Browse Source

[crypto] Add certstat() to display basic certificate information

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 8 years ago
parent
commit
1e277ab062
3 changed files with 81 additions and 2 deletions
  1. 2
    2
      src/crypto/x509.c
  2. 16
    0
      src/include/usr/certmgmt.h
  3. 63
    0
      src/usr/certmgmt.c

+ 2
- 2
src/crypto/x509.c View File

@@ -122,10 +122,10 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
122 122
 	__einfo_uniqify ( EINFO_EACCES, 0x0b, "No usable certificates" )
123 123
 
124 124
 /**
125
- * Get X.509 certificate name (for debugging)
125
+ * Get X.509 certificate display name
126 126
  *
127 127
  * @v cert		X.509 certificate
128
- * @ret name		Name (for debugging)
128
+ * @ret name		Display name
129 129
  */
130 130
 const char * x509_name ( struct x509_certificate *cert ) {
131 131
 	struct asn1_cursor *common_name = &cert->subject.common_name;

+ 16
- 0
src/include/usr/certmgmt.h View File

@@ -0,0 +1,16 @@
1
+#ifndef _USR_CERTMGMT_H
2
+#define _USR_CERTMGMT_H
3
+
4
+/** @file
5
+ *
6
+ * Certificate management
7
+ *
8
+ */
9
+
10
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11
+
12
+#include <ipxe/x509.h>
13
+
14
+extern void certstat ( struct x509_certificate *cert );
15
+
16
+#endif /* _USR_CERTMGMT_H */

+ 63
- 0
src/usr/certmgmt.c View File

@@ -0,0 +1,63 @@
1
+/*
2
+ * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17
+ * 02110-1301, USA.
18
+ *
19
+ * You can also choose to distribute this program under the terms of
20
+ * the Unmodified Binary Distribution Licence (as given in the file
21
+ * COPYING.UBDL), provided that you have satisfied its requirements.
22
+ */
23
+
24
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
+
26
+#include <stdio.h>
27
+#include <errno.h>
28
+#include <ipxe/x509.h>
29
+#include <ipxe/sha1.h>
30
+#include <ipxe/base16.h>
31
+#include <usr/certmgmt.h>
32
+
33
+/** @file
34
+ *
35
+ * Certificate management
36
+ *
37
+ */
38
+
39
+/**
40
+ * Display status of a certificate
41
+ *
42
+ * @v cert		X.509 certificate
43
+ */
44
+void certstat ( struct x509_certificate *cert ) {
45
+	struct digest_algorithm *digest = &sha1_algorithm;
46
+	uint8_t fingerprint[ digest->digestsize ];
47
+	char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];
48
+
49
+	/* Generate fingerprint */
50
+	x509_fingerprint ( cert, digest, fingerprint );
51
+	base16_encode ( fingerprint, sizeof ( fingerprint ),
52
+			buf, sizeof ( buf ) );
53
+
54
+	/* Print certificate status */
55
+	printf ( "%s : %s", x509_name ( cert ), buf );
56
+	if ( cert->flags & X509_FL_PERMANENT )
57
+		printf ( " [PERMANENT]" );
58
+	if ( cert->flags & X509_FL_EXPLICIT )
59
+		printf ( " [EXPLICIT]" );
60
+	if ( x509_is_valid ( cert ) )
61
+		printf ( " [VALIDATED]" );
62
+	printf ( "\n" );
63
+}

Loading…
Cancel
Save