goutils/cmd/certdump/util.go

package main

import (
	"crypto/x509"
	"errors"
	"fmt"
	"os"
	"strings"

	cferr "github.com/cloudflare/cfssl/errors"
	"github.com/kr/text"
)

// following two lifted from CFSSL, (replace-regexp "\(.+\): \(.+\),"
// "\2: \1,")

var keyUsage = map[x509.KeyUsage]string{
	x509.KeyUsageDigitalSignature:  "digital signature",
	x509.KeyUsageContentCommitment: "content committment",
	x509.KeyUsageKeyEncipherment:   "key encipherment",
	x509.KeyUsageKeyAgreement:      "key agreement",
	x509.KeyUsageDataEncipherment:  "data encipherment",
	x509.KeyUsageCertSign:          "cert sign",
	x509.KeyUsageCRLSign:           "crl sign",
	x509.KeyUsageEncipherOnly:      "encipher only",
	x509.KeyUsageDecipherOnly:      "decipher only",
}

var extKeyUsages = map[x509.ExtKeyUsage]string{
	x509.ExtKeyUsageAny:                        "any",
	x509.ExtKeyUsageServerAuth:                 "server auth",
	x509.ExtKeyUsageClientAuth:                 "client auth",
	x509.ExtKeyUsageCodeSigning:                "code signing",
	x509.ExtKeyUsageEmailProtection:            "s/mime",
	x509.ExtKeyUsageIPSECEndSystem:             "ipsec end system",
	x509.ExtKeyUsageIPSECTunnel:                "ipsec tunnel",
	x509.ExtKeyUsageIPSECUser:                  "ipsec user",
	x509.ExtKeyUsageTimeStamping:               "timestamping",
	x509.ExtKeyUsageOCSPSigning:                "ocsp signing",
	x509.ExtKeyUsageMicrosoftServerGatedCrypto: "microsoft sgc",
	x509.ExtKeyUsageNetscapeServerGatedCrypto:  "netscape sgc",
}

func pubKeyAlgo(a x509.PublicKeyAlgorithm) string {
	switch a {
	case x509.RSA:
		return "RSA"
	case x509.ECDSA:
		return "ECDSA"
	case x509.DSA:
		return "DSA"
	default:
		return "unknown public key algorithm"
	}
}

func sigAlgoPK(a x509.SignatureAlgorithm) string {
	switch a {

	case x509.MD2WithRSA, x509.MD5WithRSA, x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
		return "RSA"
	case x509.ECDSAWithSHA1, x509.ECDSAWithSHA256, x509.ECDSAWithSHA384, x509.ECDSAWithSHA512:
		return "ECDSA"
	case x509.DSAWithSHA1, x509.DSAWithSHA256:
		return "DSA"
	default:
		return "unknown public key algorithm"
	}
}

func sigAlgoHash(a x509.SignatureAlgorithm) string {
	switch a {
	case x509.MD2WithRSA:
		return "MD2"
	case x509.MD5WithRSA:
		return "MD5"
	case x509.SHA1WithRSA, x509.ECDSAWithSHA1, x509.DSAWithSHA1:
		return "SHA1"
	case x509.SHA256WithRSA, x509.ECDSAWithSHA256, x509.DSAWithSHA256:
		return "SHA256"
	case x509.SHA384WithRSA, x509.ECDSAWithSHA384:
		return "SHA384"
	case x509.SHA512WithRSA, x509.ECDSAWithSHA512:
		return "SHA512"
	default:
		return "unknown hash algorithm"
	}
}

// TranslateCFSSLError turns a CFSSL error into a more readable string.
func TranslateCFSSLError(err error) error {
	if err == nil {
		return nil
	}

	// printing errors as json is terrible
	if cfsslError, ok := err.(*cferr.Error); ok {
		err = errors.New(cfsslError.Message)
	}
	return err
}

