iPXE
certmgmt.c
Go to the documentation of this file.
1/*
2 * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 */
23
24FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25FILE_SECBOOT ( PERMITTED );
26
27#include <stdio.h>
28#include <errno.h>
29#include <ipxe/x509.h>
30#include <ipxe/sha1.h>
31#include <ipxe/base16.h>
32#include <usr/certmgmt.h>
33
34/** @file
35 *
36 * Certificate management
37 *
38 */
39
40/**
41 * Display status of a certificate
42 *
43 * @v cert X.509 certificate
44 */
45void certstat ( struct x509_certificate *cert ) {
46 struct digest_algorithm *digest = &sha1_algorithm;
47 uint8_t fingerprint[ digest->digestsize ];
48 char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];
49
50 /* Generate fingerprint */
51 x509_fingerprint ( cert, digest, fingerprint );
52 base16_encode ( fingerprint, sizeof ( fingerprint ),
53 buf, sizeof ( buf ) );
54
55 /* Print certificate status */
56 printf ( "%s : %s", x509_name ( cert ), buf );
57 if ( cert->flags & X509_FL_PERMANENT )
58 printf ( " [PERMANENT]" );
59 if ( cert->flags & X509_FL_EXPLICIT )
60 printf ( " [EXPLICIT]" );
61 if ( x509_is_valid ( cert, NULL ) )
62 printf ( " [VALIDATED]" );
63 printf ( "\n" );
64}
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
uint8_t
unsigned char uint8_t
Definition stdint.h:10
base16.h
Base16 encoding.
base16_encoded_len
static size_t base16_encoded_len(size_t raw_len)
Calculate length of base16-encoded data.
Definition base16.h:25
certstat
struct option_descriptor certstat[1]
Definition cert_cmd.c:58
certmgmt.h
Certificate management.
errno.h
Error codes.
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
FILE_SECBOOT
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926
sha1_algorithm
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition sha1.c:258
sha1.h
SHA-1 algorithm.
digest_algorithm
A message digest algorithm.
Definition crypto.h:19
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition crypto.h:27
x509_certificate
An X.509 certificate.
Definition x509.h:216
x509_certificate::flags
unsigned int flags
Flags.
Definition x509.h:224
printf
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition vsprintf.c:465
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition x509.c:1313
x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition x509.c:147
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition x509.c:1237
x509.h
X.509 certificates.
X509_FL_EXPLICIT
@ X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition x509.h:257
X509_FL_PERMANENT
@ X509_FL_PERMANENT
Certificate was added at build time.
Definition x509.h:255
Generated by doxygen 1.14.0