Merge pull request #155 from square/cs/go1.10

Better short names for printing

lib/display.go

@@ -136,8 +136,10 @@ var layout = `
 {{- if .Alias}}{{.Alias}}
 {{end -}}
 Valid: {{.NotBefore | certStart}} to {{.NotAfter | certEnd}}
-Subject: {{.Subject.Name | printShortName }}
-Issuer: {{.Issuer.Name | printShortName }}
+Subject:
+	{{wrapWith .Width "\n\t" (.Subject.Name | printShortName)}}
+Issuer:
+	{{wrapWith .Width "\n\t" (.Issuer.Name | printShortName)}}
 {{- if .AltDNSNames}}
 DNS Names:
 	{{wrapWith .Width "\n\t" (join ", " .AltDNSNames)}}{{end}}
@@ -224,6 +226,7 @@ func displayCert(cert simpleCertificate, verbose bool) []byte {
 		"oidName":            oidName,
 		"oidShort":           oidShort,
 		"printShortName":     PrintShortName,
+		"printCommonName":    PrintCommonName,
 	}
 	for k, v := range extras {
 		funcMap[k] = v
@@ -336,14 +339,16 @@ func greenify(text string) string {
 	return green.SprintfFunc()("%s", text)
 }
 
-// PrintShortName turns a pkix.Name into a string of RDN tuples.
-func PrintShortName(name pkix.Name) (out string) {
-	// Try to print CN for short name if present.
+// PrintCommonName prints the CN from a pkix.Name, or falls back to PrintShortName if CN is missing.
+func PrintCommonName(name pkix.Name) (out string) {
 	if name.CommonName != "" {
 		return fmt.Sprintf("CN=%s", name.CommonName)
 	}
+	return PrintShortName(name)
+}
 
-	// If both CN is missing, just print O, OU, etc.
+// PrintShortName turns a pkix.Name into a string of RDN tuples.
+func PrintShortName(name pkix.Name) (out string) {
 	printed := false
 	for _, name := range name.Names {
 		short := oidShort(name.Type)

lib/oids.go

@@ -20,9 +20,11 @@ func describeOid(oid asn1.ObjectIdentifier) OidDescription {
 		"2.5.4.6":                   {"Country", "C", "country", true},
 		"2.5.4.7":                   {"Locality", "L", "locality", true},
 		"2.5.4.8":                   {"Province", "ST", "province", true},
+		"2.5.4.9":                   {"Street", "", "street", true},
 		"2.5.4.10":                  {"Organization", "O", "organization", true},
 		"2.5.4.11":                  {"Organizational Unit", "OU", "organizational_unit", true},
 		"2.5.4.15":                  {"Business Category", "", "business_category", true},
+		"2.5.4.17":                  {"Postal Code", "", "postalcode", true},
 		"1.2.840.113549.1.9.1":      {"Email Address", "", "email_address", true},
 		"1.3.6.1.4.1.311.60.2.1.1":  {"EV Incorporation Locality", "", "ev_locality", true},
 		"1.3.6.1.4.1.311.60.2.1.2":  {"EV Incorporation Province", "", "ev_province", true},

lib/tls.go

@@ -73,8 +73,9 @@ func EncodeTLSInfoToText(tcs *tls.ConnectionState, cri *tls.CertificateRequestIn
 
 	funcMap := sprig.TxtFuncMap()
 	extras := template.FuncMap{
-		"printShortName": PrintShortName,
-		"greenify":       greenify,
+		"printCommonName": PrintCommonName,
+		"printShortName":  PrintShortName,
+		"greenify":        greenify,
 	}
 	for k, v := range extras {
 		funcMap[k] = v

main.go

@@ -69,7 +69,7 @@ const minWidth = 60
 const maxWidth = 80
 
 func main() {
-	app.Version("1.9.2")
+	app.Version("1.10.0")
 
 	terminalWidth := determineTerminalWidth()
 

tests/dump-leaf-to-not-verbose.t

@@ -29,8 +29,10 @@ Dump an example certificate (example-leaf.crt)
   $ certigo dump example-leaf.crt
   ** CERTIFICATE 1 **
   Valid: 2016-06-10 22:14 UTC to 2023-04-15 22:14 UTC
-  Subject: CN=example-leaf
-  Issuer: CN=example-leaf
+  Subject:
+  \tC=US, ST=CA, O=certigo, OU=example, CN=example-leaf (esc)
+  Issuer:
+  \tC=US, ST=CA, O=certigo, OU=example, CN=example-leaf (esc)
   DNS Names:
   \tlocalhost (esc)
   IP Addresses:

verify.go

@@ -151,7 +151,7 @@ func verifyChain(certs []*x509.Certificate, dnsName, caPath string) simpleVerifi
 				PEM:                string(pem.EncodeToMemory(lib.EncodeX509ToPEM(cert, nil))),
 			}
 
-			aCert.Name = lib.PrintShortName(cert.Subject)
+			aCert.Name = lib.PrintCommonName(cert.Subject)
 			aChain = append(aChain, aCert)
 		}
 		result.Chains = append(result.Chains, aChain)