/**
* gcr_certificate_get_der_data:
* @self: a #GcrCertificate
* @n_data: a pointer to a location to store the size of the resulting DER data.
*
* Gets the raw DER data for an X.509 certificate.
*
* Returns: raw DER data of the X.509 certificate.
**/
gconstpointer
gcr_certificate_get_der_data (GcrCertificate *self, gsize *n_data)
{
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (GCR_CERTIFICATE_GET_INTERFACE (self)->get_der_data, NULL);
return GCR_CERTIFICATE_GET_INTERFACE (self)->get_der_data (self, n_data);
}
static GcrCertificateInfo*
certificate_info_load (GcrCertificate *cert)
{
GcrCertificateInfo *info;
GNode *asn1;
gconstpointer der;
gsize n_der;
g_assert (GCR_IS_CERTIFICATE (cert));
der = gcr_certificate_get_der_data (cert, &n_der);
g_return_val_if_fail (der, NULL);
info = g_object_get_qdata (G_OBJECT (cert), CERTIFICATE_INFO);
if (info != NULL) {
if (n_der == info->n_der && der == info->der)
return info;
}
/* Cache is invalid or non existent */
asn1 = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", der, n_der);
if (asn1 == NULL) {
g_warning ("a derived class provided an invalid or unparseable X.509 DER certificate data.");
return NULL;
}
info = g_new0 (GcrCertificateInfo, 1);
info->der = der;
info->n_der = n_der;
info->asn1 = asn1;
g_object_set_qdata_full (G_OBJECT (cert), CERTIFICATE_INFO, info, certificate_info_free);
return info;
}
static void
on_parser_parsed (GcrParser *parser, gpointer user_data)
{
GcrSimpleCollection *collection = user_data;
GcrSimpleCollection *testcol;
GcrRenderer *renderer;
gchar *group;
renderer = gcr_renderer_create (gcr_parser_get_parsed_label (parser),
gcr_parser_get_parsed_attributes (parser));
if (renderer == NULL)
return;
if (GCR_IS_CERTIFICATE (renderer))
group = gcr_certificate_get_subject_part (GCR_CERTIFICATE (renderer), "O");
else
group = g_strdup (G_OBJECT_TYPE_NAME (renderer));
testcol = test_collection_instance (group);
if (!gcr_simple_collection_contains (collection, G_OBJECT (testcol)))
gcr_simple_collection_add (collection, G_OBJECT (testcol));
gcr_simple_collection_add (GCR_SIMPLE_COLLECTION (testcol), G_OBJECT (renderer));
g_object_unref (renderer);
g_object_unref (testcol);
g_free (group);
}
/**
* gcr_certificate_is_issuer:
* @self: a #GcrCertificate
* @issuer: a possible issuer #GcrCertificate
*
* Check if @issuer could be the issuer of this certificate. This is done by
* comparing the relevant subject and issuer fields. No signature check is
* done. Proper verification of certificates must be done via a crypto
* library.
*
* Returns: whether @issuer could be the issuer of the certificate.
*/
gboolean
gcr_certificate_is_issuer (GcrCertificate *self, GcrCertificate *issuer)
{
gconstpointer subject_dn, issuer_dn;
gsize n_subject_dn, n_issuer_dn;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE);
g_return_val_if_fail (GCR_IS_CERTIFICATE (issuer), FALSE);
subject_dn = _gcr_certificate_get_subject_const (issuer, &n_subject_dn);
g_return_val_if_fail (subject_dn, FALSE);
issuer_dn = _gcr_certificate_get_issuer_const (self, &n_issuer_dn);
g_return_val_if_fail (issuer_dn, FALSE);
return (n_issuer_dn == n_subject_dn &&
memcmp (issuer_dn, subject_dn, n_issuer_dn) == 0);
}
/**
* gcr_certificate_get_issuer_raw:
* @self: a #GcrCertificate
* @n_data: The length of the returned data.
*
* Get the raw DER data for the issuer DN of the certificate.
*
* The data should be freed by using g_free() when no longer required.
*
* Returns: allocated memory containing the raw issuer.
*/
gpointer
gcr_certificate_get_issuer_raw (GcrCertificate *self, gsize *n_data)
{
gconstpointer data;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_data, NULL);
data = _gcr_certificate_get_issuer_const (self, n_data);
return g_memdup (data, data ? *n_data : 0);
}
/**
* gcr_certificate_get_subject_dn:
* @self: a #GcrCertificate
*
* Get the full subject DN of the certificate as a (mostly)
* readable string.
