fixups

cmd/certdump/main.go

@@ -15,10 +15,138 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/kr/text"
+
 	"git.wntrmute.dev/kyle/goutils/certlib"
 	"git.wntrmute.dev/kyle/goutils/lib"
 )
 
+// following two lifted from CFSSL, (replace-regexp "\(.+\): \(.+\),"
+// "\2: \1,")
+
+const (
+	sSHA256 = "SHA256"
+	sSHA512 = "SHA512"
+)
+
+var keyUsage = map[x509.KeyUsage]string{
+	x509.KeyUsageDigitalSignature:  "digital signature",
+	x509.KeyUsageContentCommitment: "content committment",
+	x509.KeyUsageKeyEncipherment:   "key encipherment",
+	x509.KeyUsageKeyAgreement:      "key agreement",
+	x509.KeyUsageDataEncipherment:  "data encipherment",
+	x509.KeyUsageCertSign:          "cert sign",
+	x509.KeyUsageCRLSign:           "crl sign",
+	x509.KeyUsageEncipherOnly:      "encipher only",
+	x509.KeyUsageDecipherOnly:      "decipher only",
+}
+
+var extKeyUsages = map[x509.ExtKeyUsage]string{
+	x509.ExtKeyUsageAny:                            "any",
+	x509.ExtKeyUsageServerAuth:                     "server auth",
+	x509.ExtKeyUsageClientAuth:                     "client auth",
+	x509.ExtKeyUsageCodeSigning:                    "code signing",
+	x509.ExtKeyUsageEmailProtection:                "s/mime",
+	x509.ExtKeyUsageIPSECEndSystem:                 "ipsec end system",
+	x509.ExtKeyUsageIPSECTunnel:                    "ipsec tunnel",
+	x509.ExtKeyUsageIPSECUser:                      "ipsec user",
+	x509.ExtKeyUsageTimeStamping:                   "timestamping",
+	x509.ExtKeyUsageOCSPSigning:                    "ocsp signing",
+	x509.ExtKeyUsageMicrosoftServerGatedCrypto:     "microsoft sgc",
+	x509.ExtKeyUsageNetscapeServerGatedCrypto:      "netscape sgc",
+	x509.ExtKeyUsageMicrosoftCommercialCodeSigning: "microsoft commercial code signing",
+	x509.ExtKeyUsageMicrosoftKernelCodeSigning:     "microsoft kernel code signing",
+}
+
+func sigAlgoPK(a x509.SignatureAlgorithm) string {
+	switch a {
+	case x509.MD2WithRSA, x509.MD5WithRSA, x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
+		return "RSA"
+	case x509.SHA256WithRSAPSS, x509.SHA384WithRSAPSS, x509.SHA512WithRSAPSS:
+		return "RSA-PSS"
+	case x509.ECDSAWithSHA1, x509.ECDSAWithSHA256, x509.ECDSAWithSHA384, x509.ECDSAWithSHA512:
+		return "ECDSA"
+	case x509.DSAWithSHA1, x509.DSAWithSHA256:
+		return "DSA"
+	case x509.PureEd25519:
+		return "Ed25519"
+	case x509.UnknownSignatureAlgorithm:
+		return "unknown public key algorithm"
+	default:
+		return "unknown public key algorithm"
+	}
+}
+
+func sigAlgoHash(a x509.SignatureAlgorithm) string {
+	switch a {
+	case x509.MD2WithRSA:
+		return "MD2"
+	case x509.MD5WithRSA:
+		return "MD5"
+	case x509.SHA1WithRSA, x509.ECDSAWithSHA1, x509.DSAWithSHA1:
+		return "SHA1"
+	case x509.SHA256WithRSA, x509.ECDSAWithSHA256, x509.DSAWithSHA256:
+		return sSHA256
+	case x509.SHA256WithRSAPSS:
+		return sSHA256
+	case x509.SHA384WithRSA, x509.ECDSAWithSHA384:
+		return "SHA384"
+	case x509.SHA384WithRSAPSS:
+		return "SHA384"
+	case x509.SHA512WithRSA, x509.ECDSAWithSHA512:
+		return sSHA512
+	case x509.SHA512WithRSAPSS:
+		return sSHA512
+	case x509.PureEd25519:
+		return sSHA512
+	case x509.UnknownSignatureAlgorithm:
+		return "unknown hash algorithm"
+	default:
+		return "unknown hash algorithm"
+	}
+}
+
+const maxLine = 78
+
+func makeIndent(n int) string {
+	s := "    "
+	var sSb97 strings.Builder
+	for range n {
+		sSb97.WriteString("        ")
+	}
+	s += sSb97.String()
+	return s
+}
+
+func indentLen(n int) int {
+	return 4 + (8 * n)
+}
+
+// this isn't real efficient, but that's not a problem here.
+func wrap(s string, indent int) string {
+	if indent > 3 {
+		indent = 3
+	}
+
+	wrapped := text.Wrap(s, maxLine)
+	lines := strings.SplitN(wrapped, "\n", 2)
+	if len(lines) == 1 {
+		return lines[0]
+	}
+
+	if (maxLine - indentLen(indent)) <= 0 {
+		panic("too much indentation")
+	}
+
+	rest := strings.Join(lines[1:], " ")
+	wrapped = text.Wrap(rest, maxLine-indentLen(indent))
+	return lines[0] + "\n" + text.Indent(wrapped, makeIndent(indent))
+}
+
+func dumpHex(in []byte) string {
+	return lib.HexEncode(in, lib.HexEncodeUpperColon)
+}
+
 func certPublic(cert *x509.Certificate) string {
 	switch pub := cert.PublicKey.(type) {
 	case *rsa.PublicKey: