static GcrCertificateInfo*
certificate_info_load (GcrCertificate *cert)
{
GcrCertificateInfo *info;
GNode *asn1;
gconstpointer der;
gsize n_der;
g_assert (GCR_IS_CERTIFICATE (cert));
der = gcr_certificate_get_der_data (cert, &n_der);
g_return_val_if_fail (der, NULL);
info = g_object_get_qdata (G_OBJECT (cert), CERTIFICATE_INFO);
if (info != NULL) {
if (n_der == info->n_der && der == info->der)
return info;
}
/* Cache is invalid or non existent */
asn1 = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", der, n_der);
if (asn1 == NULL) {
g_warning ("a derived class provided an invalid or unparseable X.509 DER certificate data.");
return NULL;
}
info = g_new0 (GcrCertificateInfo, 1);
info->der = der;
info->n_der = n_der;
info->asn1 = asn1;
g_object_set_qdata_full (G_OBJECT (cert), CERTIFICATE_INFO, info, certificate_info_free);
return info;
}
static void
prepare_data_for_der (GcrCertificateExporter *self)
{
gconstpointer data;
gsize n_data;
data = gcr_certificate_get_der_data (self->pv->certificate, &n_data);
g_return_if_fail (data);
self->pv->buffer = g_byte_array_new ();
g_byte_array_append (self->pv->buffer, data, n_data);
}
/**
* gcr_certificate_compare:
* @first: (allow-none): the certificate to compare
* @other: (allow-none): the certificate to compare against
*
* Compare one certificate against another. If the certificates are equal
* then zero is returned. If one certificate is %NULL or not a certificate,
* then a non-zero value is returned.
*
* The return value is useful in a stable sort, but has no user logical
* meaning.
*
* Returns: zero if the certificates match, non-zero otherwise.
*/
gint
gcr_certificate_compare (GcrComparable *first, GcrComparable *other)
{
gconstpointer data1, data2;
gsize size1, size2;
if (!GCR_IS_CERTIFICATE (first))
first = NULL;
if (!GCR_IS_CERTIFICATE (other))
other = NULL;
if (first == other)
return TRUE;
if (!first)
return 1;
if (!other)
return -1;
data1 = gcr_certificate_get_der_data (GCR_CERTIFICATE (first), &size1);
data2 = gcr_certificate_get_der_data (GCR_CERTIFICATE (other), &size2);
return gcr_comparable_memcmp (data1, size1, data2, size2);
}
static GChecksum*
digest_certificate (GcrCertificate *self, GChecksumType type)
{
GChecksum *digest;
gconstpointer der;
gsize n_der;
g_assert (GCR_IS_CERTIFICATE (self));
der = gcr_certificate_get_der_data (self, &n_der);
g_return_val_if_fail (der, NULL);
digest = g_checksum_new (type);
g_return_val_if_fail (digest, NULL);
g_checksum_update (digest, der, n_der);
return digest;
}
static void
add_anchor_to_module (GcrCertificate *certificate, const gchar *purpose)
{
GckAttributes *attrs;
gconstpointer data;
gsize n_data;
data = gcr_certificate_get_der_data (certificate, &n_data);
g_assert (data);
/* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_mock_module_take_object (attrs);
}
static void
prepare_data_for_pem (GcrCertificateExporter *self)
{
gconstpointer data;
gpointer encoded;
gsize n_data, n_encoded;
data = gcr_certificate_get_der_data (self->pv->certificate, &n_data);
g_return_if_fail (data);
self->pv->buffer = g_byte_array_new ();
encoded = egg_armor_write (data, n_data,
g_quark_from_static_string ("CERTIFICATE"),
NULL, &n_encoded);
g_byte_array_append (self->pv->buffer, encoded, n_encoded);
g_free (encoded);
}
static void
add_certificate_to_module (GcrCertificate *certificate)
{
GckAttributes *attrs;
gconstpointer data;
gsize n_data, n_subject;
gpointer subject;
data = gcr_certificate_get_der_data (certificate, &n_data);
g_assert (data);
subject = gcr_certificate_get_subject_raw (certificate, &n_subject);
g_assert (subject);
/* Add a certificate to the module */
attrs = gck_attributes_new ();
gck_attributes_add_data (attrs, CKA_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_CERTIFICATE);
gck_attributes_add_ulong (attrs, CKA_CERTIFICATE_TYPE, CKC_X_509);
gck_attributes_add_data (attrs, CKA_SUBJECT, subject, n_subject);
gck_mock_module_take_object (attrs);
g_free (subject);
}
static void
build_certificate_list_for_gnutls (GcrCertificateChain *chain,
gnutls_x509_crt_t **list,
guint *n_list,
gnutls_x509_crt_t **anchors,
guint *n_anchors)
{
GcrCertificate *cert;
guint idx, length;
gnutls_x509_crt_t *retval;
gnutls_x509_crt_t gcert;
gnutls_datum_t datum;
gsize n_data;
g_assert (list);
g_assert (n_list);
g_assert (anchors);
g_assert (n_anchors);
*list = *anchors = NULL;
*n_list = *n_anchors = 0;
length = gcr_certificate_chain_get_length (chain);
retval = g_malloc0 (sizeof (gnutls_x509_crt_t) * length);
/* Convert the main body of the chain to gnutls */
for (idx = 0; idx < length; ++idx)
{
cert = gcr_certificate_chain_get_certificate (chain, idx);
datum.data = (gpointer)gcr_certificate_get_der_data (cert, &n_data);
datum.size = n_data;
gnutls_x509_crt_init (&gcert);
if (gnutls_x509_crt_import (gcert, &datum, GNUTLS_X509_FMT_DER) < 0)
g_return_if_reached ();
retval[idx] = gcert;