*
* The string returned should be freed by the caller when no longer
* required.
*
* Returns: The allocated subject DN of the certificate.
*/
gchar*
gcr_certificate_get_subject_dn (GcrCertificate *self)
{
GcrCertificateInfo *info;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
return egg_dn_read (egg_asn1x_node (info->asn1, "tbsCertificate", "subject", "rdnSequence", NULL));
}
static EggBytes *
_gcr_certificate_get_subject_const (GcrCertificate *self)
{
GcrCertificateInfo *info;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
return egg_asn1x_get_element_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "subject", NULL));
}
/**
* gcr_certificate_get_issuer_part:
* @self: a #GcrCertificate
* @part: a DN type string or OID.
*
* Get a part of the DN of the issuer of this certificate.
*
* Examples of a @part might be the 'OU' (organizational unit)
* or the 'CN' (common name). Only the value of that part
* of the DN is returned.
*
* The string returned should be freed by the caller when no longer
* required.
*
* Returns: The allocated part of the issuer DN, or NULL if no such part is present.
*/
gchar*
gcr_certificate_get_issuer_part (GcrCertificate *self, const char *part)
{
GcrCertificateInfo *info;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
return egg_dn_read_part (egg_asn1x_node (info->asn1, "tbsCertificate", "issuer", "rdnSequence", NULL), part);
}
static const guchar*
gcr_simple_certificate_real_get_der_data (GcrCertificate *base, gsize *n_data)
{
GcrSimpleCertificate *self = GCR_SIMPLE_CERTIFICATE (base);
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_data, NULL);
g_return_val_if_fail (self->pv->owned_data, NULL);
/* This is called when we're not a base class */
*n_data = self->pv->n_owned_data;
return self->pv->owned_data;
}
/**
* gcr_certificate_get_serial_number:
* @self: a #GcrCertificate
* @n_length: the length of the returned data.
*
* Get the raw binary serial number of the certificate.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: the raw binary serial number.
*/
guchar*
gcr_certificate_get_serial_number (GcrCertificate *self, gsize *n_length)
{
GcrCertificateInfo *info;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_length, NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
return egg_asn1x_get_integer_as_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "serialNumber", NULL), NULL, n_length);
}
/**
* gcr_certificate_compare:
* @first: (allow-none): the certificate to compare
* @other: (allow-none): the certificate to compare against
*
* Compare one certificate against another. If the certificates are equal
* then zero is returned. If one certificate is %NULL or not a certificate,
* then a non-zero value is returned.
*
* The return value is useful in a stable sort, but has no user logical
* meaning.
*
* Returns: zero if the certificates match, non-zero otherwise.
*/
gint
gcr_certificate_compare (GcrComparable *first, GcrComparable *other)
{
gconstpointer data1, data2;
gsize size1, size2;
if (!GCR_IS_CERTIFICATE (first))
first = NULL;
if (!GCR_IS_CERTIFICATE (other))
other = NULL;
if (first == other)
return TRUE;
if (!first)
return 1;
if (!other)
return -1;
data1 = gcr_certificate_get_der_data (GCR_CERTIFICATE (first), &size1);
data2 = gcr_certificate_get_der_data (GCR_CERTIFICATE (other), &size2);
return gcr_comparable_memcmp (data1, size1, data2, size2);
}
/**
* gcr_certificate_is_issuer:
* @self: a #GcrCertificate
* @issuer: a possible issuer #GcrCertificate
*
* Check if @issuer could be the issuer of this certificate. This is done by
* comparing the relevant subject and issuer fields. No signature check is
* done. Proper verification of certificates must be done via a crypto
* library.
*
* Returns: whether @issuer could be the issuer of the certificate.
*/
gboolean
gcr_certificate_is_issuer (GcrCertificate *self, GcrCertificate *issuer)
{
EggBytes *subject_dn;
EggBytes *issuer_dn;
gboolean ret;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE);
g_return_val_if_fail (GCR_IS_CERTIFICATE (issuer), FALSE);
subject_dn = _gcr_certificate_get_subject_const (issuer);
g_return_val_if_fail (subject_dn, FALSE);
issuer_dn = _gcr_certificate_get_issuer_const (self);
g_return_val_if_fail (issuer_dn, FALSE);
ret = egg_bytes_equal (subject_dn, issuer_dn);
egg_bytes_unref (subject_dn);
egg_bytes_unref (issuer_dn);
return ret;
}
/**
* gcr_certificate_mixin_emit_notify:
* @self: the #GcrCertificate
*
* Implementers of the #GcrCertificate mixin should call this function to notify
* when the certificate has changed to emit notifications on the various
* properties.
