From f6f4ab40d3de7448d337185cee3a8479d57e5b7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 1 Apr 2014 17:32:44 +0200
Subject: [PATCH] Print extended key usage in x509_crt_info()

---
 library/x509_crt.c                     | 33 ++++++++++++++++++++++++--
 tests/data_files/server1.ext_ku.crt    | 22 +++++++++++++++++
 tests/suites/test_suite_x509parse.data |  4 ++++
 3 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 tests/data_files/server1.ext_ku.crt

diff --git a/library/x509_crt.c b/library/x509_crt.c
index e88bd4611..34f70c4ac 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1235,6 +1235,32 @@ static int x509_info_key_usage( char **buf, size_t *size,
     return( 0 );
 }
 
+static int x509_info_ext_key_usage( char **buf, size_t *size,
+                                    const x509_sequence *extended_key_usage )
+{
+    int ret;
+    const char *desc;
+    size_t n = *size;
+    char *p = *buf;
+    const x509_sequence *cur = extended_key_usage;
+
+    while( cur != NULL )
+    {
+        if( oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
+            desc = "???";
+
+        ret = snprintf( p, n, " %s", desc );
+        SAFE_SNPRINTF();
+
+        cur = cur->next;
+    }
+
+    *size = n;
+    *buf = p;
+
+    return( 0 );
+}
+
 /*
  * Return an informational string about the certificate.
  */
@@ -1354,9 +1380,12 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
 
     if( crt->ext_types & EXT_EXTENDED_KEY_USAGE )
     {
-        ret = snprintf( p, n, "\n%sext key usage     : ", prefix );
+        ret = snprintf( p, n, "\n%sext key usage     :", prefix );
         SAFE_SNPRINTF();
-        /* TODO */
+
+        if( ( ret = x509_info_ext_key_usage( &p, &n,
+                                             &crt->ext_key_usage ) ) != 0 )
+            return( ret );
     }
 
     ret = snprintf( p, n, "\n" );
diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/server1.ext_ku.crt
new file mode 100644
index 000000000..3c4f854a2
--- /dev/null
+++ b/tests/data_files/server1.ext_ku.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBITANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTQwNDAxMTQ0NDQzWhcNMjQwMzI5MTQ0NDQzWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o4G0MIGxMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm
+MGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQG
+EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
+Q0GCAQAwCwYDVR0PBAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQANtiYR2P6+a7rEtJARIgpurw1URYejATbbp3ZhaHBW603Wyb2+
+KJtm1KPCzoju/qTRt65YYkt+tu1wTzamyrkPxt8bBKmxiWnu5j1HLxdjOz8VW9lf
+vTb5egR4dU9eNXni/5QkzrdkMO+ob4puDXY7ytPuGX6YfNVhCkrhBlYDJNE57CkK
+vpCNj3+Te8PEkWPAEaUhqCnQk6qvPvpBfc/hqgwzlRMt3u5NkiVOuH72dtr4fOI1
+nlAU8D2wuvDVr3X5281ONNEtHU6rXe98vlUzS9QV9lBDdsO9nRYJzv2Nb1cjRIM5
+JZl0ILLR2tc6E/W5YXalNp37jfrFii1U9WrJ
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 4ec46ac55..e5aaf4707 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -78,6 +78,10 @@ X509 Certificate information, Subject Alt Name + Key Usage
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version     \: 3\nserial number     \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name       \: C=NL\nsubject name      \: C=NL\nissued  on        \: 2014-01-22 10\:04\:33\nexpires on        \: 2024-01-22 10\:04\:33\nsigned using      \: RSA with SHA1\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name  \: www.shotokan-braunschweig.de www.massimo-abate.eu\nkey usage         \: digitalSignature nonRepudiation keyEncipherment\n"
 
+X509 Certificate information, Key Usage + Extended Key Usage
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version     \: 3\nserial number     \: 21\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2014-04-01 14\:44\:43\nexpires on        \: 2024-03-29 14\:44\:43\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nkey usage         \: digitalSignature nonRepudiation keyEncipherment\next key usage     \: TLS Web Server Authentication\n"
+
 X509 Certificate information RSA signed by EC
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_cert_info:"data_files/server4.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"