fix: highlight IsCA (#40)

* fix: add HighlightCA * add version in template
shipengqi · Sep 22, 2023 · c349818 · c349818
1 parent c213045
commit c349818
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 16 deletions.
diff --git a/crtutil/tmpl/funcs.go b/crtutil/tmpl/funcs.go
@@ -53,25 +53,27 @@ var KeyUsageStringMapping = map[x509.KeyUsage]string{
 	x509.KeyUsageKeyEncipherment:   "Key Encipherment",
 	x509.KeyUsageDataEncipherment:  "Data Encipherment",
 	x509.KeyUsageKeyAgreement:      "Key Agreement",
-	x509.KeyUsageCertSign:          "Cert Sign",
+	x509.KeyUsageCertSign:          "Certificate Sign",
 	x509.KeyUsageCRLSign:           "CRL Sign",
 	x509.KeyUsageEncipherOnly:      "Encipher Only",
 	x509.KeyUsageDecipherOnly:      "Decipher Only",
 }
 
 var ExtKeyUsageStringMapping = map[x509.ExtKeyUsage]string{
-	x509.ExtKeyUsageAny:                        "Any",
-	x509.ExtKeyUsageServerAuth:                 "Server Auth",
-	x509.ExtKeyUsageClientAuth:                 "Client Auth",
-	x509.ExtKeyUsageCodeSigning:                "Code Signing",
-	x509.ExtKeyUsageEmailProtection:            "Email Protection",
-	x509.ExtKeyUsageIPSECEndSystem:             "IPSEC End System",
-	x509.ExtKeyUsageIPSECTunnel:                "IPSEC Tunnel",
-	x509.ExtKeyUsageIPSECUser:                  "IPSEC User",
-	x509.ExtKeyUsageTimeStamping:               "Time Stamping",
-	x509.ExtKeyUsageOCSPSigning:                "OCSP Signing",
-	x509.ExtKeyUsageMicrosoftServerGatedCrypto: "Microsoft ServerGatedCrypto",
-	x509.ExtKeyUsageNetscapeServerGatedCrypto:  "Netscape ServerGatedCrypto",
+	x509.ExtKeyUsageAny:                            "Any",
+	x509.ExtKeyUsageServerAuth:                     "TLS Web Server Authentication",
+	x509.ExtKeyUsageClientAuth:                     "TLS Web Client Authentication",
+	x509.ExtKeyUsageCodeSigning:                    "Code Signing",
+	x509.ExtKeyUsageEmailProtection:                "Email Protection",
+	x509.ExtKeyUsageIPSECEndSystem:                 "IPSEC End System",
+	x509.ExtKeyUsageIPSECTunnel:                    "IPSEC Tunnel",
+	x509.ExtKeyUsageIPSECUser:                      "IPSEC User",
+	x509.ExtKeyUsageTimeStamping:                   "Time Stamping",
+	x509.ExtKeyUsageOCSPSigning:                    "OCSP Signing",
+	x509.ExtKeyUsageMicrosoftServerGatedCrypto:     "Microsoft ServerGatedCrypto",
+	x509.ExtKeyUsageNetscapeServerGatedCrypto:      "Netscape ServerGatedCrypto",
+	x509.ExtKeyUsageMicrosoftCommercialCodeSigning: "Microsoft CommercialCodeSigning",
+	x509.ExtKeyUsageMicrosoftKernelCodeSigning:     "Microsoft KernelCodeSigning",
 }
 
 var KeyUsages = []x509.KeyUsage{
@@ -264,6 +266,13 @@ func BitLength(key *rsa.PublicKey) string {
 	return Colorize(strconv.Itoa(blen), "green")
 }
 
+func HighlightCA(isCA bool) string {
+	if isCA {
+		return Colorize("TRUE", "green")
+	}
+	return Colorize("FALSE", "red")
+}
+
 func thresholdToTime(threshold string, nowT ...time.Time) time.Time {
 	var now time.Time
 	if len(nowT) == 0 {

diff --git a/crtutil/tmpl/template.go b/crtutil/tmpl/template.go
@@ -20,6 +20,7 @@ const (
 {{ . | isSelfSigned }}
 {{end -}}
 
+Version: {{.Version}}
 Serial: {{.SerialNumber}}
 Valid: {{.NotBefore | notBefore}} to {{.NotAfter | notAfter}}
 Signature: {{.SignatureAlgorithm | highlightAlgorithm}}{{- template "IsSelfSigned" . -}}
@@ -37,7 +38,7 @@ Subject Key ID: {{.SubjectKeyId | tohex}}
 Authority Key ID: {{.AuthorityKeyId | tohex}}
 {{- end}}
 {{- if .BasicConstraintsValid}}
-Basic Constraints: CA:{{.IsCA}}{{if .MaxPathLen}}, pathlen:{{.MaxPathLen}}{{end}}{{end}}
+Basic Constraints: CA:{{.IsCA | highlightCA}}{{if .MaxPathLen}}, pathlen:{{.MaxPathLen}}{{end}}{{end}}
 {{- if (nameConstraints .) }}
 Name Constraints{{if .PermittedDNSDomainsCritical}} (critical){{end}}: 
 {{- if .PermittedDNSDomains}}
@@ -155,6 +156,7 @@ func BuildCertFuncMap() template.FuncMap {
 		"nameConstraints":    ShowNameConstraints,
 		"showBitLen":         ShowBitLength,
 		"bitLen":             BitLength,
+		"highlightCA":        HighlightCA,
 	}
 	for k, v := range extras {
 		funcmap[k] = v

diff --git a/crtutil/tmpl/template_test.go b/crtutil/tmpl/template_test.go
@@ -18,24 +18,26 @@ func TestBuildDefaultCertTemplate(t *testing.T) {
 			"successfully output the certificate according to the given template",
 			"../testdata/server.crt",
 			[]string{
+				"Version: 3",
 				"Serial: 4751997750760398084",
 				"Valid: 2021-11-29 08:39 UTC to 2022-11-29 08:39 UTC",
 				"Signature: SHA256-RSA",
 				"BitLength: 2048",
 				"Authority Key ID: CA:A5:79:D4:EB:5D:1F:F0:8F:40:52:A9:AF:3B:E7:6B:84:74:F9:B9",
-				"Basic Constraints: CA:false, pathlen:-1",
+				"Basic Constraints: CA:FALSE, pathlen:-1",
 			},
 		},
 		{
 			"successfully output the self-signed certificate according to the given template",
 			"../testdata/self-signed.crt",
 			[]string{
+				"Version: 3",
 				"Serial: 5577006791947779410",
 				"Valid: 2022-09-23 06:09 UTC to 2032-09-30 06:09 UTC",
 				"Signature: SHA256-RSA (self-signed)",
 				"BitLength: 4096",
 				"Subject Key ID: 6D:E9:2B:2B:1D:59:AB:B5:46:8C:7B:93:C3:49:7E:95:B0:20:E5:4C",
-				"Basic Constraints: CA:true, pathlen:-1",
+				"Basic Constraints: CA:TRUE, pathlen:-1",
 			},
 		},
 	}