}
*list = retval;
*n_list = length;
/* See if we have an anchor */
if (gcr_certificate_chain_get_status (chain) ==
GCR_CERTIFICATE_CHAIN_ANCHORED)
{
cert = gcr_certificate_chain_get_anchor (chain);
g_return_if_fail (cert);
datum.data = (gpointer)gcr_certificate_get_der_data (cert, &n_data);
datum.size = n_data;
gnutls_x509_crt_init (&gcert);
if (gnutls_x509_crt_import (gcert, &datum, GNUTLS_X509_FMT_DER) < 0)
g_return_if_reached ();
retval = g_malloc0 (sizeof (gnutls_x509_crt_t) * 1);
retval[0] = gcert;
*anchors = retval;
*n_anchors = 1;
}
}
static void
refresh_display (GcrCertificateDetailsWidget *self)
{
GtkTextIter start, iter;
const guchar *data, *value;
gsize n_data, n_value;
const gchar *text;
gulong version;
guint index, size, n_bits;
gchar *display;
guchar *bits;
GNode *asn;
GQuark oid;
GDate date;
gtk_text_buffer_get_start_iter (self->pv->buffer, &start);
gtk_text_buffer_get_end_iter (self->pv->buffer, &iter);
gtk_text_buffer_delete (self->pv->buffer, &start, &iter);
if (!self->pv->certificate)
return;
data = gcr_certificate_get_der_data (self->pv->certificate, &n_data);
g_return_if_fail (data);
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", data, n_data);
g_return_if_fail (asn);
/* The subject */
append_heading (self, _("Subject Name"));
egg_dn_parse (egg_asn1x_node (asn, "tbsCertificate", "subject", "rdnSequence", NULL), on_parsed_dn_part, self);
/* The Issuer */
append_heading (self, _("Issuer Name"));
egg_dn_parse (egg_asn1x_node (asn, "tbsCertificate", "issuer", "rdnSequence", NULL), on_parsed_dn_part, self);
/* The Issued Parameters */
append_heading (self, _("Issued Certificate"));
if (!egg_asn1x_get_integer_as_ulong (egg_asn1x_node (asn, "tbsCertificate", "version", NULL), &version))
g_return_if_reached ();
display = g_strdup_printf ("%lu", version + 1);
append_field_and_value (self, _("Version"), display, FALSE);
g_free (display);
value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "tbsCertificate", "serialNumber", NULL), &n_value);
g_return_if_fail (value);
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
append_field_and_value (self, _("Serial Number"), display, TRUE);
g_free (display);
display = g_malloc0 (128);
if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notBefore", NULL), &date)) {
if (!g_date_strftime (display, 128, "%Y-%m-%d", &date))
g_return_if_reached ();
append_field_and_value (self, _("Not Valid Before"), display, FALSE);
}
if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notAfter", NULL), &date)) {
if (!g_date_strftime (display, 128, "%Y-%m-%d", &date))
g_return_if_reached ();
append_field_and_value (self, _("Not Valid After"), display, FALSE);
}
g_free (display);
/* Signature */
append_heading (self, _("Signature"));
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "signatureAlgorithm", "algorithm", NULL));
text = egg_oid_get_description (oid);
append_field_and_value (self, _("Signature Algorithm"), text, FALSE);
value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "signatureAlgorithm", "parameters", NULL), &n_value);
if (value && n_value) {
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
append_field_and_value (self, _("Signature Parameters"), display, TRUE);
g_free (display);
}
value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "signature", NULL), &n_value);
g_return_if_fail (value);
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
append_field_and_value (self, _("Signature"), display, TRUE);
g_free (display);
/* Public Key Info */
append_heading (self, _("Public Key Info"));
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo", "algorithm", "algorithm", NULL));
text = egg_oid_get_description (oid);
append_field_and_value (self, _("Key Algorithm"), text, FALSE);
value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo", "algorithm", "parameters", NULL), &n_value);
if (value && n_value) {
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
append_field_and_value (self, _("Key Parameters"), display, TRUE);
g_free (display);
}
size = gcr_certificate_get_key_size (self->pv->certificate);
if (size > 0) {
display = g_strdup_printf ("%u", size);
append_field_and_value (self, _("Key Size"), display, FALSE);
g_free (display);
}
bits = egg_asn1x_get_bits_as_raw (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo", "subjectPublicKey", NULL), NULL, &n_bits);
g_return_if_fail (bits);
display = egg_hex_encode_full (bits, n_bits / 8, TRUE, ' ', 1);
append_field_and_value (self, _("Public Key"), display, TRUE);
g_free (display);
g_free (bits);
/* Fingerprints */
append_heading (self, _("Fingerprints"));
append_fingerprint (self, data, n_data, "SHA1", G_CHECKSUM_SHA1);
append_fingerprint (self, data, n_data, "MD5", G_CHECKSUM_MD5);
/* Extensions */
for (index = 1; TRUE; ++index) {
if (!append_extension (self, asn, data, n_data, index))
break;
}
egg_asn1x_destroy (asn);
}