*/
void
gcr_certificate_mixin_emit_notify (GcrCertificate *self)
{
GObject *obj;
g_return_if_fail (GCR_IS_CERTIFICATE (self));
obj = G_OBJECT (self);
g_object_notify (obj, "label");
g_object_notify (obj, "markup");
g_object_notify (obj, "subject");
g_object_notify (obj, "issuer");
g_object_notify (obj, "expiry");
}
/**
* gcr_certificate_get_key_size:
* @self: a #GcrCertificate
*
* Get the key size in bits of the public key represented
* by this certificate.
*
* Returns: The key size of the certificate.
*/
guint
gcr_certificate_get_key_size (GcrCertificate *self)
{
GcrCertificateInfo *info;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), 0);
info = certificate_info_load (self);
g_return_val_if_fail (info, 0);
if (!info->key_size)
info->key_size = calculate_key_size (info);
return info->key_size;
}
/**
* gcr_certificate_get_subject_raw:
* @self: a #GcrCertificate
* @n_data: The length of the returned data.
*
* Get the raw DER data for the subject DN of the certificate.
*
* The data should be freed by using g_free() when no longer required.
*
* Returns: allocated memory containing the raw subject.
*/
gpointer
gcr_certificate_get_subject_raw (GcrCertificate *self, gsize *n_data)
{
GcrCertificateInfo *info;
gconstpointer data;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_data, NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
data = _gcr_certificate_get_subject_const (self, n_data);
return g_memdup (data, data ? *n_data : 0);
}
/**
* gcr_certificate_get_serial_number_hex:
* @self: a #GcrCertificate
*
* Get the serial number of the certificate as a hex string.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: an allocated string containing the serial number as hex.
*/
gchar*
gcr_certificate_get_serial_number_hex (GcrCertificate *self)
{
guchar *serial;
gsize n_serial;
gchar *hex;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
serial = gcr_certificate_get_serial_number (self, &n_serial);
if (serial == NULL)
return NULL;
hex = egg_hex_encode (serial, n_serial);
g_free (serial);
return hex;
}
static GChecksum*
digest_certificate (GcrCertificate *self, GChecksumType type)
{
GChecksum *digest;
gconstpointer der;
gsize n_der;
g_assert (GCR_IS_CERTIFICATE (self));
der = gcr_certificate_get_der_data (self, &n_der);
g_return_val_if_fail (der, NULL);
digest = g_checksum_new (type);
g_return_val_if_fail (digest, NULL);
g_checksum_update (digest, der, n_der);
return digest;
}
/**
* gcr_certificate_get_expiry_date:
* @self: a #GcrCertificate
*
* Get the expiry date of this certificate.
*
* The #GDate returned should be freed by the caller using
* g_date_free() when no longer required.
*
* Returns: An allocated expiry date of this certificate.
*/
GDate*
gcr_certificate_get_expiry_date (GcrCertificate *self)
{
GcrCertificateInfo *info;
GDate *date;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
date = g_date_new ();
if (!egg_asn1x_get_time_as_date (egg_asn1x_node (info->asn1, "tbsCertificate", "validity", "notAfter", NULL), date)) {
g_date_free (date);
return NULL;
}
return date;
}
/**
* gcr_certificate_get_key_size:
* @self: a #GcrCertificate
*
* Get the key size in bits of the public key represented
* by this certificate.
*
* Returns: The key size of the certificate.
*/
guint
gcr_certificate_get_key_size (GcrCertificate *self)
{
GcrCertificateInfo *info;
GNode *subject_public_key;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), 0);
info = certificate_info_load (self);
g_return_val_if_fail (info, 0);
if (!info->key_size) {
subject_public_key = egg_asn1x_node (info->asn1, "tbsCertificate",
"subjectPublicKeyInfo", NULL);
info->key_size = _gcr_subject_public_key_calculate_size (subject_public_key);
}
return info->key_size;
}
/**
* gcr_certificate_get_subject_raw:
* @self: a #GcrCertificate
* @n_data: The length of the returned data.
*
* Get the raw DER data for the subject DN of the certificate.
*
* The data should be freed by using g_free() when no longer required.
