Add certdump util.

2015-08-17 23:41:06 -07:00
parent da9e2e7184
commit df5100bc30
2 changed files with 367 additions and 0 deletions
--- a/cmd/certdump/util.go
+++ b/cmd/certdump/util.go
@@ -0,0 +1,159 @@
+package main
+
+import (
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	cferr "github.com/cloudflare/cfssl/errors"
+	"github.com/kr/text"
+)
+
+// following two lifted from CFSSL, (replace-regexp "\(.+\): \(.+\),"
+// "\2: \1,")
+var KeyUsage = map[x509.KeyUsage]string{
+	x509.KeyUsageDigitalSignature:  "digital signature",
+	x509.KeyUsageContentCommitment: "content committment",
+	x509.KeyUsageKeyEncipherment:   "key encipherment",
+	x509.KeyUsageKeyAgreement:      "key agreement",
+	x509.KeyUsageDataEncipherment:  "data encipherment",
+	x509.KeyUsageCertSign:          "cert sign",
+	x509.KeyUsageCRLSign:           "crl sign",
+	x509.KeyUsageEncipherOnly:      "encipher only",
+	x509.KeyUsageDecipherOnly:      "decipher only",
+}
+
+var ExtKeyUsages = map[x509.ExtKeyUsage]string{
+	x509.ExtKeyUsageAny:                        "any",
+	x509.ExtKeyUsageServerAuth:                 "server auth",
+	x509.ExtKeyUsageClientAuth:                 "client auth",
+	x509.ExtKeyUsageCodeSigning:                "code signing",
+	x509.ExtKeyUsageEmailProtection:            "s/mime",
+	x509.ExtKeyUsageIPSECEndSystem:             "ipsec end system",
+	x509.ExtKeyUsageIPSECTunnel:                "ipsec tunnel",
+	x509.ExtKeyUsageIPSECUser:                  "ipsec user",
+	x509.ExtKeyUsageTimeStamping:               "timestamping",
+	x509.ExtKeyUsageOCSPSigning:                "ocsp signing",
+	x509.ExtKeyUsageMicrosoftServerGatedCrypto: "microsoft sgc",
+	x509.ExtKeyUsageNetscapeServerGatedCrypto:  "netscape sgc",
+}
+
+func pubKeyAlgo(a x509.PublicKeyAlgorithm) string {
+	switch a {
+	case x509.RSA:
+		return "RSA"
+	case x509.ECDSA:
+		return "ECDSA"
+	case x509.DSA:
+		return "DSA"
+	default:
+		return "unknown public key algorithm"
+	}
+}
+
+func sigAlgoPK(a x509.SignatureAlgorithm) string {
+	switch a {
+
+	case x509.MD2WithRSA, x509.MD5WithRSA, x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:
+		return "RSA"
+	case x509.ECDSAWithSHA1, x509.ECDSAWithSHA256, x509.ECDSAWithSHA384, x509.ECDSAWithSHA512:
+		return "ECDSA"
+	case x509.DSAWithSHA1, x509.DSAWithSHA256:
+		return "DSA"
+	default:
+		return "unknown public key algorithm"
+	}
+}
+
+func sigAlgoHash(a x509.SignatureAlgorithm) string {
+	switch a {
+	case x509.MD2WithRSA:
+		return "MD2"
+	case x509.MD5WithRSA:
+		return "MD5"
+	case x509.SHA1WithRSA, x509.ECDSAWithSHA1, x509.DSAWithSHA1:
+		return "SHA1"
+	case x509.SHA256WithRSA, x509.ECDSAWithSHA256, x509.DSAWithSHA256:
+		return "SHA256"
+	case x509.SHA384WithRSA, x509.ECDSAWithSHA384:
+		return "SHA384"
+	case x509.SHA512WithRSA, x509.ECDSAWithSHA512:
+		return "SHA512"
+	default:
+		return "unknown hash algorithm"
+	}
+}
+
+// TranslateCFSSLError turns a CFSSL error into a more readable string.
+func TranslateCFSSLError(err error) error {
+	if err == nil {
+		return nil
+	}
+
+	// printing errors as json is terrible
+	if cfsslError, ok := err.(*cferr.Error); ok {
+		err = errors.New(cfsslError.Message)
+	}
+	return err
+}
+
+// Warnx displays a formatted error message to standard error, à la
+// warnx(3).
+func Warnx(format string, a ...interface{}) (int, error) {
+	format += "\n"
+	return fmt.Fprintf(os.Stderr, format, a...)
+}
+
+// Warn displays a formatted error message to standard output,
+// appending the error string, à la warn(3).
+func Warn(err error, format string, a ...interface{}) (int, error) {
+	format += ": %v\n"
+	a = append(a, err)
+	return fmt.Fprintf(os.Stderr, format, a...)
+}
+
+const maxLine = 78
+
+func makeIndent(n int) string {
+	s := "    "
+	for i := 0; i < n; i++ {
+		s += "        "
+	}
+	return s
+}
+
+func indentLen(n int) int {
+	return 4 + (8 * n)
+}
+
+// this isn't real efficient, but that's not a problem here
+func wrap(s string, indent int) string {
+	if indent > 3 {
+		indent = 3
+	}
+
+	wrapped := text.Wrap(s, maxLine)
+	lines := strings.SplitN(wrapped, "\n", 2)
+	if len(lines) == 1 {
+		return lines[0]
+	}
+
+	if (maxLine - indentLen(indent)) <= 0 {
+		panic("too much indentation")
+	}
+
+	rest := strings.Join(lines[1:], " ")
+	wrapped = text.Wrap(rest, maxLine-indentLen(indent))
+	return lines[0] + "\n" + text.Indent(wrapped, makeIndent(indent))
+}
+
+func dumpHex(in []byte) string {
+	var s string
+	for i := range in {
+		s += fmt.Sprintf("%02X:", in[i])
+	}
+
+	return strings.Trim(s, ":")
+}