1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package x509util
16
17 import (
18 "bytes"
19 "encoding/hex"
20 "fmt"
21 "strconv"
22
23 "github.com/google/certificate-transparency-go/x509"
24 "github.com/google/certificate-transparency-go/x509/pkix"
25 )
26
27
28 func RevocationReasonToString(reason x509.RevocationReasonCode) string {
29 switch reason {
30 case x509.Unspecified:
31 return "Unspecified"
32 case x509.KeyCompromise:
33 return "Key Compromise"
34 case x509.CACompromise:
35 return "CA Compromise"
36 case x509.AffiliationChanged:
37 return "Affiliation Changed"
38 case x509.Superseded:
39 return "Superseded"
40 case x509.CessationOfOperation:
41 return "Cessation Of Operation"
42 case x509.CertificateHold:
43 return "Certificate Hold"
44 case x509.RemoveFromCRL:
45 return "Remove From CRL"
46 case x509.PrivilegeWithdrawn:
47 return "Privilege Withdrawn"
48 case x509.AACompromise:
49 return "AA Compromise"
50 default:
51 return strconv.Itoa(int(reason))
52 }
53 }
54
55
56
57 func CRLToString(crl *x509.CertificateList) string {
58 var result bytes.Buffer
59 var showCritical = func(critical bool) {
60 if critical {
61 result.WriteString(" critical")
62 }
63 result.WriteString("\n")
64 }
65 result.WriteString("Certificate Revocation List (CRL):\n")
66 result.WriteString(fmt.Sprintf(" Version: %d (%#x)\n", crl.TBSCertList.Version+1, crl.TBSCertList.Version))
67 result.WriteString(fmt.Sprintf(" Signature Algorithm: %v\n", x509.SignatureAlgorithmFromAI(crl.TBSCertList.Signature)))
68 var issuer pkix.Name
69 issuer.FillFromRDNSequence(&crl.TBSCertList.Issuer)
70 result.WriteString(fmt.Sprintf(" Issuer: %v\n", NameToString(issuer)))
71 result.WriteString(fmt.Sprintf(" Last Update: %v\n", crl.TBSCertList.ThisUpdate))
72 result.WriteString(fmt.Sprintf(" Next Update: %v\n", crl.TBSCertList.NextUpdate))
73
74 if len(crl.TBSCertList.Extensions) > 0 {
75 result.WriteString(" CRL extensions:\n")
76 }
77
78 count, critical := OIDInExtensions(x509.OIDExtensionAuthorityKeyId, crl.TBSCertList.Extensions)
79 if count > 0 {
80 result.WriteString(" X509v3 Authority Key Identifier:")
81 showCritical(critical)
82 result.WriteString(fmt.Sprintf(" keyid:%v\n", hex.EncodeToString(crl.TBSCertList.AuthorityKeyID)))
83 }
84 count, critical = OIDInExtensions(x509.OIDExtensionIssuerAltName, crl.TBSCertList.Extensions)
85 if count > 0 {
86 result.WriteString(" X509v3 Issuer Alt Name:")
87 showCritical(critical)
88 result.WriteString(fmt.Sprintf(" %s\n", GeneralNamesToString(&crl.TBSCertList.IssuerAltNames)))
89 }
90 count, critical = OIDInExtensions(x509.OIDExtensionCRLNumber, crl.TBSCertList.Extensions)
91 if count > 0 {
92 result.WriteString(" X509v3 CRLNumber:")
93 showCritical(critical)
94 result.WriteString(fmt.Sprintf(" %d\n", crl.TBSCertList.CRLNumber))
95 }
96 count, critical = OIDInExtensions(x509.OIDExtensionDeltaCRLIndicator, crl.TBSCertList.Extensions)
97 if count > 0 {
98 result.WriteString(" X509v3 Delta CRL Indicator:")
99 showCritical(critical)
100 result.WriteString(fmt.Sprintf(" %d\n", crl.TBSCertList.BaseCRLNumber))
101 }
102 count, critical = OIDInExtensions(x509.OIDExtensionIssuingDistributionPoint, crl.TBSCertList.Extensions)
103 if count > 0 {
104 result.WriteString(" X509v3 Issuing Distribution Point:")
105 showCritical(critical)
106 result.WriteString(fmt.Sprintf(" %s\n", GeneralNamesToString(&crl.TBSCertList.IssuingDPFullNames)))
107 }
108 count, critical = OIDInExtensions(x509.OIDExtensionFreshestCRL, crl.TBSCertList.Extensions)
109 if count > 0 {
110 result.WriteString(" X509v3 Freshest CRL:")
111 showCritical(critical)
112 result.WriteString(" Full Name:\n")
113 var buf bytes.Buffer
114 for _, pt := range crl.TBSCertList.FreshestCRLDistributionPoint {
115 commaAppend(&buf, "URI:"+pt)
116 }
117 result.WriteString(fmt.Sprintf(" %v\n", buf.String()))
118 }
119 count, critical = OIDInExtensions(x509.OIDExtensionAuthorityInfoAccess, crl.TBSCertList.Extensions)
120 if count > 0 {
121 result.WriteString(" Authority Information Access:")
122 showCritical(critical)
123 var issuerBuf bytes.Buffer
124 for _, issuer := range crl.TBSCertList.IssuingCertificateURL {
125 commaAppend(&issuerBuf, "URI:"+issuer)
126 }
127 if issuerBuf.Len() > 0 {
128 result.WriteString(fmt.Sprintf(" CA Issuers - %v\n", issuerBuf.String()))
129 }
130 var ocspBuf bytes.Buffer
131 for _, ocsp := range crl.TBSCertList.OCSPServer {
132 commaAppend(&ocspBuf, "URI:"+ocsp)
133 }
134 if ocspBuf.Len() > 0 {
135 result.WriteString(fmt.Sprintf(" OCSP - %v\n", ocspBuf.String()))
136 }
137
138 }
139
140 result.WriteString("\n")
141 result.WriteString("Revoked Certificates:\n")
142 for _, c := range crl.TBSCertList.RevokedCertificates {
143 result.WriteString(fmt.Sprintf(" Serial Number: %s (0x%s)\n", c.SerialNumber.Text(10), c.SerialNumber.Text(16)))
144 result.WriteString(fmt.Sprintf(" Revocation Date : %v\n", c.RevocationTime))
145 count, critical = OIDInExtensions(x509.OIDExtensionCRLReasons, c.Extensions)
146 if count > 0 {
147 result.WriteString(" X509v3 CRL Reason Code:")
148 showCritical(critical)
149 result.WriteString(fmt.Sprintf(" %s\n", RevocationReasonToString(c.RevocationReason)))
150 }
151 count, critical = OIDInExtensions(x509.OIDExtensionInvalidityDate, c.Extensions)
152 if count > 0 {
153 result.WriteString(" Invalidity Date:")
154 showCritical(critical)
155 result.WriteString(fmt.Sprintf(" %s\n", c.InvalidityDate))
156 }
157 count, critical = OIDInExtensions(x509.OIDExtensionCertificateIssuer, c.Extensions)
158 if count > 0 {
159 result.WriteString(" Issuer:")
160 showCritical(critical)
161 result.WriteString(fmt.Sprintf(" %s\n", GeneralNamesToString(&c.Issuer)))
162 }
163 }
164 result.WriteString(fmt.Sprintf(" Signature Algorithm: %v\n", x509.SignatureAlgorithmFromAI(crl.SignatureAlgorithm)))
165 appendHexData(&result, crl.SignatureValue.Bytes, 18, " ")
166 result.WriteString("\n")
167
168 return result.String()
169 }
170
View as plain text