Imported Upstream version 5.3.3

2 files changed, 175 insertions, 6 deletions

diff --git a/src/pki/commands/dn.c b/src/pki/commands/dn.c
new file mode 100644
index 000000000..75585fc16
--- /dev/null
+++ b/src/pki/commands/dn.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "pki.h"
+
+#include <credentials/certificates/certificate.h>
+
+#include <errno.h>
+
+/**
+ * Extract subject DN
+ */
+static int dn()
+{
+	identification_t *id;
+	certificate_t *cert;
+	chunk_t chunk;
+	enum {
+		FORMAT_CONFIG,
+		FORMAT_HEX,
+		FORMAT_BASE64,
+		FORMAT_BINARY,
+	} format = FORMAT_CONFIG;
+	char *arg, *file = NULL, *fmt;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 'f':
+				if (streq(arg, "hex"))
+				{
+					format = FORMAT_HEX;
+				}
+				else if (streq(arg, "base64"))
+				{
+					format = FORMAT_BASE64;
+				}
+				else if (streq(arg, "bin"))
+				{
+					format = FORMAT_BINARY;
+				}
+				else if (!streq(arg, "config"))
+				{
+					return command_usage( "invalid output format");
+				}
+				continue;
+			case 'i':
+				file = arg;
+				continue;
+			case EOF:
+				break;
+			default:
+				return command_usage("invalid --print option");
+		}
+		break;
+	}
+	if (file)
+	{
+		cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+								  BUILD_FROM_FILE, file, BUILD_END);
+	}
+	else
+	{
+		chunk_t chunk;
+
+		set_file_mode(stdin, CERT_ASN1_DER);
+		if (!chunk_from_fd(0, &chunk))
+		{
+			fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+			return 1;
+		}
+		cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
+	}
+	if (!cert)
+	{
+		fprintf(stderr, "parsing input failed\n");
+		return 1;
+	}
+	id = cert->get_subject(cert);
+	if (!id)
+	{
+		fprintf(stderr, "failed to get certificate's subject DN\n");
+		cert->destroy(cert);
+		return 1;
+	}
+	fmt = "%.*s\n";
+	switch (format)
+	{
+		case FORMAT_CONFIG:
+			fmt = "\"asn1dn:#%.*s\"\n";
+			/* fall-through */
+		case FORMAT_HEX:
+			chunk = chunk_to_hex(id->get_encoding(id), NULL, FALSE);
+			printf(fmt, (int)chunk.len, chunk.ptr);
+			chunk_free(&chunk);
+			break;
+		case FORMAT_BASE64:
+			chunk = chunk_to_base64(id->get_encoding(id), NULL);
+			printf(fmt, (int)chunk.len, chunk.ptr);
+			chunk_free(&chunk);
+			break;
+		case FORMAT_BINARY:
+			chunk = id->get_encoding(id);
+			if (fwrite(chunk.ptr, chunk.len, 1, stdout) != 1)
+			{
+				fprintf(stderr, "writing subject DN failed\n");
+			}
+			break;
+	}
+	cert->destroy(cert);
+	return 0;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+	command_register((command_t)
+		{ dn, 'd', "dn",
+		"extract the subject DN of an X.509 certificate",
+		{"[--in file] [--format config|hex|base64|bin]"},
+		{
+			{"help",		'h', 0, "show usage information"},
+			{"in",			'i', 1, "input file, default: stdin"},
+			{"format",		'f', 1, "output format, default: config"},
+		}
+	});
+}
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 6a2d09d78..2dc9fcce3 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -64,6 +64,8 @@ static int issue()
 	certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL;
 	private_key_t *private = NULL;
 	public_key_t *public = NULL;
+	credential_type_t type = CRED_PUBLIC_KEY;
+	key_type_t subtype = KEY_ANY;
 	bool pkcs10 = FALSE;
 	char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL;
 	char *error = NULL, *keyid = NULL;
@@ -100,6 +102,21 @@ static int issue()
 				{
 					pkcs10 = TRUE;
 				}
+				else if (streq(arg, "rsa"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_RSA;
+				}
+				else if (streq(arg, "ecdsa"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_ECDSA;
+				}
+				else if (streq(arg, "bliss"))
+				{
+					type = CRED_PRIVATE_KEY;
+					subtype = KEY_BLISS;
+				}
 				else if (!streq(arg, "pub"))
 				{
 					error = "invalid input type";
@@ -447,10 +464,10 @@ static int issue()
 	}
 	else
 	{
-		DBG2(DBG_LIB, "Reading public key:");
+		DBG2(DBG_LIB, "Reading key:");
 		if (file)
 		{
-			public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+			public = lib->creds->create(lib->creds, type, subtype,
 										BUILD_FROM_FILE, file, BUILD_END);
 		}
 		else
@@ -460,13 +477,19 @@ static int issue()
 			if (!chunk_from_fd(0, &chunk))
 			{
 				fprintf(stderr, "%s: ", strerror(errno));
-				error = "reading public key failed";
+				error = "reading key failed";
 				goto end;
 			}
-			public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+			public = lib->creds->create(lib->creds, type, subtype,
 										 BUILD_BLOB, chunk, BUILD_END);
 			free(chunk.ptr);
 		}
+		if (public && type == CRED_PRIVATE_KEY)
+		{
+			private_key_t *priv = (private_key_t*)public;
+			public = priv->get_public_key(priv);
+			priv->destroy(priv);
+		}
 	}
 	if (!public)
 	{
@@ -557,7 +580,7 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		issue, 'i', "issue",
 		"issue a certificate using a CA certificate and key",
-		{"[--in file] [--type pub|pkcs10] --cakey file|--cakeyid hex",
+		{"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
 		 " --cacert file [--dn subject-dn] [--san subjectAltName]+",
 		 "[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
 		 "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@@ -568,7 +591,7 @@ static void __attribute__ ((constructor))reg()
 		 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
 		{
 			{"help",			'h', 0, "show usage information"},
-			{"in",				'i', 1, "public key/request file to issue, default: stdin"},
+			{"in",				'i', 1, "key/request file to issue, default: stdin"},
 			{"type",			't', 1, "type of input, default: pub"},
 			{"cacert",			'c', 1, "CA certificate file"},
 			{"cakey",			'k', 1, "CA private key file"},