pki: Extend pki --print with --keyid parameter
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 10 Dec 2017 18:31:10 +0000 (19:31 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 10 Dec 2017 18:31:10 +0000 (19:31 +0100)
src/pki/commands/print.c
src/pki/man/pki---print.1.in

index 8021016..2ab3e61 100644 (file)
@@ -60,7 +60,8 @@ static int print()
        credential_type_t type = CRED_CERTIFICATE;
        int subtype = CERT_X509;
        void *cred;
-       char *arg, *file = NULL;
+       char *arg, *file = NULL, *keyid = NULL;
+       chunk_t chunk;
 
        while (TRUE)
        {
@@ -126,6 +127,9 @@ static int print()
                        case 'i':
                                file = arg;
                                continue;
+                       case 'x':
+                               keyid = arg;
+                               continue;
                        case EOF:
                                break;
                        default:
@@ -133,15 +137,20 @@ static int print()
                }
                break;
        }
-       if (file)
+       if (keyid)
+       {
+               chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+               cred = lib->creds->create(lib->creds, type, subtype,
+                                                                 BUILD_PKCS11_KEYID, chunk, BUILD_END);
+               free(chunk.ptr);
+       }
+       else if (file)
        {
                cred = lib->creds->create(lib->creds, type, subtype,
                                                                  BUILD_FROM_FILE, file, BUILD_END);
        }
        else
        {
-               chunk_t chunk;
-
                set_file_mode(stdin, CERT_ASN1_DER);
                if (!chunk_from_fd(0, &chunk))
                {
@@ -187,10 +196,12 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t)
                { print, 'a', "print",
                "print a credential in a human readable form",
-               {"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"},
+               {"[--in file|--keyid hex] "
+                "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "input file, default: stdin"},
+                       {"keyid",       'x', 1, "smartcard or TPM object handle"},
                        {"type",        't', 1, "type of credential, default: x509"},
                }
        });
index ad85fb3..09b8a10 100644 (file)
@@ -7,7 +7,9 @@ pki \-\-print \- Print a credential (key, certificate etc.) in human readable fo
 .SH "SYNOPSIS"
 .
 .SY pki\ \-\-print
-.OP \-\-in file
+.RB [ \-\-in
+.IR file | \fB\-\-keyid\fR
+.IR hex ]
 .OP \-\-type type
 .OP \-\-debug level
 .YS
@@ -43,6 +45,10 @@ Read command line options from \fIfile\fR.
 .BI "\-i, \-\-in " file
 Input file. If not given the input is read from \fISTDIN\fR.
 .TP
+.BI "\-x, \-\-keyid " hex
+Smartcard or TPM private key or certificate object handle in hex format with
+an optional 0x prefix.
+.TP
 .BI "\-t, \-\-type " type
 Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
 Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),