implemented ipsec listalgs as a stroke command
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 8 Oct 2008 07:00:13 +0000 (07:00 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 8 Oct 2008 07:00:13 +0000 (07:00 -0000)
src/charon/plugins/stroke/stroke_list.c
src/ipsec/ipsec.in
src/libstrongswan/plugins/pubkey/pubkey_cert.c
src/stroke/stroke.c
src/stroke/stroke_keywords.h
src/stroke/stroke_keywords.txt
src/stroke/stroke_msg.h

index 5c2069c..d531dca 100644 (file)
@@ -507,6 +507,53 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type)
 }
 
 /**
+ * list all raw public keys
+ */
+static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out)
+{
+       bool first = TRUE;
+
+       enumerator_t *enumerator = list->create_enumerator(list);
+       certificate_t *cert;
+
+       while (enumerator->enumerate(enumerator, (void**)&cert))
+       {
+               public_key_t *public = cert->get_public_key(cert);
+
+               if (public)
+               {
+                       private_key_t *private = NULL;
+                       identification_t *id, *keyid;
+                       
+                       if (first)
+                       {
+                               fprintf(out, "\n");
+                               fprintf(out, "List of Raw Public Keys:\n");
+                               first = FALSE;
+                       }
+                       fprintf(out, "\n");
+
+                       /* list public key information */
+                       id    = public->get_id(public, ID_PUBKEY_SHA1);
+                       keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
+
+                       private = charon->credentials->get_private(
+                                                               charon->credentials, 
+                                                               public->get_type(public), keyid, NULL);
+                       fprintf(out, "  pubkey:    %N %d bits%s\n",
+                                       key_type_names, public->get_type(public),
+                                       public->get_keysize(public) * 8,
+                                       private ? ", has private key" : "");
+                       fprintf(out, "  keyid:     %D\n", keyid);
+                       fprintf(out, "  subjkey:   %D\n", id);
+                       DESTROY_IF(private);
+                       public->destroy(public);
+               }
+       }
+       enumerator->destroy(enumerator);
+}
+
+/**
  * list all X.509 certificates matching the flags
  */
 static void stroke_list_certs(linked_list_t *list, char *label, 
@@ -849,6 +896,13 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
 {
        linked_list_t *cert_list = NULL;
 
+       if (msg->list.flags & LIST_PUBKEYS)
+       {
+               linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY);
+
+               stroke_list_pubkeys(pubkey_list, msg->list.utc, out);
+               pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); 
+       }
        if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS))
        {
                cert_list = create_unique_cert_list(CERT_X509);
index 1fbcb50..ed28636 100755 (executable)
@@ -131,22 +131,22 @@ down-srcip)
        fi
        exit "$rc"
        ;;
-listalgs|listpubkeys|\listcards|\rereadgroups)
+listcards|rereadgroups)
        op="$1"
-       rc=7
        shift
        if [ -e $IPSEC_PLUTO_PID ]
        then
                $IPSEC_WHACK "$@" "--$op"
                rc="$?"
        fi
-       if [ -e $IPSEC_CHARON_PID ]
-       then
-               $IPSEC_STROKE "$op"
-               rc="$?"
-       fi
-       exit "$rc"
+       if [ -e $IPSEC_CHARON_PID ] 
+       then 
+               exit 3 
+       else 
+               exit 7 
+       fi 
        ;;
+listalgs|\listpubkeys|\
 listcerts|listcacerts|listaacerts|\
 listacerts|listgroups|listocspcerts|\
 listcainfos|listcrls|listocsp|listall|\
index 24a44d1..7625570 100644 (file)
@@ -114,7 +114,7 @@ static bool equals(private_pubkey_cert_t *this, certificate_t *other)
        {
                return FALSE;
        }
-       return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_SHA1));
+       return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_INFO_SHA1));
 }
 
 /**
index cfaf65d..9a15547 100644 (file)
@@ -200,6 +200,7 @@ static int show_status(stroke_keyword_t kw, char *connection)
 }
 
 static int list_flags[] = {
+       LIST_PUBKEYS,
        LIST_CERTS,
        LIST_CACERTS,
        LIST_OCSPCERTS,
@@ -403,6 +404,7 @@ int main(int argc, char *argv[])
                case STROKE_STATUSALL:
                        res = show_status(token->kw, argc > 2 ? argv[2] : NULL);
                        break;
+               case STROKE_LIST_PUBKEYS:
                case STROKE_LIST_CERTS:
                case STROKE_LIST_CACERTS:
                case STROKE_LIST_OCSPCERTS:
index b7c2068..0d71d24 100644 (file)
@@ -30,6 +30,7 @@ typedef enum {
        STROKE_LOGLEVEL,
        STROKE_STATUS,
        STROKE_STATUSALL,
+       STROKE_LIST_PUBKEYS,
        STROKE_LIST_CERTS,
        STROKE_LIST_CACERTS,
        STROKE_LIST_OCSPCERTS,
@@ -51,7 +52,7 @@ typedef enum {
        STROKE_PURGE_OCSP
 } stroke_keyword_t;
 
-#define STROKE_LIST_FIRST              STROKE_LIST_CERTS
+#define STROKE_LIST_FIRST              STROKE_LIST_PUBKEYS
 #define STROKE_REREAD_FIRST            STROKE_REREAD_SECRETS
 #define STROKE_PURGE_FIRST             STROKE_PURGE_OCSP
 
index a9b0316..21aa80f 100644 (file)
@@ -37,6 +37,7 @@ down-srcip,      STROKE_DOWN_SRCIP
 loglevel,        STROKE_LOGLEVEL
 status,          STROKE_STATUS
 statusall,       STROKE_STATUSALL
+listpubkeys,     STROKE_LIST_PUBKEYS
 listcerts,       STROKE_LIST_CERTS
 listcacerts,     STROKE_LIST_CACERTS
 listocspcerts,   STROKE_LIST_OCSPCERTS
index b9d7cc4..3ab1c46 100644 (file)
@@ -43,28 +43,30 @@ typedef enum list_flag_t list_flag_t;
 enum list_flag_t {
        /** don't list anything */
        LIST_NONE =                     0x0000,
+       /** list all raw public keys */
+       LIST_PUBKEYS =          0x0001,
        /** list all host/user certs */
-       LIST_CERTS =            0x0001,
+       LIST_CERTS =            0x0002,
        /** list all ca certs */
-       LIST_CACERTS =          0x0002,
+       LIST_CACERTS =          0x0004,
        /** list all ocsp signer certs */
-       LIST_OCSPCERTS =        0x0004,
+       LIST_OCSPCERTS =        0x0008,
        /** list all aa certs */
-       LIST_AACERTS =          0x0008,
+       LIST_AACERTS =          0x0010,
        /** list all attribute certs */
-       LIST_ACERTS =           0x0010,
+       LIST_ACERTS =           0x0020,
        /** list all access control groups */
-       LIST_GROUPS =           0x0020,
+       LIST_GROUPS =           0x0040,
        /** list all ca information records */
-       LIST_CAINFOS =          0x0040,
+       LIST_CAINFOS =          0x0080,
        /** list all crls */
-       LIST_CRLS =                     0x0080,
+       LIST_CRLS =                     0x0100,
        /** list all ocsp cache entries */
-       LIST_OCSP =                     0x0100,
+       LIST_OCSP =                     0x0200,
        /** list all supported algorithms */
-       LIST_ALGS =                     0x0200,
+       LIST_ALGS =                     0x0400,
        /** all list options */
-       LIST_ALL =                      0x03FF,
+       LIST_ALL =                      0x07FF,
 };
 
 typedef enum reread_flag_t reread_flag_t;