|
@@ -0,0 +1,63 @@
|
|
1
|
+/*
|
|
2
|
+ * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
|
|
3
|
+ *
|
|
4
|
+ * This program is free software; you can redistribute it and/or
|
|
5
|
+ * modify it under the terms of the GNU General Public License as
|
|
6
|
+ * published by the Free Software Foundation; either version 2 of the
|
|
7
|
+ * License, or any later version.
|
|
8
|
+ *
|
|
9
|
+ * This program is distributed in the hope that it will be useful, but
|
|
10
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
12
|
+ * General Public License for more details.
|
|
13
|
+ *
|
|
14
|
+ * You should have received a copy of the GNU General Public License
|
|
15
|
+ * along with this program; if not, write to the Free Software
|
|
16
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
17
|
+ * 02110-1301, USA.
|
|
18
|
+ *
|
|
19
|
+ * You can also choose to distribute this program under the terms of
|
|
20
|
+ * the Unmodified Binary Distribution Licence (as given in the file
|
|
21
|
+ * COPYING.UBDL), provided that you have satisfied its requirements.
|
|
22
|
+ */
|
|
23
|
+
|
|
24
|
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
|
|
25
|
+
|
|
26
|
+#include <stdio.h>
|
|
27
|
+#include <errno.h>
|
|
28
|
+#include <ipxe/x509.h>
|
|
29
|
+#include <ipxe/sha1.h>
|
|
30
|
+#include <ipxe/base16.h>
|
|
31
|
+#include <usr/certmgmt.h>
|
|
32
|
+
|
|
33
|
+/** @file
|
|
34
|
+ *
|
|
35
|
+ * Certificate management
|
|
36
|
+ *
|
|
37
|
+ */
|
|
38
|
+
|
|
39
|
+/**
|
|
40
|
+ * Display status of a certificate
|
|
41
|
+ *
|
|
42
|
+ * @v cert X.509 certificate
|
|
43
|
+ */
|
|
44
|
+void certstat ( struct x509_certificate *cert ) {
|
|
45
|
+ struct digest_algorithm *digest = &sha1_algorithm;
|
|
46
|
+ uint8_t fingerprint[ digest->digestsize ];
|
|
47
|
+ char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];
|
|
48
|
+
|
|
49
|
+ /* Generate fingerprint */
|
|
50
|
+ x509_fingerprint ( cert, digest, fingerprint );
|
|
51
|
+ base16_encode ( fingerprint, sizeof ( fingerprint ),
|
|
52
|
+ buf, sizeof ( buf ) );
|
|
53
|
+
|
|
54
|
+ /* Print certificate status */
|
|
55
|
+ printf ( "%s : %s", x509_name ( cert ), buf );
|
|
56
|
+ if ( cert->flags & X509_FL_PERMANENT )
|
|
57
|
+ printf ( " [PERMANENT]" );
|
|
58
|
+ if ( cert->flags & X509_FL_EXPLICIT )
|
|
59
|
+ printf ( " [EXPLICIT]" );
|
|
60
|
+ if ( x509_is_valid ( cert ) )
|
|
61
|
+ printf ( " [VALIDATED]" );
|
|
62
|
+ printf ( "\n" );
|
|
63
|
+}
|