From f0d570b1cdf7cfd374abb5efc91aa68cc489ee0d Mon Sep 17 00:00:00 2001 From: Dominik Roos Date: Tue, 17 Sep 2024 18:29:23 +0200 Subject: [PATCH] scion-pki: show ISD-AS in distinguished name (#4611) Include the ISD-AS in the output of the distinguished name of the certificate. Previously, the output would show `UnknownOID=1.3.6.1.4.1.55324.1.2.1` instead of the ISD-AS. Furthemore, represent the extended key usage for sensitive voting, regular voting, and cppki root certificates as a human readable string. --- scion-pki/certs/certinfo.go | 15 ++++++++++++++- .../testdata/inspect/sample_certificate.golden | 8 ++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/scion-pki/certs/certinfo.go b/scion-pki/certs/certinfo.go index eab1755dcf..a8b5d7efaf 100644 --- a/scion-pki/certs/certinfo.go +++ b/scion-pki/certs/certinfo.go @@ -45,6 +45,8 @@ import ( "time" "github.com/pkg/errors" + + "github.com/scionproto/scion/pkg/scrypto/cppki" ) // Time formats used @@ -154,6 +156,8 @@ func printName(names []pkix.AttributeTypeAndValue, buf *bytes.Buffer) []string { values = append(values, fmt.Sprintf("DC=%s", name.Value)) } else if oid.Equal(oidUserID) { values = append(values, fmt.Sprintf("UID=%s", name.Value)) + } else if oid.Equal(cppki.OIDNameIA) { + values = append(values, fmt.Sprintf("ISD-AS=%s", name.Value)) } else { values = append(values, fmt.Sprintf("UnknownOID=%s", name.Type.String())) } @@ -628,7 +632,16 @@ func certificateText(cert *x509.Certificate) (string, error) { } } for _, oid := range cert.UnknownExtKeyUsage { - list = append(list, oid.String()) + switch { + case oid.Equal(cppki.OIDExtKeyUsageSensitive): + list = append(list, "Sensitive Voting") + case oid.Equal(cppki.OIDExtKeyUsageRegular): + list = append(list, "Regular Voting") + case oid.Equal(cppki.OIDExtKeyUsageRoot): + list = append(list, "CPPKI Root") + default: + list = append(list, oid.String()) + } } if len(list) > 0 { buf.WriteString(fmt.Sprintf("%16s%s", "", list[0])) diff --git a/scion-pki/certs/testdata/inspect/sample_certificate.golden b/scion-pki/certs/testdata/inspect/sample_certificate.golden index 788dc81544..22677ddcbd 100644 --- a/scion-pki/certs/testdata/inspect/sample_certificate.golden +++ b/scion-pki/certs/testdata/inspect/sample_certificate.golden @@ -3,11 +3,11 @@ Certificate: Version: 3 (0x2) Serial Number: 236926349964825539132366110936757753936879769458 (0x2980251cdc8ab9152895adda753f4865173f5772) Signature Algorithm: ECDSA-SHA512 - Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1 + Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,ISD-AS=1-ff00:0:110 Validity Not Before: Mar 18 17:12:31 2021 UTC Not After : Mar 18 17:12:31 2022 UTC - Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 AS Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1 + Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 AS Certificate,ISD-AS=1-ff00:0:110 Subject Public Key Info: Public Key Algorithm: ECDSA Public-Key: (256 bit) @@ -39,11 +39,11 @@ Certificate: Version: 3 (0x2) Serial Number: 667057667842995775975688328585225864023964590390 (0x74d7e67c8e2a0293b27d2b78b0e700eedc772136) Signature Algorithm: ECDSA-SHA512 - Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 High Security Root Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1 + Issuer: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 High Security Root Certificate,ISD-AS=1-ff00:0:110 Validity Not Before: Mar 18 17:12:31 2021 UTC Not After : Mar 18 17:12:31 2023 UTC - Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,UnknownOID=1.3.6.1.4.1.55324.1.2.1 + Subject: C=CH,ST=Zürich,L=Zürich,O=1-ff00:0:110,OU=1-ff00:0:110 InfoSec Squad,CN=1-ff00:0:110 Secure CA Certificate,ISD-AS=1-ff00:0:110 Subject Public Key Info: Public Key Algorithm: ECDSA Public-Key: (256 bit)