// Warnx displays a formatted error message to standard error, à la
// warnx(3).
func Warnx(format string, a ...interface{}) (int, error) {
	format += "\n"
	return fmt.Fprintf(os.Stderr, format, a...)
}

// Warn displays a formatted error message to standard output,
// appending the error string, à la warn(3).
func Warn(err error, format string, a ...interface{}) (int, error) {
	format += ": %v\n"
	a = append(a, err)
	return fmt.Fprintf(os.Stderr, format, a...)
}

const maxLine = 78

func makeIndent(n int) string {
	s := "    "
	for i := 0; i < n; i++ {
		s += "        "
	}
	return s
}

func indentLen(n int) int {
	return 4 + (8 * n)
}

// this isn't real efficient, but that's not a problem here
func wrap(s string, indent int) string {
	if indent > 3 {
		indent = 3
	}

	wrapped := text.Wrap(s, maxLine)
	lines := strings.SplitN(wrapped, "\n", 2)
	if len(lines) == 1 {
		return lines[0]
	}

	if (maxLine - indentLen(indent)) <= 0 {
		panic("too much indentation")
	}

	rest := strings.Join(lines[1:], " ")
	wrapped = text.Wrap(rest, maxLine-indentLen(indent))
	return lines[0] + "\n" + text.Indent(wrapped, makeIndent(indent))
}

func dumpHex(in []byte) string {
	var s string
	for i := range in {
		s += fmt.Sprintf("%02X:", in[i])
	}

	return strings.Trim(s, ":")
}
Add certdump util. 2015-08-18 06:41:06 +00:00			`package main`

			`import (`
			`"crypto/x509"`
			`"errors"`
			`"fmt"`
			`"os"`
			`"strings"`

			`cferr "github.com/cloudflare/cfssl/errors"`
			`"github.com/kr/text"`
			`)`

			`// following two lifted from CFSSL, (replace-regexp "\(.+\): \(.+\),"`
			`// "\2: \1,")`
golint fixes. 2015-12-23 21:28:04 +00:00
			`var keyUsage = map[x509.KeyUsage]string{`
Add certdump util. 2015-08-18 06:41:06 +00:00			`x509.KeyUsageDigitalSignature: "digital signature",`
			`x509.KeyUsageContentCommitment: "content committment",`
			`x509.KeyUsageKeyEncipherment: "key encipherment",`
			`x509.KeyUsageKeyAgreement: "key agreement",`
			`x509.KeyUsageDataEncipherment: "data encipherment",`
			`x509.KeyUsageCertSign: "cert sign",`
			`x509.KeyUsageCRLSign: "crl sign",`
			`x509.KeyUsageEncipherOnly: "encipher only",`
			`x509.KeyUsageDecipherOnly: "decipher only",`
			`}`

golint fixes. 2015-12-23 21:28:04 +00:00			`var extKeyUsages = map[x509.ExtKeyUsage]string{`
Add certdump util. 2015-08-18 06:41:06 +00:00			`x509.ExtKeyUsageAny: "any",`
			`x509.ExtKeyUsageServerAuth: "server auth",`
			`x509.ExtKeyUsageClientAuth: "client auth",`
			`x509.ExtKeyUsageCodeSigning: "code signing",`
			`x509.ExtKeyUsageEmailProtection: "s/mime",`
			`x509.ExtKeyUsageIPSECEndSystem: "ipsec end system",`
			`x509.ExtKeyUsageIPSECTunnel: "ipsec tunnel",`
			`x509.ExtKeyUsageIPSECUser: "ipsec user",`
			`x509.ExtKeyUsageTimeStamping: "timestamping",`
			`x509.ExtKeyUsageOCSPSigning: "ocsp signing",`
			`x509.ExtKeyUsageMicrosoftServerGatedCrypto: "microsoft sgc",`
			`x509.ExtKeyUsageNetscapeServerGatedCrypto: "netscape sgc",`
			`}`

