aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/cvc/ecdsa_sig.cpp3
-rw-r--r--src/cert/x509ca/x509_ca.cpp2
-rw-r--r--src/cert/x509cert/x509cert.cpp105
-rw-r--r--src/cert/x509cert/x509cert.h5
4 files changed, 112 insertions, 3 deletions
diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp
index dba2ece8d..1b3940250 100644
--- a/src/cert/cvc/ecdsa_sig.cpp
+++ b/src/cert/cvc/ecdsa_sig.cpp
@@ -32,7 +32,8 @@ MemoryVector<byte> ECDSA_Signature::DER_encode() const
MemoryVector<byte> ECDSA_Signature::get_concatenation() const
{
- u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger
+ // use the larger
+ const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes();
SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len);
SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len);
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index 7c0e103d1..14b5240cf 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -94,7 +94,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
const Extensions& extensions)
{
const u32bit X509_CERT_VERSION = 3;
- const size_t SERIAL_BITS = 128;
+ const size_t SERIAL_BITS = 256;
BigInt serial_no(rng, SERIAL_BITS);
diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp
index e3844e8e9..05a459c1f 100644
--- a/src/cert/x509cert/x509cert.cpp
+++ b/src/cert/x509cert/x509cert.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Certificates
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -14,7 +14,10 @@
#include <botan/bigint.h>
#include <botan/oids.h>
#include <botan/pem.h>
+#include <botan/hex.h>
#include <algorithm>
+#include <iterator>
+#include <sstream>
namespace Botan {
@@ -295,6 +298,106 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
return !(cert1 == cert2);
}
+std::string X509_Certificate::to_string() const
+ {
+ const char* dn_fields[] = { "Name",
+ "Email",
+ "Organization",
+ "Organizational Unit",
+ "Locality",
+ "State",
+ "Country",
+ "IP",
+ "DNS",
+ "URI",
+ "PKIX.XMPPAddr",
+ 0 };
+
+ std::ostringstream out;
+
+ for(size_t i = 0; dn_fields[i]; ++i)
+ {
+ const std::vector<std::string> vals = this->subject_info(dn_fields[i]);
+
+ if(vals.empty())
+ continue;
+
+ out << "Subject " << dn_fields[i] << ":";
+ for(size_t i = 0; i != vals.size(); ++i)
+ out << " " << vals[i];
+ out << "\n";
+ }
+
+ for(size_t i = 0; dn_fields[i]; ++i)
+ {
+ const std::vector<std::string> vals = this->issuer_info(dn_fields[i]);
+
+ if(vals.empty())
+ continue;
+
+ out << "Issuer " << dn_fields[i] << ":";
+ for(size_t i = 0; i != vals.size(); ++i)
+ out << " " << vals[i];
+ out << "\n";
+ }
+
+ out << "Version: " << this->x509_version() << "\n";
+
+ out << "Not valid before: " << this->start_time() << "\n";
+ out << "Not valid after: " << this->end_time() << "\n";
+
+ out << "Constraints:\n";
+ Key_Constraints constraints = this->constraints();
+ if(constraints == NO_CONSTRAINTS)
+ out << " None\n";
+ else
+ {
+ if(constraints & DIGITAL_SIGNATURE)
+ out << " Digital Signature\n";
+ if(constraints & NON_REPUDIATION)
+ out << " Non-Repuidation\n";
+ if(constraints & KEY_ENCIPHERMENT)
+ out << " Key Encipherment\n";
+ if(constraints & DATA_ENCIPHERMENT)
+ out << " Data Encipherment\n";
+ if(constraints & KEY_AGREEMENT)
+ out << " Key Agreement\n";
+ if(constraints & KEY_CERT_SIGN)
+ out << " Cert Sign\n";
+ if(constraints & CRL_SIGN)
+ out << " CRL Sign\n";
+ }
+
+ std::vector<std::string> policies = this->policies();
+ if(policies.size())
+ {
+ out << "Policies: " << "\n";
+ for(u32bit j = 0; j != policies.size(); j++)
+ out << " " << policies[j] << "\n";
+ }
+
+ std::vector<std::string> ex_constraints = this->ex_constraints();
+ if(ex_constraints.size())
+ {
+ out << "Extended Constraints:\n";
+ for(u32bit j = 0; j != ex_constraints.size(); j++)
+ out << " " << ex_constraints[j] << "\n";
+ }
+
+ out << "Signature algorithm: " <<
+ OIDS::lookup(this->signature_algorithm().oid) << "\n";
+
+ out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
+ out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
+ out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
+
+ X509_PublicKey* pubkey = this->subject_public_key();
+ out << "Public Key:\n" << X509::PEM_encode(*pubkey);
+ delete pubkey;
+
+ return out.str();
+ }
+
/*
* Create and populate a X509_DN
*/
diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h
index 754553f3d..8798ef1c2 100644
--- a/src/cert/x509cert/x509cert.h
+++ b/src/cert/x509cert/x509cert.h
@@ -141,6 +141,11 @@ class BOTAN_DLL X509_Certificate : public X509_Object
std::vector<std::string> policies() const;
/**
+ * @return a string describing the certificate
+ */
+ std::string to_string() const;
+
+ /**
* Check to certificates for equality.
* @return true both certificates are (binary) equal
*/