vici: list-cert sends subject, not-before and not-after attributes for pubkeys
This commit is contained in:
parent
87371460f6
commit
4c38c79452
|
@ -760,6 +760,9 @@ _list-certs_ command.
|
|||
flag = <X.509 certificate flag, NONE|CA|AA|OCSP>
|
||||
has_privkey = <set if a private key for the certificate is available>
|
||||
data = <ASN1 encoded certificate data>
|
||||
subject = <subject string if defined and certificate type is PUBKEY>
|
||||
not-before = <time string if defined and certificate type is PUBKEY>
|
||||
not-after = <time string if defined and certificate type is PUBKEY>
|
||||
}
|
||||
|
||||
### list-authority ###
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
#endif
|
||||
|
||||
#include <daemon.h>
|
||||
#include <asn1/asn1.h>
|
||||
#include <credentials/certificates/certificate.h>
|
||||
#include <credentials/certificates/x509.h>
|
||||
|
||||
|
@ -866,8 +867,10 @@ static void enum_others(private_vici_query_t *this, u_int id,
|
|||
enumerator_t *enumerator;
|
||||
certificate_t *cert;
|
||||
vici_builder_t *b;
|
||||
chunk_t encoding;
|
||||
chunk_t encoding, t_ch;
|
||||
cred_encoding_type_t encoding_type;
|
||||
identification_t *subject;
|
||||
time_t not_before, not_after;
|
||||
|
||||
encoding_type = (type == CERT_TRUSTED_PUBKEY) ? PUBKEY_SPKI_ASN1_DER :
|
||||
CERT_ASN1_DER;
|
||||
|
@ -886,6 +889,27 @@ static void enum_others(private_vici_query_t *this, u_int id,
|
|||
b->add(b, VICI_KEY_VALUE, "data", encoding);
|
||||
free(encoding.ptr);
|
||||
|
||||
if (type == CERT_TRUSTED_PUBKEY)
|
||||
{
|
||||
subject = cert->get_subject(cert);
|
||||
if (subject->get_type(subject) != ID_KEY_ID)
|
||||
{
|
||||
b->add_kv(b, "subject", "%Y", cert->get_subject(cert));
|
||||
}
|
||||
cert->get_validity(cert, NULL, ¬_before, ¬_after);
|
||||
if (not_before != UNDEFINED_TIME)
|
||||
{
|
||||
t_ch = asn1_from_time(¬_before, ASN1_GENERALIZEDTIME);
|
||||
b->add(b, VICI_KEY_VALUE, "not-before", chunk_skip(t_ch, 2));
|
||||
chunk_free(&t_ch);
|
||||
}
|
||||
if (not_after != UNDEFINED_TIME)
|
||||
{
|
||||
t_ch = asn1_from_time(¬_after, ASN1_GENERALIZEDTIME);
|
||||
b->add(b, VICI_KEY_VALUE, "not-after", chunk_skip(t_ch, 2));
|
||||
chunk_free(&t_ch);
|
||||
}
|
||||
}
|
||||
this->dispatcher->raise_event(this->dispatcher, "list-cert", id,
|
||||
b->finalize(b));
|
||||
}
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#include <stdarg.h>
|
||||
|
||||
#include <library.h>
|
||||
#include <asn1/asn1.h>
|
||||
|
||||
/**
|
||||
* Definition of some primitive ASN1 types
|
||||
|
|
|
@ -58,6 +58,10 @@ CALLBACK(list_cb, void,
|
|||
certificate_t *cert;
|
||||
certificate_type_t type;
|
||||
x509_flag_t flag = X509_NONE;
|
||||
identification_t *subject = NULL;
|
||||
time_t not_before = UNDEFINED_TIME;
|
||||
time_t not_after = UNDEFINED_TIME;
|
||||
chunk_t t_ch;
|
||||
bool has_privkey;
|
||||
char *str;
|
||||
void *buf;
|
||||
|
@ -93,11 +97,38 @@ CALLBACK(list_cb, void,
|
|||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* Parse certificate data blob */
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
|
||||
BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
|
||||
BUILD_END);
|
||||
if (type == CERT_TRUSTED_PUBKEY)
|
||||
{
|
||||
str = vici_find_str(res, NULL, "subject");
|
||||
if (str)
|
||||
{
|
||||
subject = identification_create_from_string(str);
|
||||
}
|
||||
str = vici_find_str(res, NULL, "not-before");
|
||||
if (str)
|
||||
{
|
||||
t_ch = chunk_from_str(str);
|
||||
not_before = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
|
||||
}
|
||||
str = vici_find_str(res, NULL, "not-after");
|
||||
if (str)
|
||||
{
|
||||
t_ch = chunk_from_str(str);
|
||||
not_after = asn1_to_time(&t_ch, ASN1_GENERALIZEDTIME);
|
||||
}
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
|
||||
BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
|
||||
BUILD_NOT_BEFORE_TIME, not_before,
|
||||
BUILD_NOT_AFTER_TIME, not_after,
|
||||
BUILD_SUBJECT, subject, BUILD_END);
|
||||
DESTROY_IF(subject);
|
||||
}
|
||||
else
|
||||
{
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
|
||||
BUILD_BLOB_ASN1_DER, chunk_create(buf, len),
|
||||
BUILD_END);
|
||||
}
|
||||
if (cert)
|
||||
{
|
||||
if (*format & COMMAND_FORMAT_PEM)
|
||||
|
|
Loading…
Reference in New Issue