diff --git a/src/charon/control/stroke_interface.c b/src/charon/control/stroke_interface.c index 55738a5e5..573e4443d 100755 --- a/src/charon/control/stroke_interface.c +++ b/src/charon/control/stroke_interface.c @@ -1216,7 +1216,7 @@ static void list_auth_certificates(private_stroke_interface_t *this, u_int flag fprintf(out, "\n"); first = FALSE; } - fprintf(out, "%#Q\n", cert, utc); + cert->list(cert, out, utc); } } iterator->destroy(iterator); @@ -1243,7 +1243,7 @@ static void stroke_list(private_stroke_interface_t *this, } while (iterator->iterate(iterator, (void**)&cert)) { - fprintf(out, "%#Q", cert, msg->list.utc); + cert->list(cert, out, msg->list.utc); if (charon->credentials->has_rsa_private_key( charon->credentials, cert->get_public_key(cert))) { @@ -1271,7 +1271,7 @@ static void stroke_list(private_stroke_interface_t *this, } while (iterator->iterate(iterator, (void**)&ca_info)) { - fprintf(out, "%#W", ca_info, msg->list.utc); + ca_info->list(ca_info, out, msg->list.utc); } iterator->destroy(iterator); } diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c index 1f566a098..2f86161a6 100644 --- a/src/libstrongswan/crypto/ca.c +++ b/src/libstrongswan/crypto/ca.c @@ -213,11 +213,9 @@ static void add_crl(private_ca_info_t *this, crl_t *crl) */ static void list_crl(private_ca_info_t *this, FILE *out, bool utc) { - pthread_mutex_lock(&(this->mutex)); - - fprintf(out, "%#U\n", this->crl, utc); - - pthread_mutex_unlock(&(this->mutex)); + pthread_mutex_lock(&this->mutex); + this->crl->list(this->crl, out, utc); + pthread_mutex_unlock(&this->mutex); } /** @@ -225,26 +223,42 @@ static void list_crl(private_ca_info_t *this, FILE *out, bool utc) */ static void list_certinfos(private_ca_info_t *this, FILE *out, bool utc) { - pthread_mutex_lock(&(this->mutex)); + iterator_t *iterator; + certinfo_t *certinfo; + chunk_t authkey; + pthread_mutex_lock(&this->mutex); + + authkey = this->cacert->get_subjectKeyID(this->cacert); fprintf(out," authname: '%D'\n", this->cacert->get_subject(this->cacert)); - { - chunk_t authkey = this->cacert->get_subjectKeyID(this->cacert); + fprintf(out," authkey: %#B\n", &authkey); - fprintf(out," authkey: %#B\n", &authkey); - } + iterator = this->certinfos->create_iterator(this->certinfos, TRUE); + while (iterator->iterate(iterator, (void**)&certinfo)) { - iterator_t *iterator = this->certinfos->create_iterator(this->certinfos, TRUE); - certinfo_t *certinfo; - - while (iterator->iterate(iterator, (void**)&certinfo)) + time_t nextUpdate, thisUpdate, now; + chunk_t serial; + + now = time(NULL); + nextUpdate = certinfo->get_nextUpdate(certinfo); + thisUpdate = certinfo->get_thisUpdate(certinfo); + serial = certinfo->get_serialNumber(certinfo); + + fprintf(out, "%#T, until %#T, ", &thisUpdate, utc, &nextUpdate, utc); + if (now > nextUpdate) { - fprintf(out, "%#Y\n", certinfo, utc); + fprintf(out, "expired (%V ago)\n", &now, &nextUpdate); } - iterator->destroy(iterator); + else + { + fprintf(out, "ok (expires in %V)\n", &now, &nextUpdate); + } + fprintf(out, " serial: %#B, %N", &serial, + cert_status_names, certinfo->get_status(certinfo)); } + iterator->destroy(iterator); - pthread_mutex_unlock(&(this->mutex)); + pthread_mutex_unlock(&this->mutex); } /** @@ -656,85 +670,51 @@ static void destroy(private_ca_info_t *this) } /** - * output handler in printf() + * list the info of this CA */ -static int print(FILE *stream, const struct printf_info *info, - const void *const *args) +static void list(private_ca_info_t* this, FILE* out, bool utc) { - private_ca_info_t *this = *((private_ca_info_t**)(args[0])); - bool utc = TRUE; - int written = 0; - const x509_t *cacert; + chunk_t chunk; + identification_t *uri; + iterator_t *iterator; + bool