diff options
| author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:20:09 +0100 |
|---|---|---|
| committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:20:09 +0100 |
| commit | 568905f488e63e28778f87ac0e38d845f45bae79 (patch) | |
| tree | d9969a147e36413583ff4bc75542d34c955f8823 /src/pki/commands/print.c | |
| parent | f73fba54dc8b30c6482e1e8abf15bbf455592fcd (diff) | |
| download | vyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.tar.gz vyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.zip | |
Imported Upstream version 4.5.1
Diffstat (limited to 'src/pki/commands/print.c')
| -rw-r--r-- | src/pki/commands/print.c | 151 |
1 files changed, 145 insertions, 6 deletions
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 870dca920..ee6f30c98 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -15,6 +15,7 @@ #include "pki.h" +#include <asn1/asn1.h> #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> @@ -72,8 +73,11 @@ static void print_x509(x509_t *x509) chunk_t chunk; bool first; char *uri; - int len; + int len, explicit, inhibit; x509_flag_t flags; + x509_cdp_t *cdp; + x509_cert_policy_t *policy; + x509_policy_mapping_t *mapping; chunk = x509->get_serial(x509); printf("serial: %#B\n", &chunk); @@ -105,6 +109,10 @@ static void print_x509(x509_t *x509) { printf("CA "); } + if (flags & X509_CRL_SIGN) + { + printf("CRLSign "); + } if (flags & X509_AA) { printf("AA "); @@ -133,17 +141,22 @@ static void print_x509(x509_t *x509) first = TRUE; enumerator = x509->create_crl_uri_enumerator(x509); - while (enumerator->enumerate(enumerator, &uri)) + while (enumerator->enumerate(enumerator, &cdp)) { if (first) { - printf("CRL URIs: %s\n", uri); + printf("CRL URIs: %s", cdp->uri); first = FALSE; } else { - printf(" %s\n", uri); + printf(" %s", cdp->uri); + } + if (cdp->issuer) + { + printf(" (CRL issuer: %Y)", cdp->issuer); } + printf("\n"); } enumerator->destroy(enumerator); @@ -163,12 +176,111 @@ static void print_x509(x509_t *x509) } enumerator->destroy(enumerator); - len = x509->get_pathLenConstraint(x509); - if (len != X509_NO_PATH_LEN_CONSTRAINT) + len = x509->get_constraint(x509, X509_PATH_LEN); + if (len != X509_NO_CONSTRAINT) { printf("pathlen: %d\n", len); } + first = TRUE; + enumerator = x509->create_name_constraint_enumerator(x509, TRUE); + while (enumerator->enumerate(enumerator, &id)) + { + if (first) + { + printf("Permitted NameConstraints:\n"); + first = FALSE; + } + printf(" %Y\n", id); + } + enumerator->destroy(enumerator); + first = TRUE; + enumerator = x509->create_name_constraint_enumerator(x509, FALSE); + while (enumerator->enumerate(enumerator, &id)) + { + if (first) + { + printf("Excluded NameConstraints:\n"); + first = FALSE; + } + printf(" %Y\n", id); + } + enumerator->destroy(enumerator); + + first = TRUE; + enumerator = x509->create_cert_policy_enumerator(x509); + while (enumerator->enumerate(enumerator, &policy)) + { + char *oid; + + if (first) + { + printf("CertificatePolicies:\n"); + first = FALSE; + } + oid = asn1_oid_to_string(policy->oid); + if (oid) + { + printf(" %s\n", oid); + free(oid); + } + else + { + printf(" %#B\n", &policy->oid); + } + if (policy->cps_uri) + { + printf(" CPS: %s\n", policy->cps_uri); + } + if (policy->unotice_text) + { + printf(" Notice: %s\n", policy->unotice_text); + + } + } + enumerator->destroy(enumerator); + + first = TRUE; + enumerator = x509->create_policy_mapping_enumerator(x509); + while (enumerator->enumerate(enumerator, &mapping)) + { + char *issuer_oid, *subject_oid; + + if (first) + { + printf("PolicyMappings:\n"); + first = FALSE; + } + issuer_oid = asn1_oid_to_string(mapping->issuer); + subject_oid = asn1_oid_to_string(mapping->subject); + printf(" %s => %s\n", issuer_oid, subject_oid); + free(issuer_oid); + free(subject_oid); + } + enumerator->destroy(enumerator); + + explicit = x509->get_constraint(x509, X509_REQUIRE_EXPLICIT_POLICY); + inhibit = x509->get_constraint(x509, X509_INHIBIT_POLICY_MAPPING); + len = x509->get_constraint(x509, X509_INHIBIT_ANY_POLICY); + + if (explicit != X509_NO_CONSTRAINT || inhibit != X509_NO_CONSTRAINT || + len != X509_NO_CONSTRAINT) + { + printf("PolicyConstraints:\n"); + if (explicit != X509_NO_CONSTRAINT) + { + printf(" requireExplicitPolicy: %d\n", explicit); + } + if (inhibit != X509_NO_CONSTRAINT) + { + printf(" inhibitPolicyMapping: %d\n", inhibit); + } + if (len != X509_NO_CONSTRAINT) + { + printf(" inhibitAnyPolicy: %d\n", len); + } + } + chunk = x509->get_authKeyIdentifier(x509); if (chunk.ptr) { @@ -212,14 +324,41 @@ static void print_crl(crl_t *crl) crl_reason_t reason; chunk_t chunk; int count = 0; + bool first; char buf[64]; struct tm tm; + x509_cdp_t *cdp; chunk = crl->get_serial(crl); printf("serial: %#B\n", &chunk); + if (crl->is_delta_crl(crl, &chunk)) + { + printf("delta CRL: for serial %#B\n", &chunk); + } chunk = crl->get_authKeyIdentifier(crl); printf("authKeyId: %#B\n", &chunk); + first = TRUE; + enumerator = crl->create_delta_crl_uri_enumerator(crl); + while (enumerator->enumerate(enumerator, &cdp)) + { + if (first) + { + printf("freshest: %s", cdp->uri); + first = FALSE; + } + else + { + printf(" %s", cdp->uri); + } + if (cdp->issuer) + { + printf(" (CRL issuer: %Y)", cdp->issuer); + } + printf("\n"); + } + enumerator->destroy(enumerator); + enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &chunk, &ts, &reason)) { |