summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMichael Brown2016-08-25 16:39:43 +0200
committerMichael Brown2016-08-31 16:41:15 +0200
commit1e277ab062d23ffa1b35bd078f9fba5c9b4e6495 (patch)
tree117c48b7461cc9206cc227e5e5043f6b096c8a42 /src
parent[crypto] Allow certificates to be marked as having been added explicitly (diff)
downloadipxe-1e277ab062d23ffa1b35bd078f9fba5c9b4e6495.tar.gz
ipxe-1e277ab062d23ffa1b35bd078f9fba5c9b4e6495.tar.xz
ipxe-1e277ab062d23ffa1b35bd078f9fba5c9b4e6495.zip
[crypto] Add certstat() to display basic certificate information
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
-rw-r--r--src/crypto/x509.c4
-rw-r--r--src/include/usr/certmgmt.h16
-rw-r--r--src/usr/certmgmt.c63
3 files changed, 81 insertions, 2 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 4d951509..76ace031 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -122,10 +122,10 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
__einfo_uniqify ( EINFO_EACCES, 0x0b, "No usable certificates" )
/**
- * Get X.509 certificate name (for debugging)
+ * Get X.509 certificate display name
*
* @v cert X.509 certificate
- * @ret name Name (for debugging)
+ * @ret name Display name
*/
const char * x509_name ( struct x509_certificate *cert ) {
struct asn1_cursor *common_name = &cert->subject.common_name;
diff --git a/src/include/usr/certmgmt.h b/src/include/usr/certmgmt.h
new file mode 100644
index 00000000..4363b03e
--- /dev/null
+++ b/src/include/usr/certmgmt.h
@@ -0,0 +1,16 @@
+#ifndef _USR_CERTMGMT_H
+#define _USR_CERTMGMT_H
+
+/** @file
+ *
+ * Certificate management
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/x509.h>
+
+extern void certstat ( struct x509_certificate *cert );
+
+#endif /* _USR_CERTMGMT_H */
diff --git a/src/usr/certmgmt.c b/src/usr/certmgmt.c
new file mode 100644
index 00000000..2f233fe4
--- /dev/null
+++ b/src/usr/certmgmt.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <stdio.h>
+#include <errno.h>
+#include <ipxe/x509.h>
+#include <ipxe/sha1.h>
+#include <ipxe/base16.h>
+#include <usr/certmgmt.h>
+
+/** @file
+ *
+ * Certificate management
+ *
+ */
+
+/**
+ * Display status of a certificate
+ *
+ * @v cert X.509 certificate
+ */
+void certstat ( struct x509_certificate *cert ) {
+ struct digest_algorithm *digest = &sha1_algorithm;
+ uint8_t fingerprint[ digest->digestsize ];
+ char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];
+
+ /* Generate fingerprint */
+ x509_fingerprint ( cert, digest, fingerprint );
+ base16_encode ( fingerprint, sizeof ( fingerprint ),
+ buf, sizeof ( buf ) );
+
+ /* Print certificate status */
+ printf ( "%s : %s", x509_name ( cert ), buf );
+ if ( cert->flags & X509_FL_PERMANENT )
+ printf ( " [PERMANENT]" );
+ if ( cert->flags & X509_FL_EXPLICIT )
+ printf ( " [EXPLICIT]" );
+ if ( x509_is_valid ( cert ) )
+ printf ( " [VALIDATED]" );
+ printf ( "\n" );
+}