certmgmt_8c_source.html

 /*
  * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
  * published by the Free Software Foundation; either version 2 of the
  * License, or any later version.
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301, USA.
  *
  * You can also choose to distribute this program under the terms of
  * the Unmodified Binary Distribution Licence (as given in the file
  * COPYING.UBDL), provided that you have satisfied its requirements.
  */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

 #include <stdio.h>
 #include <errno.h>
 #include <ipxe/x509.h>
 #include <ipxe/sha1.h>
 #include <ipxe/base16.h>
 #include <usr/certmgmt.h>

 /** @file
  *
  * Certificate management
  *
  */

 /**
  * Display status of a certificate
  *
  * @v cert              X.509 certificate
  */
 void certstat ( struct x509_certificate *cert ) {
         struct digest_algorithm *digest = &sha1_algorithm;
         uint8_t fingerprint[ digest->digestsize ];
         char buf[ base16_encoded_len ( sizeof ( fingerprint ) ) + 1 /* NUL */ ];

         /* Generate fingerprint */
         x509_fingerprint ( cert, digest, fingerprint );
         base16_encode ( fingerprint, sizeof ( fingerprint ),
                         buf, sizeof ( buf ) );

         /* Print certificate status */
         printf ( "%s : %s", x509_name ( cert ), buf );
         if ( cert->flags & X509_FL_PERMANENT )
                 printf ( " [PERMANENT]" );
         if ( cert->flags & X509_FL_EXPLICIT )
                 printf ( " [EXPLICIT]" );
         if ( x509_is_valid ( cert, NULL ) )
                 printf ( " [VALIDATED]" );
         printf ( "\n" );
 }
printf
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464

errno.h
Error codes.

x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1318

certstat
void certstat(struct x509_certificate *cert)
Display status of a certificate.
Definition: certmgmt.c:44

x509_certificate::flags
unsigned int flags
Flags.
Definition: x509.h:215

base16_encoded_len
static size_t base16_encoded_len(size_t raw_len)
Calculate length of base16-encoded data.
Definition: base16.h:24

digest
static void struct digest_algorithm * digest
HMAC-MD5 digest.
Definition: crypto.h:308

x509_certificate
An X.509 certificate.
Definition: x509.h:207

FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)

uint8_t
unsigned char uint8_t
Definition: stdint.h:10

certmgmt.h
Certificate management.

x509.h
X.509 certificates.

x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1242

X509_FL_PERMANENT
Certificate was added at build time.
Definition: x509.h:246

stdio.h

x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:145

digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition: crypto.h:25

sha1.h
SHA-1 algorithm.

digest_algorithm
A message digest algorithm.
Definition: crypto.h:17

NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321

X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition: x509.h:248

sha1_algorithm
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:257

base16.h
Base16 encoding.