iPXE
certmgmt.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdio.h>
27 #include <errno.h>
28 #include <ipxe/x509.h>
29 #include <ipxe/sha1.h>
30 #include <ipxe/base16.h>
31 #include <usr/certmgmt.h>
32 
33 /** @file
34  *
35  * Certificate management
36  *
37  */
38 
39 /**
40  * Display status of a certificate
41  *
42  * @v cert X.509 certificate
43  */
44 void certstat ( struct x509_certificate *cert ) {
46  uint8_t fingerprint[ digest->digestsize ];
47  char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];
48 
49  /* Generate fingerprint */
50  x509_fingerprint ( cert, digest, fingerprint );
51  base16_encode ( fingerprint, sizeof ( fingerprint ),
52  buf, sizeof ( buf ) );
53 
54  /* Print certificate status */
55  printf ( "%s : %s", x509_name ( cert ), buf );
56  if ( cert->flags & X509_FL_PERMANENT )
57  printf ( " [PERMANENT]" );
58  if ( cert->flags & X509_FL_EXPLICIT )
59  printf ( " [EXPLICIT]" );
60  if ( x509_is_valid ( cert ) )
61  printf ( " [VALIDATED]" );
62  printf ( "\n" );
63 }
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
Error codes.
void certstat(struct x509_certificate *cert)
Display status of a certificate.
Definition: certmgmt.c:44
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
unsigned int flags
Flags.
Definition: x509.h:193
static size_t base16_encoded_len(size_t raw_len)
Calculate length of base16-encoded data.
Definition: base16.h:21
An X.509 certificate.
Definition: x509.h:185
static int x509_is_valid(struct x509_certificate *cert)
Check if X.509 certificate is valid.
Definition: x509.h:391
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
unsigned char uint8_t
Definition: stdint.h:10
Certificate management.
X.509 certificates.
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1228
Certificate was added at build time.
Definition: x509.h:224
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:131
SHA-1 algorithm.
A message digest algorithm.
Definition: crypto.h:16
Certificate was added explicitly at run time.
Definition: x509.h:226
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:258
Base16 encoding.