From 1e277ab062d23ffa1b35bd078f9fba5c9b4e6495 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Thu, 25 Aug 2016 15:39:43 +0100 Subject: [PATCH] [crypto] Add certstat() to display basic certificate information Signed-off-by: Michael Brown --- src/crypto/x509.c | 4 +-- src/include/usr/certmgmt.h | 16 ++++++++++ src/usr/certmgmt.c | 63 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 src/include/usr/certmgmt.h create mode 100644 src/usr/certmgmt.c diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 4d951509..76ace031 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -122,10 +122,10 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); __einfo_uniqify ( EINFO_EACCES, 0x0b, "No usable certificates" ) /** - * Get X.509 certificate name (for debugging) + * Get X.509 certificate display name * * @v cert X.509 certificate - * @ret name Name (for debugging) + * @ret name Display name */ const char * x509_name ( struct x509_certificate *cert ) { struct asn1_cursor *common_name = &cert->subject.common_name; diff --git a/src/include/usr/certmgmt.h b/src/include/usr/certmgmt.h new file mode 100644 index 00000000..4363b03e --- /dev/null +++ b/src/include/usr/certmgmt.h @@ -0,0 +1,16 @@ +#ifndef _USR_CERTMGMT_H +#define _USR_CERTMGMT_H + +/** @file + * + * Certificate management + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include + +extern void certstat ( struct x509_certificate *cert ); + +#endif /* _USR_CERTMGMT_H */ diff --git a/src/usr/certmgmt.c b/src/usr/certmgmt.c new file mode 100644 index 00000000..2f233fe4 --- /dev/null +++ b/src/usr/certmgmt.c @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2016 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include +#include +#include +#include +#include +#include + +/** @file + * + * Certificate management + * + */ + +/** + * Display status of a certificate + * + * @v cert X.509 certificate + */ +void certstat ( struct x509_certificate *cert ) { + struct digest_algorithm *digest = &sha1_algorithm; + uint8_t fingerprint[ digest->digestsize ]; + char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ]; + + /* Generate fingerprint */ + x509_fingerprint ( cert, digest, fingerprint ); + base16_encode ( fingerprint, sizeof ( fingerprint ), + buf, sizeof ( buf ) ); + + /* Print certificate status */ + printf ( "%s : %s", x509_name ( cert ), buf ); + if ( cert->flags & X509_FL_PERMANENT ) + printf ( " [PERMANENT]" ); + if ( cert->flags & X509_FL_EXPLICIT ) + printf ( " [EXPLICIT]" ); + if ( x509_is_valid ( cert ) ) + printf ( " [VALIDATED]" ); + printf ( "\n" ); +}