diff options
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/cvc/ecdsa_sig.cpp | 3 | ||||
-rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.cpp | 105 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.h | 5 |
4 files changed, 112 insertions, 3 deletions
diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index dba2ece8d..1b3940250 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -32,7 +32,8 @@ MemoryVector<byte> ECDSA_Signature::DER_encode() const MemoryVector<byte> ECDSA_Signature::get_concatenation() const { - u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger + // use the larger + const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 7c0e103d1..14b5240cf 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -94,7 +94,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const Extensions& extensions) { const u32bit X509_CERT_VERSION = 3; - const size_t SERIAL_BITS = 128; + const size_t SERIAL_BITS = 256; BigInt serial_no(rng, SERIAL_BITS); diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index e3844e8e9..05a459c1f 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -1,6 +1,6 @@ /* * X.509 Certificates -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -14,7 +14,10 @@ #include <botan/bigint.h> #include <botan/oids.h> #include <botan/pem.h> +#include <botan/hex.h> #include <algorithm> +#include <iterator> +#include <sstream> namespace Botan { @@ -295,6 +298,106 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) return !(cert1 == cert2); } +std::string X509_Certificate::to_string() const + { + const char* dn_fields[] = { "Name", + "Email", + "Organization", + "Organizational Unit", + "Locality", + "State", + "Country", + "IP", + "DNS", + "URI", + "PKIX.XMPPAddr", + 0 }; + + std::ostringstream out; + + for(size_t i = 0; dn_fields[i]; ++i) + { + const std::vector<std::string> vals = this->subject_info(dn_fields[i]); + + if(vals.empty()) + continue; + + out << "Subject " << dn_fields[i] << ":"; + for(size_t i = 0; i != vals.size(); ++i) + out << " " << vals[i]; + out << "\n"; + } + + for(size_t i = 0; dn_fields[i]; ++i) + { + const std::vector<std::string> vals = this->issuer_info(dn_fields[i]); + + if(vals.empty()) + continue; + + out << "Issuer " << dn_fields[i] << ":"; + for(size_t i = 0; i != vals.size(); ++i) + out << " " << vals[i]; + out << "\n"; + } + + out << "Version: " << this->x509_version() << "\n"; + + out << "Not valid before: " << this->start_time() << "\n"; + out << "Not valid after: " << this->end_time() << "\n"; + + out << "Constraints:\n"; + Key_Constraints constraints = this->constraints(); + if(constraints == NO_CONSTRAINTS) + out << " None\n"; + else + { + if(constraints & DIGITAL_SIGNATURE) + out << " Digital Signature\n"; + if(constraints & NON_REPUDIATION) + out << " Non-Repuidation\n"; + if(constraints & KEY_ENCIPHERMENT) + out << " Key Encipherment\n"; + if(constraints & DATA_ENCIPHERMENT) + out << " Data Encipherment\n"; + if(constraints & KEY_AGREEMENT) + out << " Key Agreement\n"; + if(constraints & KEY_CERT_SIGN) + out << " Cert Sign\n"; + if(constraints & CRL_SIGN) + out << " CRL Sign\n"; + } + + std::vector<std::string> policies = this->policies(); + if(policies.size()) + { + out << "Policies: " << "\n"; + for(u32bit j = 0; j != policies.size(); j++) + out << " " << policies[j] << "\n"; + } + + std::vector<std::string> ex_constraints = this->ex_constraints(); + if(ex_constraints.size()) + { + out << "Extended Constraints:\n"; + for(u32bit j = 0; j != ex_constraints.size(); j++) + out << " " << ex_constraints[j] << "\n"; + } + + out << "Signature algorithm: " << + OIDS::lookup(this->signature_algorithm().oid) << "\n"; + + out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; + out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; + out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; + + X509_PublicKey* pubkey = this->subject_public_key(); + out << "Public Key:\n" << X509::PEM_encode(*pubkey); + delete pubkey; + + return out.str(); + } + /* * Create and populate a X509_DN */ diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h index 754553f3d..8798ef1c2 100644 --- a/src/cert/x509cert/x509cert.h +++ b/src/cert/x509cert/x509cert.h @@ -141,6 +141,11 @@ class BOTAN_DLL X509_Certificate : public X509_Object std::vector<std::string> policies() const; /** + * @return a string describing the certificate + */ + std::string to_string() const; + + /** * Check to certificates for equality. * @return true both certificates are (binary) equal */ |