diff options
Diffstat (limited to 'src/pki/commands/keyid.c')
-rw-r--r-- | src/pki/commands/keyid.c | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c new file mode 100644 index 000000000..c15c1193e --- /dev/null +++ b/src/pki/commands/keyid.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pki.h" + +#include <credentials/certificates/certificate.h> +#include <credentials/certificates/x509.h> + +/** + * Calculate the keyid of a key/certificate + */ +static int keyid() +{ + credential_type_t type = CRED_PRIVATE_KEY; + int subtype = KEY_RSA; + certificate_t *cert; + private_key_t *private; + public_key_t *public; + char *file = NULL; + void *cred; + chunk_t id; + char *arg; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 't': + if (streq(arg, "rsa-priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_RSA; + } + else if (streq(arg, "ecdsa-priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ECDSA; + } + else if (streq(arg, "pub")) + { + type = CRED_PUBLIC_KEY; + subtype = KEY_ANY; + } + else if (streq(arg, "pkcs10")) + { + type = CRED_CERTIFICATE; + subtype = CERT_PKCS10_REQUEST; + } + else if (streq(arg, "x509")) + { + type = CRED_CERTIFICATE; + subtype = CERT_X509; + } + else + { + return command_usage( "invalid input type"); + } + continue; + case 'i': + file = arg; + continue; + case EOF: + break; + default: + return command_usage("invalid --keyid option"); + } + break; + } + if (file) + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_FROM_FD, 0, BUILD_END); + } + if (!cred) + { + fprintf(stderr, "parsing input failed\n"); + return 1; + } + + if (type == CRED_PRIVATE_KEY) + { + private = cred; + if (private->get_fingerprint(private, KEY_ID_PUBKEY_SHA1, &id)) + { + printf("subjectKeyIdentifier: %#B\n", &id); + } + if (private->get_fingerprint(private, KEY_ID_PUBKEY_INFO_SHA1, &id)) + { + printf("subjectPublicKeyInfo hash: %#B\n", &id); + } + private->destroy(private); + } + else if (type == CRED_PUBLIC_KEY) + { + public = cred; + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id)) + { + printf("subjectKeyIdentifier: %#B\n", &id); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id)) + { + printf("subjectPublicKeyInfo hash: %#B\n", &id); + } + public->destroy(public); + } + else + { + cert = cred; + public = cert->get_public_key(cert); + if (!public) + { + fprintf(stderr, "extracting public key from certificate failed"); + return 1; + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id)) + { + printf("subjectKeyIdentifier: %#B\n", &id); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id)) + { + printf("subjectPublicKeyInfo hash: %#B\n", &id); + } + public->destroy(public); + cert->destroy(cert); + } + return 0; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) + { keyid, 'k', "keyid", + "calculate key identifiers of a key/certificate", + {"[--in file] [--type rsa-priv|ecdsa-priv|pub|pkcs10|x509]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "input file, default: stdin"}, + {"type", 't', 1, "type of key, default: rsa-priv"}, + } + }); +} + |