Added a stroke command to export cached x509 certificates to the console
authorMartin Willi <martin@revosec.ch>
Tue, 10 Aug 2010 14:57:14 +0000 (16:57 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 10 Aug 2010 16:46:30 +0000 (18:46 +0200)
src/libcharon/plugins/stroke/stroke_socket.c
src/stroke/stroke.c
src/stroke/stroke_keywords.h
src/stroke/stroke_keywords.txt
src/stroke/stroke_msg.h

index 18afa5a..fc54472 100644 (file)
@@ -353,6 +353,37 @@ static void stroke_purge(private_stroke_socket_t *this,
 }
 
 /**
+ * Export in-memory credentials
+ */
+static void stroke_export(private_stroke_socket_t *this,
+                                                 stroke_msg_t *msg, FILE *out)
+{
+       pop_string(msg, &msg->export.selector);
+
+       if (msg->purge.flags & EXPORT_X509)
+       {
+               enumerator_t *enumerator;
+               identification_t *id;
+               certificate_t *cert;
+               chunk_t encoded;
+
+               id = identification_create_from_string(msg->export.selector);
+               enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+                                                                                               CERT_X509, KEY_ANY, id, FALSE);
+               while (enumerator->enumerate(enumerator, &cert))
+               {
+                       if (cert->get_encoding(cert, CERT_PEM, &encoded))
+                       {
+                               fprintf(out, "%.*s", encoded.len, encoded.ptr);
+                               free(encoded.ptr);
+                       }
+               }
+               enumerator->destroy(enumerator);
+               id->destroy(id);
+       }
+}
+
+/**
  * list pool leases
  */
 static void stroke_leases(private_stroke_socket_t *this,
@@ -525,6 +556,9 @@ static job_requeue_t process(stroke_job_context_t *ctx)
                case STR_PURGE:
                        stroke_purge(this, msg, out);
                        break;
+               case STR_EXPORT:
+                       stroke_export(this, msg, out);
+                       break;
                case STR_LEASES:
                        stroke_leases(this, msg, out);
                        break;
index 32e628d..103617f 100644 (file)
@@ -288,9 +288,23 @@ static int purge(stroke_keyword_t kw)
        return send_stroke_msg(&msg);
 }
 
-static int leases(stroke_keyword_t kw, char *pool, char *address)
+static int export_flags[] = {
+       EXPORT_X509,
+};
+
+static int export(stroke_keyword_t kw, char *selector)
 {
+       stroke_msg_t msg;
 
+       msg.type = STR_EXPORT;
+       msg.length = offsetof(stroke_msg_t, buffer);
+       msg.export.selector = push_string(&msg, selector);
+       msg.export.flags = export_flags[kw - STROKE_EXPORT_FIRST];
+       return send_stroke_msg(&msg);
+}
+
+static int leases(stroke_keyword_t kw, char *pool, char *address)
+{
        stroke_msg_t msg;
 
        msg.type = STR_LEASES;
@@ -361,6 +375,8 @@ static void exit_usage(char *error)
        printf("    stroke purgeocsp\n");
        printf("  Purge IKE_SAs without a CHILD_SA:\n");
        printf("    stroke purgeike\n");
+       printf("  Export credentials to the console:\n");
+       printf("    stroke exportx509 DN\n");
        printf("  Show leases of a pool:\n");
        printf("    stroke leases [POOL [ADDRESS]]\n");
        exit_error(error);
@@ -478,6 +494,13 @@ int main(int argc, char *argv[])
                case STROKE_PURGE_IKE:
                        res = purge(token->kw);
                        break;
+               case STROKE_EXPORT_X509:
+                       if (argc != 3)
+                       {
+                               exit_usage("\"exportx509\" needs a distinguished name");
+                       }
+                       res = export(token->kw, argv[2]);
+                       break;
                case STROKE_LEASES:
                        res = leases(token->kw, argc > 2 ? argv[2] : NULL,
                                                 argc > 3 ? argv[3] : NULL);
index 6332000..4a38265 100644 (file)
@@ -49,12 +49,14 @@ typedef enum {
        STROKE_REREAD_ALL,
        STROKE_PURGE_OCSP,
        STROKE_PURGE_IKE,
-       STROKE_LEASES
+       STROKE_EXPORT_X509,
+       STROKE_LEASES,
 } stroke_keyword_t;
 
 #define STROKE_LIST_FIRST              STROKE_LIST_PUBKEYS
 #define STROKE_REREAD_FIRST            STROKE_REREAD_SECRETS
 #define STROKE_PURGE_FIRST             STROKE_PURGE_OCSP
+#define STROKE_EXPORT_FIRST            STROKE_EXPORT_X509
 
 typedef struct stroke_token stroke_token_t;
 
index 96fa0bf..0b80929 100644 (file)
@@ -56,4 +56,5 @@ rereadcrls,      STROKE_REREAD_CRLS
 rereadall,       STROKE_REREAD_ALL
 purgeocsp,       STROKE_PURGE_OCSP
 purgeike,        STROKE_PURGE_IKE
+exportx509,      STROKE_EXPORT_X509
 leases,          STROKE_LEASES
index a36cc90..9e2300d 100644 (file)
@@ -109,6 +109,16 @@ enum purge_flag_t {
        PURGE_IKE =                     0x0002,
 };
 
+typedef enum export_flag_t export_flag_t;
+
+/**
+ * Definition of the export flags
+ */
+enum export_flag_t {
+       /** export an X509 certificate */
+       EXPORT_X509 =           0x0001,
+};
+
 /**
  * CRL certificate validation policy
  */
@@ -193,6 +203,8 @@ struct stroke_msg_t {
                STR_PURGE,
                /* show pool leases */
                STR_LEASES,
+               /* export credentials */
+               STR_EXPORT,
                /* more to come */
        } type;
 
@@ -301,6 +313,12 @@ struct stroke_msg_t {
                        purge_flag_t flags;
                } purge;
 
+               /* data for STR_EXPORT */
+               struct {
+                       export_flag_t flags;
+                       char *selector;
+               } export;
+
                /* data for STR_LEASES */
                struct {
                        char *pool;