			`func pubKeyAlgo(a x509.PublicKeyAlgorithm) string {`
			`switch a {`
			`case x509.RSA:`
			`return "RSA"`
			`case x509.ECDSA:`
			`return "ECDSA"`
			`case x509.DSA:`
			`return "DSA"`
			`default:`
			`return "unknown public key algorithm"`
			`}`
			`}`

			`func sigAlgoPK(a x509.SignatureAlgorithm) string {`
			`switch a {`

			`case x509.MD2WithRSA, x509.MD5WithRSA, x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:`
			`return "RSA"`
			`case x509.ECDSAWithSHA1, x509.ECDSAWithSHA256, x509.ECDSAWithSHA384, x509.ECDSAWithSHA512:`
			`return "ECDSA"`
			`case x509.DSAWithSHA1, x509.DSAWithSHA256:`
			`return "DSA"`
			`default:`
			`return "unknown public key algorithm"`
			`}`
			`}`

			`func sigAlgoHash(a x509.SignatureAlgorithm) string {`
			`switch a {`
			`case x509.MD2WithRSA:`
			`return "MD2"`
			`case x509.MD5WithRSA:`
			`return "MD5"`
			`case x509.SHA1WithRSA, x509.ECDSAWithSHA1, x509.DSAWithSHA1:`
			`return "SHA1"`
			`case x509.SHA256WithRSA, x509.ECDSAWithSHA256, x509.DSAWithSHA256:`
			`return "SHA256"`
			`case x509.SHA384WithRSA, x509.ECDSAWithSHA384:`
			`return "SHA384"`
			`case x509.SHA512WithRSA, x509.ECDSAWithSHA512:`
			`return "SHA512"`
			`default:`
			`return "unknown hash algorithm"`
			`}`
			`}`

			`// TranslateCFSSLError turns a CFSSL error into a more readable string.`
			`func TranslateCFSSLError(err error) error {`
			`if err == nil {`
			`return nil`
			`}`

			`// printing errors as json is terrible`
			`if cfsslError, ok := err.(*cferr.Error); ok {`
			`err = errors.New(cfsslError.Message)`
			`}`
			`return err`
			`}`

			`// Warnx displays a formatted error message to standard error, à la`
			`// warnx(3).`
			`func Warnx(format string, a ...interface{}) (int, error) {`
			`format += "\n"`
			`return fmt.Fprintf(os.Stderr, format, a...)`
			`}`

			`// Warn displays a formatted error message to standard output,`
			`// appending the error string, à la warn(3).`
			`func Warn(err error, format string, a ...interface{}) (int, error) {`
			`format += ": %v\n"`
			`a = append(a, err)`
			`return fmt.Fprintf(os.Stderr, format, a...)`
			`}`

			`const maxLine = 78`

			`func makeIndent(n int) string {`
			`s := " "`
			`for i := 0; i < n; i++ {`
			`s += " "`
			`}`
			`return s`
			`}`

			`func indentLen(n int) int {`
			`return 4 + (8 * n)`
			`}`

			`// this isn't real efficient, but that's not a problem here`
			`func wrap(s string, indent int) string {`
			`if indent > 3 {`
			`indent = 3`
			`}`

			`wrapped := text.Wrap(s, maxLine)`
			`lines := strings.SplitN(wrapped, "\n", 2)`
			`if len(lines) == 1 {`
			`return lines[0]`
			`}`

			`if (maxLine - indentLen(indent)) <= 0 {`
			`panic("too much indentation")`
			`}`

			`rest := strings.Join(lines[1:], " ")`
			`wrapped = text.Wrap(rest, maxLine-indentLen(indent))`
			`return lines[0] + "\n" + text.Indent(wrapped, makeIndent(indent))`
			`}`

			`func dumpHex(in []byte) string {`
			`var s string`
			`for i := range in {`
			`s += fmt.Sprintf("%02X:", in[i])`
			`}`

			`return strings.Trim(s, ":")`
			`}`