*
* Returns: (transfer full) (array length=n_data): allocated memory containing
* the raw subject
*/
guchar *
gcr_certificate_get_subject_raw (GcrCertificate *self, gsize *n_data)
{
EggBytes *bytes;
guchar *result;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_data != NULL, NULL);
bytes = _gcr_certificate_get_subject_const (self);
if (bytes == NULL)
return NULL;
*n_data = egg_bytes_get_size (bytes);
result = g_memdup (egg_bytes_get_data (bytes), *n_data);
egg_bytes_unref (bytes);
return result;
}
/**
* gcr_certificate_get_fingerprint:
* @self: a #GcrCertificate
* @type: the type of algorithm for the fingerprint.
* @n_length: The length of the resulting fingerprint.
*
* Calculate the fingerprint for this certificate.
*
* You can pass G_CHECKSUM_SHA1 or G_CHECKSUM_MD5 as the @type
* parameter.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: the raw binary fingerprint.
**/
guchar*
gcr_certificate_get_fingerprint (GcrCertificate *self, GChecksumType type, gsize *n_length)
{
GChecksum *sum;
guchar *digest;
gssize length;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_length, NULL);
sum = digest_certificate (self, type);
g_return_val_if_fail (sum, NULL);
length = g_checksum_type_get_length (type);
g_return_val_if_fail (length > 0, NULL);
digest = g_malloc (length);
*n_length = length;
g_checksum_get_digest (sum, digest, n_length);
g_checksum_free (sum);
return digest;
}
/**
* gcr_certificate_get_serial_number:
* @self: a #GcrCertificate
* @n_length: the length of the returned data.
*
* Get the raw binary serial number of the certificate.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: (array length=n_length): the raw binary serial number.
*/
guchar *
gcr_certificate_get_serial_number (GcrCertificate *self, gsize *n_length)
{
GcrCertificateInfo *info;
EggBytes *bytes;
guchar *result;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_length != NULL, NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
bytes = egg_asn1x_get_integer_as_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "serialNumber", NULL));
g_return_val_if_fail (bytes != NULL, NULL);
*n_length = egg_bytes_get_size (bytes);
result = g_memdup (egg_bytes_get_data (bytes), *n_length);
egg_bytes_unref (bytes);
return result;
}
/**
* gcr_certificate_get_fingerprint_hex:
* @self: a #GcrCertificate
* @type: the type of algorithm for the fingerprint.
*
* Calculate the fingerprint for this certificate, and return it
* as a hex string.
*
* You can pass G_CHECKSUM_SHA1 or G_CHECKSUM_MD5 as the @type
* parameter.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: an allocated hex string which contains the fingerprint.
*/
gchar*
gcr_certificate_get_fingerprint_hex (GcrCertificate *self, GChecksumType type)
{
GChecksum *sum;
guchar *digest;
gsize n_digest;
gssize length;
gchar *hex;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
sum = digest_certificate (self, type);
g_return_val_if_fail (sum, NULL);
length = g_checksum_type_get_length (type);
g_return_val_if_fail (length > 0, NULL);
digest = g_malloc (length);
n_digest = length;
g_checksum_get_digest (sum, digest, &n_digest);
hex = egg_hex_encode_full (digest, n_digest, TRUE, ' ', 1);
g_checksum_free (sum);
g_free (digest);
return hex;
}
/**
* gcr_certificate_get_basic_constraints:
* @self: the certificate
* @is_ca: (allow-none): location to place a %TRUE if is an authority
* @path_len: (allow-none): location to place the max path length
*
* Get the basic constraints for the certificate if present. If %FALSE is
* returned then no basic constraints are present and the @is_ca and
* @path_len arguments are not changed.
*
* Returns: whether basic constraints are present or not
*/
gboolean
gcr_certificate_get_basic_constraints (GcrCertificate *self,
gboolean *is_ca,
gint *path_len)
{
GcrCertificateInfo *info;
EggBytes *value;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE);
info = certificate_info_load (self);
g_return_val_if_fail (info, FALSE);
value = _gcr_certificate_extension_find (info->asn1, GCR_OID_BASIC_CONSTRAINTS, NULL);
if (!value)
return FALSE;
if (!_gcr_certificate_extension_basic_constraints (value, is_ca, path_len))
g_return_val_if_reached (FALSE);
egg_bytes_unref (value);
return TRUE;
}
/**
* gcr_certificate_get_icon:
* @self: The certificate
*
* Get the icon for a certificate.
*
* Returns: (transfer full): the icon for this certificate, which should be
* released with g_object_unref()
*/
GIcon *
gcr_certificate_get_icon (GcrCertificate *self)
{
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE);
return g_themed_icon_new (GCR_ICON_CERTIFICATE);
}
