scion-pki: show ISD-AS in distinguished name (scionproto#4611)

Include the ISD-AS in the output of the distinguished name of the
certificate. Previously, the output would show
`UnknownOID=1.3.6.1.4.1.55324.1.2.1` instead of the ISD-AS.

Furthemore, represent the extended key usage for sensitive voting,
regular voting, and cppki root certificates as a human readable string.

scion-pki/certs/certinfo.go

@@ -45,6 +45,8 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+
+	"github.com/scionproto/scion/pkg/scrypto/cppki"
 )
 
 // Time formats used
@@ -154,6 +156,8 @@ func printName(names []pkix.AttributeTypeAndValue, buf *bytes.Buffer) []string {
 			values = append(values, fmt.Sprintf("DC=%s", name.Value))
 		} else if oid.Equal(oidUserID) {
 			values = append(values, fmt.Sprintf("UID=%s", name.Value))
+		} else if oid.Equal(cppki.OIDNameIA) {
+			values = append(values, fmt.Sprintf("ISD-AS=%s", name.Value))
 		} else {
 			values = append(values, fmt.Sprintf("UnknownOID=%s", name.Type.String()))
 		}
@@ -628,7 +632,16 @@ func certificateText(cert *x509.Certificate) (string, error) {
 						}
 					}
 					for _, oid := range cert.UnknownExtKeyUsage {
-						list = append(list, oid.String())
+						switch {
+						case oid.Equal(cppki.OIDExtKeyUsageSensitive):
+							list = append(list, "Sensitive Voting")
+						case oid.Equal(cppki.OIDExtKeyUsageRegular):
+							list = append(list, "Regular Voting")
+						case oid.Equal(cppki.OIDExtKeyUsageRoot):
+							list = append(list, "CPPKI Root")
+						default:
+							list = append(list, oid.String())
+						}
 					}
 					if len(list) > 0 {
 						buf.WriteString(fmt.Sprintf("%16s%s", "", list[0]))

scion-pki/certs/testdata/inspect/sample_certificate.golden

@@ -3,11 +3,11 @@ Certificate:
         Version: 3 (0x2)
         Serial Number: 236926349964825539132366110936757753936879769458 (0x2980251cdc8ab9152895adda753f4865173f5772)
     Signature Algorithm: ECDSA-SHA512
-        Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1
+        Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,ISD-AS=1-ff00:0:110
         Validity
             Not Before: Mar 18 17:12:31 2021 UTC
             Not After : Mar 18 17:12:31 2022 UTC
-        Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 AS Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1
+        Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 AS Certificate,ISD-AS=1-ff00:0:110
         Subject Public Key Info:
             Public Key Algorithm: ECDSA
                 Public-Key: (256 bit)
@@ -39,11 +39,11 @@ Certificate:
         Version: 3 (0x2)
         Serial Number: 667057667842995775975688328585225864023964590390 (0x74d7e67c8e2a0293b27d2b78b0e700eedc772136)
     Signature Algorithm: ECDSA-SHA512
-        Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 High Security Root Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1
+        Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 High Security Root Certificate,ISD-AS=1-ff00:0:110
         Validity
             Not Before: Mar 18 17:12:31 2021 UTC
             Not After : Mar 18 17:12:31 2023 UTC
-        Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1
+        Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,ISD-AS=1-ff00:0:110
         Subject Public Key Info:
             Public Key Algorithm: ECDSA
                 Public-Key: (256 bit)