summaryrefslogtreecommitdiff
path: root/src/pki/commands/print.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki/commands/print.c')
-rw-r--r--src/pki/commands/print.c151
1 files changed, 145 insertions, 6 deletions
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 870dca920..ee6f30c98 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -15,6 +15,7 @@
#include "pki.h"
+#include <asn1/asn1.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
#include <credentials/certificates/crl.h>
@@ -72,8 +73,11 @@ static void print_x509(x509_t *x509)
chunk_t chunk;
bool first;
char *uri;
- int len;
+ int len, explicit, inhibit;
x509_flag_t flags;
+ x509_cdp_t *cdp;
+ x509_cert_policy_t *policy;
+ x509_policy_mapping_t *mapping;
chunk = x509->get_serial(x509);
printf("serial: %#B\n", &chunk);
@@ -105,6 +109,10 @@ static void print_x509(x509_t *x509)
{
printf("CA ");
}
+ if (flags & X509_CRL_SIGN)
+ {
+ printf("CRLSign ");
+ }
if (flags & X509_AA)
{
printf("AA ");
@@ -133,17 +141,22 @@ static void print_x509(x509_t *x509)
first = TRUE;
enumerator = x509->create_crl_uri_enumerator(x509);
- while (enumerator->enumerate(enumerator, &uri))
+ while (enumerator->enumerate(enumerator, &cdp))
{
if (first)
{
- printf("CRL URIs: %s\n", uri);
+ printf("CRL URIs: %s", cdp->uri);
first = FALSE;
}
else
{
- printf(" %s\n", uri);
+ printf(" %s", cdp->uri);
+ }
+ if (cdp->issuer)
+ {
+ printf(" (CRL issuer: %Y)", cdp->issuer);
}
+ printf("\n");
}
enumerator->destroy(enumerator);
@@ -163,12 +176,111 @@ static void print_x509(x509_t *x509)
}
enumerator->destroy(enumerator);
- len = x509->get_pathLenConstraint(x509);
- if (len != X509_NO_PATH_LEN_CONSTRAINT)
+ len = x509->get_constraint(x509, X509_PATH_LEN);
+ if (len != X509_NO_CONSTRAINT)
{
printf("pathlen: %d\n", len);
}
+ first = TRUE;
+ enumerator = x509->create_name_constraint_enumerator(x509, TRUE);
+ while (enumerator->enumerate(enumerator, &id))
+ {
+ if (first)
+ {
+ printf("Permitted NameConstraints:\n");
+ first = FALSE;
+ }
+ printf(" %Y\n", id);
+ }
+ enumerator->destroy(enumerator);
+ first = TRUE;
+ enumerator = x509->create_name_constraint_enumerator(x509, FALSE);
+ while (enumerator->enumerate(enumerator, &id))
+ {
+ if (first)
+ {
+ printf("Excluded NameConstraints:\n");
+ first = FALSE;
+ }
+ printf(" %Y\n", id);
+ }
+ enumerator->destroy(enumerator);
+
+ first = TRUE;
+ enumerator = x509->create_cert_policy_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &policy))
+ {
+ char *oid;
+
+ if (first)
+ {
+ printf("CertificatePolicies:\n");
+ first = FALSE;
+ }
+ oid = asn1_oid_to_string(policy->oid);
+ if (oid)
+ {
+ printf(" %s\n", oid);
+ free(oid);
+ }
+ else
+ {
+ printf(" %#B\n", &policy->oid);
+ }
+ if (policy->cps_uri)
+ {
+ printf(" CPS: %s\n", policy->cps_uri);
+ }
+ if (policy->unotice_text)
+ {
+ printf(" Notice: %s\n", policy->unotice_text);
+
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ first = TRUE;
+ enumerator = x509->create_policy_mapping_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &mapping))
+ {
+ char *issuer_oid, *subject_oid;
+
+ if (first)
+ {
+ printf("PolicyMappings:\n");
+ first = FALSE;
+ }
+ issuer_oid = asn1_oid_to_string(mapping->issuer);
+ subject_oid = asn1_oid_to_string(mapping->subject);
+ printf(" %s => %s\n", issuer_oid, subject_oid);
+ free(issuer_oid);
+ free(subject_oid);
+ }
+ enumerator->destroy(enumerator);
+
+ explicit = x509->get_constraint(x509, X509_REQUIRE_EXPLICIT_POLICY);
+ inhibit = x509->get_constraint(x509, X509_INHIBIT_POLICY_MAPPING);
+ len = x509->get_constraint(x509, X509_INHIBIT_ANY_POLICY);
+
+ if (explicit != X509_NO_CONSTRAINT || inhibit != X509_NO_CONSTRAINT ||
+ len != X509_NO_CONSTRAINT)
+ {
+ printf("PolicyConstraints:\n");
+ if (explicit != X509_NO_CONSTRAINT)
+ {
+ printf(" requireExplicitPolicy: %d\n", explicit);
+ }
+ if (inhibit != X509_NO_CONSTRAINT)
+ {
+ printf(" inhibitPolicyMapping: %d\n", inhibit);
+ }
+ if (len != X509_NO_CONSTRAINT)
+ {
+ printf(" inhibitAnyPolicy: %d\n", len);
+ }
+ }
+
chunk = x509->get_authKeyIdentifier(x509);
if (chunk.ptr)
{
@@ -212,14 +324,41 @@ static void print_crl(crl_t *crl)
crl_reason_t reason;
chunk_t chunk;
int count = 0;
+ bool first;
char buf[64];
struct tm tm;
+ x509_cdp_t *cdp;
chunk = crl->get_serial(crl);
printf("serial: %#B\n", &chunk);
+ if (crl->is_delta_crl(crl, &chunk))
+ {
+ printf("delta CRL: for serial %#B\n", &chunk);
+ }
chunk = crl->get_authKeyIdentifier(crl);
printf("authKeyId: %#B\n", &chunk);
+ first = TRUE;
+ enumerator = crl->create_delta_crl_uri_enumerator(crl);
+ while (enumerator->enumerate(enumerator, &cdp))
+ {
+ if (first)
+ {
+ printf("freshest: %s", cdp->uri);
+ first = FALSE;
+ }
+ else
+ {
+ printf(" %s", cdp->uri);
+ }
+ if (cdp->issuer)
+ {
+ printf(" (CRL issuer: %Y)", cdp->issuer);
+ }
+ printf("\n");
+ }
+ enumerator->destroy(enumerator);
+
enumerator = crl->create_enumerator(crl);
while (enumerator->enumerate(enumerator, &chunk, &ts, &reason))
{