From 63a32609180056cbc86cb75346d82e397dfa350c Mon Sep 17 00:00:00 2001 From: Cedric Staub Date: Tue, 27 Feb 2018 17:08:33 -0800 Subject: [PATCH 1/3] Better short names for printing --- lib/display.go | 6 ------ lib/oids.go | 4 +++- tests/dump-leaf-to-not-verbose.t | 4 ++-- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/lib/display.go b/lib/display.go index c3ef114..3124cb6 100644 --- a/lib/display.go +++ b/lib/display.go @@ -338,12 +338,6 @@ func greenify(text string) string { // PrintShortName turns a pkix.Name into a string of RDN tuples. func PrintShortName(name pkix.Name) (out string) { - // Try to print CN for short name if present. - if name.CommonName != "" { - return fmt.Sprintf("CN=%s", name.CommonName) - } - - // If both CN is missing, just print O, OU, etc. printed := false for _, name := range name.Names { short := oidShort(name.Type) diff --git a/lib/oids.go b/lib/oids.go index 62383cd..33c1eca 100644 --- a/lib/oids.go +++ b/lib/oids.go @@ -16,13 +16,15 @@ func describeOid(oid asn1.ObjectIdentifier) OidDescription { // Multiple should be true for any types that are []string in x509.pkix.Name. When in doubt, set it to true. names := map[string]OidDescription{ "2.5.4.3": {"CommonName", "CN", "common_name", false}, - "2.5.4.5": {"EV Incorporation Registration Number", "", "ev_registration_number", false}, + "2.5.4.5": {"EV Incorporation Registration Number", "SERIALNUMBER", "ev_registration_number", false}, "2.5.4.6": {"Country", "C", "country", true}, "2.5.4.7": {"Locality", "L", "locality", true}, "2.5.4.8": {"Province", "ST", "province", true}, + "2.5.4.9": {"Street", "STREET", "street", true}, "2.5.4.10": {"Organization", "O", "organization", true}, "2.5.4.11": {"Organizational Unit", "OU", "organizational_unit", true}, "2.5.4.15": {"Business Category", "", "business_category", true}, + "2.5.4.17": {"Postal Code", "POSTALCODE", "postalcode", true}, "1.2.840.113549.1.9.1": {"Email Address", "", "email_address", true}, "1.3.6.1.4.1.311.60.2.1.1": {"EV Incorporation Locality", "", "ev_locality", true}, "1.3.6.1.4.1.311.60.2.1.2": {"EV Incorporation Province", "", "ev_province", true}, diff --git a/tests/dump-leaf-to-not-verbose.t b/tests/dump-leaf-to-not-verbose.t index 3ee774a..3a4f1e7 100644 --- a/tests/dump-leaf-to-not-verbose.t +++ b/tests/dump-leaf-to-not-verbose.t @@ -29,8 +29,8 @@ Dump an example certificate (example-leaf.crt) $ certigo dump example-leaf.crt ** CERTIFICATE 1 ** Valid: 2016-06-10 22:14 UTC to 2023-04-15 22:14 UTC - Subject: CN=example-leaf - Issuer: CN=example-leaf + Subject: C=US, ST=CA, O=certigo, OU=example, CN=example-leaf + Issuer: C=US, ST=CA, O=certigo, OU=example, CN=example-leaf DNS Names: \tlocalhost (esc) IP Addresses: From d920cab6f05a182e8d9b0f53ce7556ff26dfa893 Mon Sep 17 00:00:00 2001 From: Cedric Staub Date: Tue, 27 Feb 2018 17:20:12 -0800 Subject: [PATCH 2/3] Print only CN for verify results --- lib/display.go | 15 +++++++++++++-- lib/oids.go | 6 +++--- lib/tls.go | 5 +++-- tests/dump-leaf-to-not-verbose.t | 6 ++++-- verify.go | 2 +- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/lib/display.go b/lib/display.go index 3124cb6..5694027 100644 --- a/lib/display.go +++ b/lib/display.go @@ -136,8 +136,10 @@ var layout = ` {{- if .Alias}}{{.Alias}} {{end -}} Valid: {{.NotBefore | certStart}} to {{.NotAfter | certEnd}} -Subject: {{.Subject.Name | printShortName }} -Issuer: {{.Issuer.Name | printShortName }} +Subject: + {{wrapWith .Width "\n\t" (.Subject.Name | printShortName)}} +Issuer: + {{wrapWith .Width "\n\t" (.Issuer.Name | printShortName)}} {{- if .AltDNSNames}} DNS Names: {{wrapWith .Width "\n\t" (join ", " .AltDNSNames)}}{{end}} @@ -224,6 +226,7 @@ func displayCert(cert simpleCertificate, verbose bool) []byte { "oidName": oidName, "oidShort": oidShort, "printShortName": PrintShortName, + "printCommonName": PrintCommonName, } for k, v := range extras { funcMap[k] = v @@ -336,6 +339,14 @@ func greenify(text string) string { return green.SprintfFunc()("%s", text) } +// PrintCommonName prints the CN from a pkix.Name, or falls back to PrintShortName if CN is missing. +func PrintCommonName(name pkix.Name) (out string) { + if name.CommonName != "" { + return fmt.Sprintf("CN=%s", name.CommonName) + } + return PrintShortName(name) +} + // PrintShortName turns a pkix.Name into a string of RDN tuples. func PrintShortName(name pkix.Name) (out string) { printed := false diff --git a/lib/oids.go b/lib/oids.go index 33c1eca..6123589 100644 --- a/lib/oids.go +++ b/lib/oids.go @@ -16,15 +16,15 @@ func describeOid(oid asn1.ObjectIdentifier) OidDescription { // Multiple should be true for any types that are []string in x509.pkix.Name. When in doubt, set it to true. names := map[string]OidDescription{ "2.5.4.3": {"CommonName", "CN", "common_name", false}, - "2.5.4.5": {"EV Incorporation Registration Number", "SERIALNUMBER", "ev_registration_number", false}, + "2.5.4.5": {"EV Incorporation Registration Number", "", "ev_registration_number", false}, "2.5.4.6": {"Country", "C", "country", true}, "2.5.4.7": {"Locality", "L", "locality", true}, "2.5.4.8": {"Province", "ST", "province", true}, - "2.5.4.9": {"Street", "STREET", "street", true}, + "2.5.4.9": {"Street", "", "street", true}, "2.5.4.10": {"Organization", "O", "organization", true}, "2.5.4.11": {"Organizational Unit", "OU", "organizational_unit", true}, "2.5.4.15": {"Business Category", "", "business_category", true}, - "2.5.4.17": {"Postal Code", "POSTALCODE", "postalcode", true}, + "2.5.4.17": {"Postal Code", "", "postalcode", true}, "1.2.840.113549.1.9.1": {"Email Address", "", "email_address", true}, "1.3.6.1.4.1.311.60.2.1.1": {"EV Incorporation Locality", "", "ev_locality", true}, "1.3.6.1.4.1.311.60.2.1.2": {"EV Incorporation Province", "", "ev_province", true}, diff --git a/lib/tls.go b/lib/tls.go index e664f82..a9fefcd 100644 --- a/lib/tls.go +++ b/lib/tls.go @@ -73,8 +73,9 @@ func EncodeTLSInfoToText(tcs *tls.ConnectionState, cri *tls.CertificateRequestIn funcMap := sprig.TxtFuncMap() extras := template.FuncMap{ - "printShortName": PrintShortName, - "greenify": greenify, + "printCommonName": PrintCommonName, + "printShortName": PrintShortName, + "greenify": greenify, } for k, v := range extras { funcMap[k] = v diff --git a/tests/dump-leaf-to-not-verbose.t b/tests/dump-leaf-to-not-verbose.t index 3a4f1e7..6962d30 100644 --- a/tests/dump-leaf-to-not-verbose.t +++ b/tests/dump-leaf-to-not-verbose.t @@ -29,8 +29,10 @@ Dump an example certificate (example-leaf.crt) $ certigo dump example-leaf.crt ** CERTIFICATE 1 ** Valid: 2016-06-10 22:14 UTC to 2023-04-15 22:14 UTC - Subject: C=US, ST=CA, O=certigo, OU=example, CN=example-leaf - Issuer: C=US, ST=CA, O=certigo, OU=example, CN=example-leaf + Subject: + \tC=US, ST=CA, O=certigo, OU=example, CN=example-leaf (esc) + Issuer: + \tC=US, ST=CA, O=certigo, OU=example, CN=example-leaf (esc) DNS Names: \tlocalhost (esc) IP Addresses: diff --git a/verify.go b/verify.go index b86bd6d..d38f819 100644 --- a/verify.go +++ b/verify.go @@ -151,7 +151,7 @@ func verifyChain(certs []*x509.Certificate, dnsName, caPath string) simpleVerifi PEM: string(pem.EncodeToMemory(lib.EncodeX509ToPEM(cert, nil))), } - aCert.Name = lib.PrintShortName(cert.Subject) + aCert.Name = lib.PrintCommonName(cert.Subject) aChain = append(aChain, aCert) } result.Chains = append(result.Chains, aChain) From 25f903dabff359fc180bd6ce9334435448c3500a Mon Sep 17 00:00:00 2001 From: Cedric Staub Date: Tue, 27 Feb 2018 17:25:15 -0800 Subject: [PATCH 3/3] Bump app version to 1.10.0 --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index d17bcbe..447f0b6 100644 --- a/main.go +++ b/main.go @@ -69,7 +69,7 @@ const minWidth = 60 const maxWidth = 80 func main() { - app.Version("1.9.2") + app.Version("1.10.0") terminalWidth := determineTerminalWidth()