}
/**
+ * Export in-memory credentials
+ */
+static void stroke_export(private_stroke_socket_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ pop_string(msg, &msg->export.selector);
+
+ if (msg->purge.flags & EXPORT_X509)
+ {
+ enumerator_t *enumerator;
+ identification_t *id;
+ certificate_t *cert;
+ chunk_t encoded;
+
+ id = identification_create_from_string(msg->export.selector);
+ enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+ CERT_X509, KEY_ANY, id, FALSE);
+ while (enumerator->enumerate(enumerator, &cert))
+ {
+ if (cert->get_encoding(cert, CERT_PEM, &encoded))
+ {
+ fprintf(out, "%.*s", encoded.len, encoded.ptr);
+ free(encoded.ptr);
+ }
+ }
+ enumerator->destroy(enumerator);
+ id->destroy(id);
+ }
+}
+
+/**
* list pool leases
*/
static void stroke_leases(private_stroke_socket_t *this,
case STR_PURGE:
stroke_purge(this, msg, out);
break;
+ case STR_EXPORT:
+ stroke_export(this, msg, out);
+ break;
case STR_LEASES:
stroke_leases(this, msg, out);
break;
return send_stroke_msg(&msg);
}
-static int leases(stroke_keyword_t kw, char *pool, char *address)
+static int export_flags[] = {
+ EXPORT_X509,
+};
+
+static int export(stroke_keyword_t kw, char *selector)
{
+ stroke_msg_t msg;
+ msg.type = STR_EXPORT;
+ msg.length = offsetof(stroke_msg_t, buffer);
+ msg.export.selector = push_string(&msg, selector);
+ msg.export.flags = export_flags[kw - STROKE_EXPORT_FIRST];
+ return send_stroke_msg(&msg);
+}
+
+static int leases(stroke_keyword_t kw, char *pool, char *address)
+{
stroke_msg_t msg;
msg.type = STR_LEASES;
printf(" stroke purgeocsp\n");
printf(" Purge IKE_SAs without a CHILD_SA:\n");
printf(" stroke purgeike\n");
+ printf(" Export credentials to the console:\n");
+ printf(" stroke exportx509 DN\n");
printf(" Show leases of a pool:\n");
printf(" stroke leases [POOL [ADDRESS]]\n");
exit_error(error);
case STROKE_PURGE_IKE:
res = purge(token->kw);
break;
+ case STROKE_EXPORT_X509:
+ if (argc != 3)
+ {
+ exit_usage("\"exportx509\" needs a distinguished name");
+ }
+ res = export(token->kw, argv[2]);
+ break;
case STROKE_LEASES:
res = leases(token->kw, argc > 2 ? argv[2] : NULL,
argc > 3 ? argv[3] : NULL);
STROKE_REREAD_ALL,
STROKE_PURGE_OCSP,
STROKE_PURGE_IKE,
- STROKE_LEASES
+ STROKE_EXPORT_X509,
+ STROKE_LEASES,
} stroke_keyword_t;
#define STROKE_LIST_FIRST STROKE_LIST_PUBKEYS
#define STROKE_REREAD_FIRST STROKE_REREAD_SECRETS
#define STROKE_PURGE_FIRST STROKE_PURGE_OCSP
+#define STROKE_EXPORT_FIRST STROKE_EXPORT_X509
typedef struct stroke_token stroke_token_t;
rereadall, STROKE_REREAD_ALL
purgeocsp, STROKE_PURGE_OCSP
purgeike, STROKE_PURGE_IKE
+exportx509, STROKE_EXPORT_X509
leases, STROKE_LEASES
PURGE_IKE = 0x0002,
};
+typedef enum export_flag_t export_flag_t;
+
+/**
+ * Definition of the export flags
+ */
+enum export_flag_t {
+ /** export an X509 certificate */
+ EXPORT_X509 = 0x0001,
+};
+
/**
* CRL certificate validation policy
*/
STR_PURGE,
/* show pool leases */
STR_LEASES,
+ /* export credentials */
+ STR_EXPORT,
/* more to come */
} type;
purge_flag_t flags;
} purge;
+ /* data for STR_EXPORT */
+ struct {
+ export_flag_t flags;
+ char *selector;
+ } export;
+
/* data for STR_LEASES */
struct {
char *pool;