diff options
author | Michael Brown | 2016-08-25 16:39:43 +0200 |
---|---|---|
committer | Michael Brown | 2016-08-31 16:41:15 +0200 |
commit | 1e277ab062d23ffa1b35bd078f9fba5c9b4e6495 (patch) | |
tree | 117c48b7461cc9206cc227e5e5043f6b096c8a42 /src | |
parent | [crypto] Allow certificates to be marked as having been added explicitly (diff) | |
download | ipxe-1e277ab062d23ffa1b35bd078f9fba5c9b4e6495.tar.gz ipxe-1e277ab062d23ffa1b35bd078f9fba5c9b4e6495.tar.xz ipxe-1e277ab062d23ffa1b35bd078f9fba5c9b4e6495.zip |
[crypto] Add certstat() to display basic certificate information
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/crypto/x509.c | 4 | ||||
-rw-r--r-- | src/include/usr/certmgmt.h | 16 | ||||
-rw-r--r-- | src/usr/certmgmt.c | 63 |
3 files changed, 81 insertions, 2 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 4d951509..76ace031 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -122,10 +122,10 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); __einfo_uniqify ( EINFO_EACCES, 0x0b, "No usable certificates" ) /** - * Get X.509 certificate name (for debugging) + * Get X.509 certificate display name * * @v cert X.509 certificate - * @ret name Name (for debugging) + * @ret name Display name */ const char * x509_name ( struct x509_certificate *cert ) { struct asn1_cursor *common_name = &cert->subject.common_name; diff --git a/src/include/usr/certmgmt.h b/src/include/usr/certmgmt.h new file mode 100644 index 00000000..4363b03e --- /dev/null +++ b/src/include/usr/certmgmt.h @@ -0,0 +1,16 @@ +#ifndef _USR_CERTMGMT_H +#define _USR_CERTMGMT_H + +/** @file + * + * Certificate management + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/x509.h> + +extern void certstat ( struct x509_certificate *cert ); + +#endif /* _USR_CERTMGMT_H */ diff --git a/src/usr/certmgmt.c b/src/usr/certmgmt.c new file mode 100644 index 00000000..2f233fe4 --- /dev/null +++ b/src/usr/certmgmt.c @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <stdio.h> +#include <errno.h> +#include <ipxe/x509.h> +#include <ipxe/sha1.h> +#include <ipxe/base16.h> +#include <usr/certmgmt.h> + +/** @file + * + * Certificate management + * + */ + +/** + * Display status of a certificate + * + * @v cert X.509 certificate + */ +void certstat ( struct x509_certificate *cert ) { + struct digest_algorithm *digest = &sha1_algorithm; + uint8_t fingerprint[ digest->digestsize ]; + char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ]; + + /* Generate fingerprint */ + x509_fingerprint ( cert, digest, fingerprint ); + base16_encode ( fingerprint, sizeof ( fingerprint ), + buf, sizeof ( buf ) ); + + /* Print certificate status */ + printf ( "%s : %s", x509_name ( cert ), buf ); + if ( cert->flags & X509_FL_PERMANENT ) + printf ( " [PERMANENT]" ); + if ( cert->flags & X509_FL_EXPLICIT ) + printf ( " [EXPLICIT]" ); + if ( x509_is_valid ( cert ) ) + printf ( " [VALIDATED]" ); + printf ( "\n" ); +} |