feat: add aki, ski and keyUsage to certificate output (#17)

Add Authority Key Identifier, Subject Key Identifier and Key Usages to the certificate output

Author: nothinux

certify.go

@@ -163,7 +163,7 @@ func CertInfo(cert *x509.Certificate) string {
 
 	if cert.KeyUsage != 0 {
 		buf.WriteString(fmt.Sprintf("%12sX509v3 Key Usage:\n", ""))
-		buf.WriteString(fmt.Sprintf("%16s%v\n", "", parseKeyUsage(cert.KeyUsage)))
+		buf.WriteString(fmt.Sprintf("%16s%v\n", "", strings.Join(parseKeyUsage(cert.KeyUsage), ", ")))
 	}
 
 	buf.WriteString(fmt.Sprintf("%12sX509v3 Basic Constraints:\n", ""))
@@ -174,6 +174,11 @@ func CertInfo(cert *x509.Certificate) string {
 		buf.WriteString(fmt.Sprintf("%16s%v\n", "", formatKeyIDWithColon(cert.SubjectKeyId)))
 	}
 
+	if cert.AuthorityKeyId != nil {
+		buf.WriteString(fmt.Sprintf("%12sX509v3 Authority Key Identifier:\n", ""))
+		buf.WriteString(fmt.Sprintf("%16s%v\n", "", formatKeyIDWithColon(cert.AuthorityKeyId)))
+	}
+
 	if len(cert.IPAddresses) != 0 || len(cert.DNSNames) != 0 {
 		buf.WriteString(fmt.Sprintf("%12sX509v3 Subject Alternative Name:\n", ""))
 		if len(cert.IPAddresses) != 0 {

helper.go

@@ -26,17 +26,38 @@ func GetPublicKey(pub interface{}) (string, error) {
 	return w.String(), err
 }
 
-func parseKeyUsage(ku x509.KeyUsage) string {
-	switch ku {
-	case x509.KeyUsageCRLSign:
-		return "CRL Sign"
-	case x509.KeyUsageCertSign:
-		return "Cert Sign"
-	case x509.KeyUsageDigitalSignature:
-		return "Digital Signature"
-	default:
-		return ""
+func parseKeyUsage(ku x509.KeyUsage) []string {
+	usages := []string{}
+
+	if ku&x509.KeyUsageDigitalSignature > 0 {
+		usages = append(usages, "Digital Signature")
+	}
+	if ku&x509.KeyUsageContentCommitment > 0 {
+		usages = append(usages, "Content Commitment")
+	}
+	if ku&x509.KeyUsageDataEncipherment > 0 {
+		usages = append(usages, "Key Encipherment")
+	}
+	if ku&x509.KeyUsageDataEncipherment > 0 {
+		usages = append(usages, "Data Encipherment")
+	}
+	if ku&x509.KeyUsageKeyAgreement > 0 {
+		usages = append(usages, "Key Agreement")
 	}
+	if ku&x509.KeyUsageCertSign > 0 {
+		usages = append(usages, "Cert Sign")
+	}
+	if ku&x509.KeyUsageCRLSign > 0 {
+		usages = append(usages, "CRL Sign")
+	}
+	if ku&x509.KeyUsageEncipherOnly > 0 {
+		usages = append(usages, "Enchiper Only")
+	}
+	if ku&x509.KeyUsageDecipherOnly > 0 {
+		usages = append(usages, "Dechiper Only")
+	}
+
+	return usages
 }
 
 func parseExtKeyUsage(ekus []x509.ExtKeyUsage) string {

helper_test.go

@@ -3,6 +3,7 @@ package certify
 import (
 	"crypto/x509"
 	"os"
+	"reflect"
 	"testing"
 )
 
@@ -32,34 +33,34 @@ func TestParseKeyUsage(t *testing.T) {
 	tests := []struct {
 		Name     string
 		KeyUsage x509.KeyUsage
-		Expected string
+		Expected []string
 	}{
 		{
-			Name:     "Test Cert Sign Key Usage",
-			KeyUsage: x509.KeyUsageCertSign,
-			Expected: "Cert Sign",
+			Name:     "Test Cert Sign and CRL Sign Key Usage",
+			KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+			Expected: []string{"Cert Sign", "CRL Sign"},
 		},
 		{
 			Name:     "Test CRL Sign Key Usage",
 			KeyUsage: x509.KeyUsageCRLSign,
-			Expected: "CRL Sign",
+			Expected: []string{"CRL Sign"},
 		},
 		{
 			Name:     "Test Digital Signature Key Usage",
 			KeyUsage: x509.KeyUsageDigitalSignature,
-			Expected: "Digital Signature",
+			Expected: []string{"Digital Signature"},
 		},
 		{
 			Name:     "Test other Key Usage",
-			KeyUsage: x509.KeyUsageEncipherOnly,
-			Expected: "",
+			KeyUsage: x509.KeyUsage(0),
+			Expected: []string{},
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.Name, func(t *testing.T) {
 			got := parseKeyUsage(tt.KeyUsage)
-			if got != tt.Expected {
+			if !reflect.DeepEqual(got, tt.Expected) {
 				t.Fatalf("got %v, want %v", got, tt.Expected)
 			}
 		})