iPXE
certmgmt.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 FILE_SECBOOT ( PERMITTED );
26 
27 #include <stdio.h>
28 #include <errno.h>
29 #include <ipxe/x509.h>
30 #include <ipxe/sha1.h>
31 #include <ipxe/base16.h>
32 #include <usr/certmgmt.h>
33 
34 /** @file
35  *
36  * Certificate management
37  *
38  */
39 
40 /**
41  * Display status of a certificate
42  *
43  * @v cert X.509 certificate
44  */
45 void certstat ( struct x509_certificate *cert ) {
46  struct digest_algorithm *digest = &sha1_algorithm;
47  uint8_t fingerprint[ digest->digestsize ];
48  char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];
49 
50  /* Generate fingerprint */
51  x509_fingerprint ( cert, digest, fingerprint );
52  base16_encode ( fingerprint, sizeof ( fingerprint ),
53  buf, sizeof ( buf ) );
54 
55  /* Print certificate status */
56  printf ( "%s : %s", x509_name ( cert ), buf );
57  if ( cert->flags & X509_FL_PERMANENT )
58  printf ( " [PERMANENT]" );
59  if ( cert->flags & X509_FL_EXPLICIT )
60  printf ( " [EXPLICIT]" );
61  if ( x509_is_valid ( cert, NULL ) )
62  printf ( " [VALIDATED]" );
63  printf ( "\n" );
64 }
printf
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:465
errno.h
Error codes.
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1313
certstat
void certstat(struct x509_certificate *cert)
Display status of a certificate.
Definition: certmgmt.c:45
x509_certificate::flags
unsigned int flags
Flags.
Definition: x509.h:224
base16_encoded_len
static size_t base16_encoded_len(size_t raw_len)
Calculate length of base16-encoded data.
Definition: base16.h:25
FILE_SECBOOT
FILE_SECBOOT(PERMITTED)
x509_certificate
An X.509 certificate.
Definition: x509.h:216
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
certmgmt.h
Certificate management.
x509.h
X.509 certificates.
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1237
X509_FL_PERMANENT
Certificate was added at build time.
Definition: x509.h:255
x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:147
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition: crypto.h:27
sha1.h
SHA-1 algorithm.
digest_algorithm
A message digest algorithm.
Definition: crypto.h:19
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:322
X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition: x509.h:257
sha1_algorithm
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:258
base16.h
Base16 encoding.
Generated by   doxygen 1.8.15