first; - if (info->alt) - { - utc = *((bool*)args[1]); - } - if (this == NULL) - { - return fprintf(stream, "(null)"); - } - pthread_mutex_lock(&(this->mutex)); - written += fprintf(stream, "%#T", &this->installed, utc); + fprintf(out, "%#T", &this->installed, utc); if (this->name) { - written += fprintf(stream, ", \"%s\"\n", this->name); + fprintf(out, ", \"%s\"\n", this->name); } else { - written += fprintf(stream, "\n"); + fprintf(out, "\n"); } - cacert = this->cacert; - written += fprintf(stream, " authname: '%D'\n", cacert->get_subject(cacert)); + fprintf(out, " authname: '%D'\n", this->cacert->get_subject(this->cacert)); + chunk = this->cacert->get_subjectKeyID(this->cacert); + fprintf(out, " authkey: %#B\n", &chunk); + chunk = this->cacert->get_keyid(this->cacert); + fprintf(out, " keyid: %#B\n", &chunk); + + first = TRUE; + iterator = this->crluris->create_iterator(this->crluris, TRUE); + while (iterator->iterate(iterator, (void**)&uri)) { - chunk_t authkey = cacert->get_subjectKeyID(cacert); - - written += fprintf(stream, " authkey: %#B\n", &authkey); + fprintf(out, " %s '%D'\n", first ? "crluris:":" ", uri); + first = FALSE; } + iterator->destroy(iterator); + + first = TRUE; + iterator = this->ocspuris->create_iterator(this->ocspuris, TRUE); + while (iterator->iterate(iterator, (void**)&uri)) { - chunk_t keyid = cacert->get_keyid(cacert); - - written += fprintf(stream, " keyid: %#B\n", &keyid); - } - { - identification_t *crluri; - iterator_t *iterator = this->crluris->create_iterator(this->crluris, TRUE); - bool first = TRUE; - - while (iterator->iterate(iterator, (void**)&crluri)) - { - written += fprintf(stream, " %s '%D'\n", - first? "crluris:":" ", crluri); - first = FALSE; - } - iterator->destroy(iterator); - } - { - identification_t *ocspuri; - iterator_t *iterator = this->ocspuris->create_iterator(this->ocspuris, TRUE); - bool first = TRUE; - - while (iterator->iterate(iterator, (void**)&ocspuri)) - { - written += fprintf(stream, " %s '%D'\n", - first? "ocspuris:":" ", ocspuri); - first = FALSE; - } - iterator->destroy(iterator); + fprintf(out, " %s '%D'\n", first ? "ocspuris:":" ", uri); + first = FALSE; } + iterator->destroy(iterator); pthread_mutex_unlock(&(this->mutex)); - return written; -} - -/** - * register printf() handlers - */ -static void __attribute__ ((constructor))print_register() -{ - register_printf_function(PRINTF_CAINFO, print, arginfo_ptr_alt_ptr_int); } /* @@ -774,6 +754,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert) this->public.add_crl = (void (*) (ca_info_t*,crl_t*))add_crl; this->public.has_crl = (bool (*) (ca_info_t*))has_crl; this->public.has_certinfos = (bool (*) (ca_info_t*))has_certinfos; + this->public.list = (void (*) (ca_info_t*,FILE*,bool))list; this->public.list_crl = (void (*) (ca_info_t*,FILE*,bool))list_crl; this->public.list_certinfos = (void (*) (ca_info_t*,FILE*,bool))list_certinfos; this->public.add_crluri = (void (*) (ca_info_t*,chunk_t))add_crluri; diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h index c494a4468..46a10378b 100644 --- a/src/libstrongswan/crypto/ca.h +++ b/src/libstrongswan/crypto/ca.h @@ -112,6 +112,16 @@ struct ca_info_t { */ bool (*has_certinfos) (ca_info_t *this); + /** + * @brief Print the CA info onto the console + * + * @param this ca info object + * @param out output stream + * @param utc TRUE - utc + FALSE - local time + */ + void (*list) (ca_info_t *this, FILE *out, bool utc); + /** * @brief List the CRL onto the console * diff --git a/src/libstrongswan/crypto/certinfo.c b/src/libstrongswan/crypto/certinfo.c index 654e4c2bd..8a125e247 100644 --- a/src/libstrongswan/crypto/certinfo.c +++ b/src/libstrongswan/crypto/certinfo.c @@ -221,54 +221,6 @@ static void destroy(private_certinfo_t *this) free(this); } -/** - * output handler in printf() - */ -static int print(FILE *stream, const struct printf_info *info, - const void *const *args) -{ - private_certinfo_t *this = *((private_certinfo_t**)(args[0])); - bool utc = TRUE; - int written = 0; - time_t now; - - if (info->alt) - { - utc = *((bool*)args[1]); - } - - if (this == NULL) - { - return fprintf(stream, "(null)"); - } - - now = time(NULL); - - written += fprintf(stream, "%#T, until %#T, ", - &this->thisUpdate, utc, - &this->nextUpdate, utc); - if (now > this->nextUpdate) - { - written += fprintf(stream, "expired (%V ago)\n", &now, &this->nextUpdate); - } - else - { - written += fprintf(stream, "ok (expires in %V)\n", &now, &this->nextUpdate); - } - written += fprintf(stream, " serial: %#B, %N", - &this->serialNumber, - cert_status_names, this->status); - return written; -} - -/** - * register printf() handlers - */ -static void __attribute__ ((constructor))print_register() -{ - register_printf_function(PRINTF_CERTINFO, print, arginfo_ptr_alt_ptr_int); -} - /* * Described in header. */ diff --git a/src/libstrongswan/crypto/crl.c b/src/libstrongswan/crypto/crl.c index 00d6a3ac3..78cffa62c 100755 --- a/src/libstrongswan/crypto/crl.c +++ b/src/libstrongswan/crypto/crl.c @@ -416,66 +416,43 @@ static void destroy(private_crl_t *this) } /** - * output handler in printf() + * Implementation of crl_t.list. */ -static int print(FILE *stream, const struct printf_info *info, - const void *const *args) +static void list(private_crl_t *this, FILE* out, bool utc) { - private_crl_t *this = *((private_crl_t**)(args[0])); - bool utc = TRUE; - int written = 0; time_t now; - if (info->alt) - { - utc = *((bool*)args[1]); - } - - if (this == NULL) - { - return fprintf(stream, "(null)"); - } - now = time(NULL); - written += fprintf(stream, "%#T, revoked certs: %d\n", &this->installed, utc, + fprintf(out, "%#T, revoked certs: %d\n", &this->installed, utc, this->revokedCertificates->get_count(this->revokedCertificates)); - written += fprintf(stream, " issuer: '%D'\n", this->issuer); - written += fprintf(stream, " updates: this %#T\n", &this->thisUpdate, utc); - written += fprintf(stream, " next %#T ", &this->nextUpdate, utc); + fprintf(out, " issuer: '%D'\n", this->issuer); + fprintf(out, " updates: this %#T\n", &this->thisUpdate, utc); + fprintf(out, " next %#T ", &this->nextUpdate, utc); if (this->nextUpdate == UNDEFINED_TIME) { - written += fprintf(stream, "ok (expires never)"); + fprintf(out, "ok (expires never)"); } else if (now > this->nextUpdate) { - written += fprintf(stream, "expired (%V ago)", &now, &this->nextUpdate); + fprintf(out, "expired (%V ago)", &now, &this->nextUpdate); } else if (now > this->nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24) { - written += fprintf(stream, "ok (expires in %V)", &now, &this->nextUpdate); + fprintf(out, "ok (expires in %V)", &now, &this->nextUpdate); } else { - written += fprintf(stream, "ok"); + fprintf(out, "ok"); } if (this->authKeyID.ptr) { - written += fprintf(stream, "\n authkey: %#B", &this->authKeyID); + fprintf(out, "\n authkey: %#B", &this->authKeyID); } if (this->authKeySerialNumber.ptr) { - written += fprintf(stream, "\n aserial: %#B", &this->authKeySerialNumber); + fprintf(out, "\n aserial: %#B", &this->authKeySerialNumber); } - return written; -} - -/** - * register printf() handlers - */ -static void __attribute__ ((constructor))print_register() -{ - register_printf_function(PRINTF_CRL, print, arginfo_ptr_alt_ptr_int); } /* @@ -502,6 +479,7 @@ crl_t *crl_create_from_chunk(chunk_t chunk) this->public.verify = (bool (*) (const crl_t*,const rsa_public_key_t*))verify; this->public.get_status = (void (*) (const crl_t*,certinfo_t*))get_status; this->public.write_to_file = (bool (*) (const crl_t*,const char*,mode_t,bool))write_to_file; + this->public.list = (void(*)(crl_t*, FILE* out, bool utc))list; this->public.destroy = (void (*) (crl_t*))destroy; if (!parse_x509crl(chunk, 0, this)) diff --git a/src/libstrongswan/crypto/crl.h b/src/libstrongswan/crypto/crl.h index 8a11fc390..a367c3aff 100755 --- a/src/libstrongswan/crypto/crl.h +++ b/src/libstrongswan/crypto/crl.h @@ -104,6 +104,15 @@ struct crl_t { * @param certinfo certinfo is updated */ void (*get_status) (const crl_t *this, certinfo_t *certinfo); + + /** + * @brief Log the info of this CRL to out. + * + * @param this calling object + * @param out stream to write to + * @param utc TRUE for UTC, FALSE for local time + */ + void (*list)(crl_t *this, FILE* out, bool utc); /** * @brief Write a der-encoded crl to a file diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c index 58fcff16d..35ef55cbc 100755 --- a/src/libstrongswan/crypto/x509.c +++ b/src/libstrongswan/crypto/x509.c @@ -1121,39 +1121,23 @@ static bool verify(const private_x509_t *this, const rsa_public_key_t *signer) { return signer->verify_emsa_pkcs1_signature(signer, this->tbsCertificate, this->signature) == SUCCESS; } - + /** - * output handler in printf() + * Implementation of x509_t.list. */ -static int print(FILE *stream, const struct printf_info *info, - const void *const *args) +static void list(private_x509_t *this, FILE *out, bool utc) { - private_x509_t *this = *((private_x509_t**)(args[0])); iterator_t *iterator; - bool utc = TRUE; - int written = 0; - - if (info->alt) - { - utc = *((bool*)(args[1])); - } - - if (this == NULL) - { - return fprintf(stream, "(null)"); - } - - /* determine the current time */ time_t now = time(NULL); - written += fprintf(stream, "%#T\n", &this->installed, utc); + fprintf(out, "%#T\n", &this->installed, utc); if (this->subjectAltNames->get_count(this->subjectAltNames)) { identification_t *subjectAltName; bool first = TRUE; - written += fprintf(stream, " altNames: "); + fprintf(out, " altNames: "); iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE); while (iterator->iterate(iterator, (void**)&subjectAltName)) { @@ -1163,71 +1147,71 @@ static int print(FILE *stream, const struct printf_info *info, } else { - written += fprintf(stream, ", "); + fprintf(out, ", "); } - written += fprintf(stream, "'%D'", subjectAltName); + fprintf(out, "'%D'", subjectAltName); } iterator->destroy(iterator); - written += fprintf(stream, "\n"); + fprintf(out, "\n"); } - written += fprintf(stream, " subject: '%D'\n", this->subject); - written += fprintf(stream, " issuer: '%D'\n", this->issuer); - written += fprintf(stream, " serial: %#B\n", &this->serialNumber); - written += fprintf(stream, " validity: not before %#T, ", &this->notBefore, utc); + fprintf(out, " subject: '%D'\n", this->subject); + fprintf(out, " issuer: '%D'\n", this->issuer); + fprintf(out, " serial: %#B\n", &this->serialNumber); + fprintf(out, " validity: not before %#T, ", &this->notBefore, utc); if (now < this->notBefore) { - written += fprintf(stream, "not valid yet (valid in %V)\n", &now, &this->notBefore); + fprintf(out, "not valid yet (valid in %V)\n", &now, &this->notBefore); } else { - written += fprintf(stream, "ok\n"); + fprintf(out, "ok\n"); } - written += fprintf(stream, " not after %#T, ", &this->notAfter, utc); + fprintf(out, " not after %#T, ", &this->notAfter, utc); if (now > this->notAfter) { - written += fprintf(stream, "expired (%V ago)\n", &now, &this->notAfter); + fprintf(out, "expired (%V ago)\n", &now, &this->notAfter); } else { - written += fprintf(stream, "ok"); + fprintf(out, "ok"); if (now > this->notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24) { - written += fprintf(stream, " (expires in %V)", &now, &this->notAfter); + fprintf(out, " (expires in %V)", &now, &this->notAfter); } - written += fprintf(stream, " \n"); + fprintf(out, " \n"); } { chunk_t keyid = this->public_key->get_keyid(this->public_key); - written += fprintf(stream, " keyid: %#B\n", &keyid); + fprintf(out, " keyid: %#B\n", &keyid); } if (this->subjectKeyID.ptr) { - written += fprintf(stream, " subjkey: %#B\n", &this->subjectKeyID); + fprintf(out, " subjkey: %#B\n", &this->subjectKeyID); } if (this->authKeyID.ptr) { - written += fprintf(stream, " authkey: %#B\n", &this->authKeyID); + fprintf(out, " authkey: %#B\n", &this->authKeyID); } if (this->authKeySerialNumber.ptr) { - written += fprintf(stream, " aserial: %#B\n", &this->authKeySerialNumber); + fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber); } - written += fprintf(stream, " pubkey: RSA %d bits", BITS_PER_BYTE * - this->public_key->get_keysize(this->public_key)); - written += fprintf(stream, ", status %N", - cert_status_names, this->status); + fprintf(out, " pubkey: RSA %d bits", BITS_PER_BYTE * + this->public_key->get_keysize(this->public_key)); + fprintf(out, ", status %N", + cert_status_names, this->status); switch (this->status) { case CERT_GOOD: - written += fprintf(stream, " until %#T", &this->until, utc); + fprintf(out, " until %#T", &this->until, utc); break; case CERT_REVOKED: - written += fprintf(stream, " on %#T", &this->until, utc); + fprintf(out, " on %#T", &this->until, utc); break; case CERT_UNKNOWN: case CERT_UNDEFINED: @@ -1235,15 +1219,6 @@ static int print(FILE *stream, const struct printf_info *info, default: break; } - return written; -} - -/** - * register printf() handlers - */ -static void __attribute__ ((constructor))print_register() -{ - register_printf_function(PRINTF_X509, print, arginfo_ptr_alt_ptr_int); } /** @@ -1310,6 +1285,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level) this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator; this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator; this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify; + this->public.list = (void(*)(x509_t*, FILE *out, bool utc))list; this->public.destroy = (void (*) (x509_t*))destroy; if (!parse_certificate(chunk, level, this)) diff --git a/src/libstrongswan/crypto/x509.h b/src/libstrongswan/crypto/x509.h index a949d99d2..0e2d25ebb 100755 --- a/src/libstrongswan/crypto/x509.h +++ b/src/libstrongswan/crypto/x509.h @@ -257,7 +257,16 @@ struct x509_t { * @return TRUE if self-signed */ bool (*is_self_signed) (const x509_t *this); - + + /** + * @brief Log the certificate info to out. + * + * @param this calling object + * @param out stream to write to + * @param utc TRUE for UTC times, FALSE for local time + */ + void (*list)(x509_t *this, FILE *out, bool utc); + /** * @brief Destroys the certificate. * diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h index 5994d60f2..03bcf447d 100644 --- a/src/libstrongswan/printf_hook.h +++ b/src/libstrongswan/printf_hook.h @@ -46,14 +46,6 @@ #define PRINTF_TIME 'T' /** 2 arguments: time_t *begin, time_t *end */ #define PRINTF_TIME_DELTA 'V' -/** 1 argument: x509_t *cert; with #-modifier 2 arguments: x509_t *cert, bool utc */ -#define PRINTF_X509 'Q' -/** 1 argument: crl_t *crl; with #-modifier 2 arguments: crl_t *crl, bool utc */ -#define PRINTF_CRL 'U' -/** 1 argument: ca_info_t *ca_info; with #-modifier 2 arguments: ca_info_t *ca_info, bool utc */ -#define PRINTF_CAINFO 'W' -/** 1 argument: certinfo_t *certinfo; with #-modifier 2 arguments: certinfo_t *certinfo, bool utc */ -#define PRINTF_CERTINFO 'Y' /** * Generic arginfo handlers for printf() hooks