func pubkeyDump(w indent.Writer, cert *x509.Certificate) {
switch cert.PublicKeyAlgorithm {
case x509.ECDSA:
w.Printf("Public Key Algorithm: %s\n", w.Bold("ECDSA"))
pub, ok := cert.PublicKey.(*ecdsa.PublicKey)
if !ok {
w.Println(w.Bold("[unrecognizable]"))
return
}
w.Headerf("Public Key: (%s)\n", w.Bold("%d bits", pub.Params().BitSize))
w.PrintHex(elliptic.Marshal(pub.Curve, pub.X, pub.Y))
w.Dedent()
w.Printf("Curve: %s\n", EcdsaCurveName[pub.Curve])
return
case x509.RSA:
w.Printf("Public Key Algorithm: RSA\n")
case x509.DSA:
w.Printf("Public Key Algorithm: DSA\n")
default:
w.Printf("Public Key Algorithm: Unknown (type %d)\n", cert.PublicKeyAlgorithm)
}
b, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
w.Headerf("Public Key:\n")
if err != nil {
w.Printf("[unrecognizable]\n")
} else {
w.PrintHex(b)
}
w.Dedent()
}
func Dump(w indent.Writer, cert *x509.Certificate) {
w.Headerf("Certificate:\n")
w.Printf("Version: %s\n", w.Bold("%v", cert.Version))
w.Printf("Serial Number: %s\n", w.Bold("%v (0x%x)\n", cert.SerialNumber, cert.SerialNumber))
w.Printf("Issuer: %s\n", w.Bold("%s", RDNString(cert.Issuer)))
w.Headerf("Validity:\n")
w.Printf("Not Before: %s\n", w.Bold("%v", cert.NotBefore))
w.Printf("Not After : %s\n", w.Bold("%v", cert.NotAfter))
w.Dedent()
w.Printf("Subject: %s\n", w.Bold(RDNString(cert.Subject)))
w.Headerf("Subject Public Key Info:\n")
pubkeyDump(w, cert)
w.Dedent()
w.Headerf("X509v3 Extensions:\n")
if cert.KeyUsage != 0 {
s := []string{}
for t, d := range X509KeyUsage {
if cert.KeyUsage&t != 0 {
s = append(s, d)
}
}
w.Headerf("X509v3 Key Usage:\n")
w.Println(w.Bold("%s", strings.Join(s, ", ")))
w.Dedent()
}
if cert.KeyUsage != 0 {
s := []string{}
for _, u := range cert.ExtKeyUsage {
s = append(s, X509ExtKeyUsage[u])
}
w.Headerf("X509v3 Extended Key Usage:\n")
w.Println(w.Bold("%s", strings.Join(s, ", ")))
w.Dedent()
}
if cert.BasicConstraintsValid {
w.Headerf("X509v3 Basic Constraints:\n")
w.Printf("CA: %s\n", w.Bold("%v", cert.IsCA))
if cert.MaxPathLen > 0 || cert.MaxPathLenZero {
w.Printf("MaxPathLen: %s\n", w.Bold("%v", cert.MaxPathLen))
}
w.Dedent()
}
for _, e := range cert.Extensions {
if cps, unotice, err := ExtractCertificationPolicy(e); err == nil {
w.Headerf("Policy:\n")
w.Printf("CPS: %s\n", w.Link(cps, w.Bold(cps)))
w.Printf("User Notice: %s\n", w.Link(unotice, w.Bold(unotice)))
w.Dedent()
}
}
w.Dedent()
w.Headerf("Signature Algorithm: %s\n", w.Bold("%v", SigAlgName[cert.SignatureAlgorithm]))
w.PrintHex(cert.Signature)
w.Dedent()
w.Dedent()
}
func Dump(w indent.Writer, m tao.Manifest) {
keys := m.Keys()
sort.Sort(knownKeysFirst(keys))
for _, k := range keys {
switch v := m[k].(type) {
case tao.Manifest:
w.Headerf("%s:\n", k)
Dump(w, v)
w.Dedent()
case []byte:
w.PrintHeaderHex(k, v)
case auth.Bytes:
w.PrintHeaderHex(k, []byte(v))
default:
w.Printf("%v: %v\n", k, w.Bold(fmt.Sprintf("%v", v)))
}
}
}
