vici: list-cert sends subject, not-before and not-after attributes for pubkeys

This commit is contained in:
Andreas Steffen 2016-01-05 05:34:12 +01:00
parent 87371460f6
commit 4c38c79452
4 changed files with 65 additions and 6 deletions

View File

@ -760,6 +760,9 @@ _list-certs_ command.
flag = <X.509 certificate flag, NONE|CA|AA|OCSP>
has_privkey = <set if a private key for the certificate is available>
data = <ASN1 encoded certificate data>
subject = <subject string if defined and certificate type is PUBKEY>
not-before = <time string if defined and certificate type is PUBKEY>
not-after = <time string if defined and certificate type is PUBKEY>
}
### list-authority ###

View File

@ -52,6 +52,7 @@
#endif
#include <daemon.h>
#include <asn1/asn1.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
@ -866,8 +867,10 @@ static void enum_others(private_vici_query_t *this, u_int id,
enumerator_t *enumerator;
certificate_t *cert;
vici_builder_t *b;
chunk_t encoding;
chunk_t encoding, t_ch;
cred_encoding_type_t encoding_type;
identification_t *subject;
time_t not_before, not_after;
encoding_type = (type == CERT_TRUSTED_PUBKEY) ? PUBKEY_SPKI_ASN1_DER :
CERT_ASN1_DER;
@ -886,6 +889,27 @@ static void enum_others(private_vici_query_t *this, u_int id,
b->add(b, VICI_KEY_VALUE, "data", encoding);
free(encoding.ptr);
if (type == CERT_TRUSTED_PUBKEY)
{
subject = cert->get_subject(cert);
if (subject->get_type(subject) != ID_KEY_ID)
{
b->add_kv(b, "subject", "%Y", cert->get_subject(cert));
}
cert->get_validity(cert, NULL, &not_before, &not_after);
if (not_before != UNDEFINED_TIME)
{
t_ch = asn1_from_time(&not_before, ASN1_GENERALIZEDTIME);
b->add(b, VICI_KEY_VALUE, "not-before", chunk_skip(t_ch, 2));
chunk_free(&t_ch);
}
if (not_after != UNDEFINED_TIME)
{
t_ch = asn1_from_time(&not_after, ASN1_GENERALIZEDTIME);
b->add(b, VICI_KEY_VALUE, "not-after", chunk_skip(t_ch, 2));
chunk_free(&t_ch);
}
}
this->dispatcher->raise_event(this->dispatcher, "list-cert", id,
b->finalize(b));
}

View File

@ -26,6 +26,7 @@
#include <stdarg.h>
#include <library.h>
#include <asn1/asn1.h>
/**
* Definition of some primitive ASN1 types

View File

@ -58,6 +58,10 @@ CALLBACK(list_cb, void,
certificate_t *cert;
certificate_type_t type;
x509_flag_t flag = X509_NONE;
identification_t *subject = NULL;
time_t not_before = UNDEFINED_TIME;
time_t not_after = UNDEFINED_TIME;
chunk_t t_ch;
bool has_privkey;
char *str;
void *buf;
@ -93,11 +97,38 @@ CALLBACK(list_cb, void,
return;
}
}
/* Parse certificate data blob */
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
BUILD_END);
if (type == CERT_TRUSTED_PUBKEY)
{
str = vici_find_str(res, NULL, "subject");
if (str)
{
subject = identification_create_from_string(str);
}
str = vici_find_str(res, NULL, "not-before");
if (str)
{
t_ch = chunk_from_str(str);
not_before = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
}
str = vici_find_str(res, NULL, "not-after");
if (str)
{
t_ch = chunk_from_str(str);
not_after = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
}
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
BUILD_NOT_BEFORE_TIME, not_before,
BUILD_NOT_AFTER_TIME, not_after,
BUILD_SUBJECT, subject, BUILD_END);
DESTROY_IF(subject);
}
else
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
BUILD_END);
}
if (cert)
{
if (*format & COMMAND_FORMAT_PEM)