_subject(cert);
+
                if (first)
                {
                        fprintf(out, "\n");
@@ -479,8 +487,20 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
                }
                fprintf(out, "\n");
 
-               fprintf(out, "  holder:   \"%D\"\n", cert->get_subject(cert));
+               if (entityName)
+               {
+                       fprintf(out, "  holder:   \"%D\"\n", entityName);
+               }
+               if (holderIssuer)
+               {
+                       fprintf(out, "  hissuer:  \"%D\"\n", holderIssuer);
+               }
+               if (holderSerial.ptr)
+               {
+                       fprintf(out, "  hserial:   %#B\n", &holderSerial);
+               }
                fprintf(out, "  issuer:   \"%D\"\n", cert->get_issuer(cert));
+               fprintf(out, "  serial:    %#B\n", &serial);
 
                /* list validity */
                cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
@@ -499,6 +519,12 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
                        }
                        fprintf(out, " \n");
                }
+
+               /* list optional authorityKeyIdentifier */
+               if (authkey)
+               {
+                       fprintf(out, "  authkey:   %D\n", authkey);
+               }
        }
        enumerator->destroy(enumerator);
 }
index c9645d6..4e33390 100644 (file)
@@ -45,6 +45,34 @@ struct ac_t {
        certificate_t certificate;
        
        /**
+        * Get the attribute certificate's serial number.
+        *
+        * @return                      chunk pointing to serialNumber
+        */
+       chunk_t (*get_serial)(ac_t *this);
+       
+       /**
+        * Get the serial number of the holder certificate.
+        *
+        * @return                      chunk pointing to serialNumber
+        */
+       chunk_t (*get_holderSerial)(ac_t *this);
+
+       /**
+        * Get the issuer of the holder certificate.
+        *
+        * @return                      holderIssuer as identification_t*
+        */
+       identification_t* (*get_holderIssuer)(ac_t *this);
+
+       /**
+        * Get the thauthorityKeyIdentifier.
+        *
+        * @return                      authKeyIdentifier as identification_t*
+        */
+       identification_t* (*get_authKeyIdentifier)(ac_t *this);
+
+       /**
         * @brief Checks if two attribute certificates belong to the same holder
         *
         * @param this                  calling attribute certificate
index a4bf039..4a9e1cd 100644 (file)
@@ -276,14 +276,14 @@ static const asn1Object_t acObjects[] =
                                                                                                                                  ASN1_BODY }, /*  7 */
        { 4,         "end opt",                                 ASN1_EOC,                         ASN1_END  }, /*  8 */
        { 3,       "end opt",                                   ASN1_EOC,                         ASN1_END  }, /*  9 */
-       { 3,         "entityName",                              ASN1_CONTEXT_C_1,         ASN1_OPT |
+       { 3,       "entityName",                                ASN1_CONTEXT_C_1,         ASN1_OPT |
                                                                                                                                  ASN1_OBJ  }, /* 10 */
        { 3,       "end opt",                                   ASN1_EOC,                         ASN1_END  }, /* 11 */
        { 3,         "objectDigestInfo",                ASN1_CONTEXT_C_2,         ASN1_OPT  }, /* 12 */
-       { 4,           "digestedObjectType",    ASN1_ENUMERATED,          ASN1_BODY }, /* 13*/
+       { 4,           "digestedObjectType",    ASN1_ENUMERATED,          ASN1_BODY }, /* 13 */
        { 4,           "otherObjectTypeID",             ASN1_OID,                         ASN1_OPT |
                                                                                                                                  ASN1_BODY }, /* 14 */
-       { 4,         "end opt",                                 ASN1_EOC,                         ASN1_END  }, /* 15*/
+       { 4,         "end opt",                                 ASN1_EOC,                         ASN1_END  }, /* 15 */
        { 4,         "digestAlgorithm",                 ASN1_EOC,                         ASN1_RAW  }, /* 16 */
        { 3,       "end opt",                                   ASN1_EOC,                         ASN1_END  }, /* 17 */
        { 2,       "v2Form",                                    ASN1_CONTEXT_C_0,         ASN1_NONE }, /* 18 */
@@ -649,6 +649,38 @@ static chunk_t build_ac(private_x509_ac_t *this)
 }
 
 /**
+ * Implementation of ac_t.get_serial.
+ */
+static chunk_t get_serial(private_x509_ac_t *this)
+{
+       return this->serialNumber;
+}
+
+/**
+ * Implementation of ac_t.get_holderSerial.
+ */
+static chunk_t get_holderSerial(private_x509_ac_t *this)
+{
+       return this->holderSerial;
+}
+
+/**
+ * Implementation of ac_t.get_holderIssuer.
+ */
+static identification_t* get_holderIssuer(private_x509_ac_t *this)
+{
+       return this->holderIssuer;
+}
+
+/**
+ * Implementation of ac_t.get_authKeyIdentifier.
+ */
+static identification_t* get_authKeyIdentifier(private_x509_ac_t *this)
+{
+       return this->authKeyIdentifier;
+}
+
+/**
  * Implementation of certificate_t.get_type
  */
 static certificate_type_t get_type(private_x509_ac_t *this)
@@ -899,6 +931,10 @@ static private_x509_ac_t *create_empty(void)
        private_x509_ac_t *this = malloc_thing(private_x509_ac_t);
        
        /* public functions */
+       this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial;
+       this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial;
+       this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer;
+       this->public.interface.get_authKeyIdentifier = (identification_t* (*)(ac_t*))get_authKeyIdentifier;
        this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
        this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
        this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
@@ -915,6 +951,7 @@ static private_x509_ac_t *create_empty(void)
 
        /* initialize */
        this->encoding = chunk_empty;
+       this->holderSerial = chunk_empty;
        this->holderIssuer = NULL;
        this->entityName = NULL;
        this->issuerName = NULL;