/** * gcr_certificate_get_der_data: * @self: a #GcrCertificate * @n_data: a pointer to a location to store the size of the resulting DER data. * * Gets the raw DER data for an X.509 certificate. * * Returns: raw DER data of the X.509 certificate. **/ gconstpointer gcr_certificate_get_der_data (GcrCertificate *self, gsize *n_data) { g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (GCR_CERTIFICATE_GET_INTERFACE (self)->get_der_data, NULL); return GCR_CERTIFICATE_GET_INTERFACE (self)->get_der_data (self, n_data); }
static GcrCertificateInfo* certificate_info_load (GcrCertificate *cert) { GcrCertificateInfo *info; GNode *asn1; gconstpointer der; gsize n_der; g_assert (GCR_IS_CERTIFICATE (cert)); der = gcr_certificate_get_der_data (cert, &n_der); g_return_val_if_fail (der, NULL); info = g_object_get_qdata (G_OBJECT (cert), CERTIFICATE_INFO); if (info != NULL) { if (n_der == info->n_der && der == info->der) return info; } /* Cache is invalid or non existent */ asn1 = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", der, n_der); if (asn1 == NULL) { g_warning ("a derived class provided an invalid or unparseable X.509 DER certificate data."); return NULL; } info = g_new0 (GcrCertificateInfo, 1); info->der = der; info->n_der = n_der; info->asn1 = asn1; g_object_set_qdata_full (G_OBJECT (cert), CERTIFICATE_INFO, info, certificate_info_free); return info; }
static void on_parser_parsed (GcrParser *parser, gpointer user_data) { GcrSimpleCollection *collection = user_data; GcrSimpleCollection *testcol; GcrRenderer *renderer; gchar *group; renderer = gcr_renderer_create (gcr_parser_get_parsed_label (parser), gcr_parser_get_parsed_attributes (parser)); if (renderer == NULL) return; if (GCR_IS_CERTIFICATE (renderer)) group = gcr_certificate_get_subject_part (GCR_CERTIFICATE (renderer), "O"); else group = g_strdup (G_OBJECT_TYPE_NAME (renderer)); testcol = test_collection_instance (group); if (!gcr_simple_collection_contains (collection, G_OBJECT (testcol))) gcr_simple_collection_add (collection, G_OBJECT (testcol)); gcr_simple_collection_add (GCR_SIMPLE_COLLECTION (testcol), G_OBJECT (renderer)); g_object_unref (renderer); g_object_unref (testcol); g_free (group); }
/** * gcr_certificate_is_issuer: * @self: a #GcrCertificate * @issuer: a possible issuer #GcrCertificate * * Check if @issuer could be the issuer of this certificate. This is done by * comparing the relevant subject and issuer fields. No signature check is * done. Proper verification of certificates must be done via a crypto * library. * * Returns: whether @issuer could be the issuer of the certificate. */ gboolean gcr_certificate_is_issuer (GcrCertificate *self, GcrCertificate *issuer) { gconstpointer subject_dn, issuer_dn; gsize n_subject_dn, n_issuer_dn; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE); g_return_val_if_fail (GCR_IS_CERTIFICATE (issuer), FALSE); subject_dn = _gcr_certificate_get_subject_const (issuer, &n_subject_dn); g_return_val_if_fail (subject_dn, FALSE); issuer_dn = _gcr_certificate_get_issuer_const (self, &n_issuer_dn); g_return_val_if_fail (issuer_dn, FALSE); return (n_issuer_dn == n_subject_dn && memcmp (issuer_dn, subject_dn, n_issuer_dn) == 0); }
/** * gcr_certificate_get_issuer_raw: * @self: a #GcrCertificate * @n_data: The length of the returned data. * * Get the raw DER data for the issuer DN of the certificate. * * The data should be freed by using g_free() when no longer required. * * Returns: allocated memory containing the raw issuer. */ gpointer gcr_certificate_get_issuer_raw (GcrCertificate *self, gsize *n_data) { gconstpointer data; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_data, NULL); data = _gcr_certificate_get_issuer_const (self, n_data); return g_memdup (data, data ? *n_data : 0); }
/** * gcr_certificate_get_subject_dn: * @self: a #GcrCertificate * * Get the full subject DN of the certificate as a (mostly) * readable string. * * The string returned should be freed by the caller when no longer * required. * * Returns: The allocated subject DN of the certificate. */ gchar* gcr_certificate_get_subject_dn (GcrCertificate *self) { GcrCertificateInfo *info; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); return egg_dn_read (egg_asn1x_node (info->asn1, "tbsCertificate", "subject", "rdnSequence", NULL)); }
static EggBytes * _gcr_certificate_get_subject_const (GcrCertificate *self) { GcrCertificateInfo *info; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); return egg_asn1x_get_element_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "subject", NULL)); }
/** * gcr_certificate_get_issuer_part: * @self: a #GcrCertificate * @part: a DN type string or OID. * * Get a part of the DN of the issuer of this certificate. * * Examples of a @part might be the 'OU' (organizational unit) * or the 'CN' (common name). Only the value of that part * of the DN is returned. * * The string returned should be freed by the caller when no longer * required. * * Returns: The allocated part of the issuer DN, or NULL if no such part is present. */ gchar* gcr_certificate_get_issuer_part (GcrCertificate *self, const char *part) { GcrCertificateInfo *info; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); return egg_dn_read_part (egg_asn1x_node (info->asn1, "tbsCertificate", "issuer", "rdnSequence", NULL), part); }
static const guchar* gcr_simple_certificate_real_get_der_data (GcrCertificate *base, gsize *n_data) { GcrSimpleCertificate *self = GCR_SIMPLE_CERTIFICATE (base); g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_data, NULL); g_return_val_if_fail (self->pv->owned_data, NULL); /* This is called when we're not a base class */ *n_data = self->pv->n_owned_data; return self->pv->owned_data; }
/** * gcr_certificate_get_serial_number: * @self: a #GcrCertificate * @n_length: the length of the returned data. * * Get the raw binary serial number of the certificate. * * The caller should free the returned data using g_free() when * it is no longer required. * * Returns: the raw binary serial number. */ guchar* gcr_certificate_get_serial_number (GcrCertificate *self, gsize *n_length) { GcrCertificateInfo *info; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_length, NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); return egg_asn1x_get_integer_as_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "serialNumber", NULL), NULL, n_length); }
/** * gcr_certificate_compare: * @first: (allow-none): the certificate to compare * @other: (allow-none): the certificate to compare against * * Compare one certificate against another. If the certificates are equal * then zero is returned. If one certificate is %NULL or not a certificate, * then a non-zero value is returned. * * The return value is useful in a stable sort, but has no user logical * meaning. * * Returns: zero if the certificates match, non-zero otherwise. */ gint gcr_certificate_compare (GcrComparable *first, GcrComparable *other) { gconstpointer data1, data2; gsize size1, size2; if (!GCR_IS_CERTIFICATE (first)) first = NULL; if (!GCR_IS_CERTIFICATE (other)) other = NULL; if (first == other) return TRUE; if (!first) return 1; if (!other) return -1; data1 = gcr_certificate_get_der_data (GCR_CERTIFICATE (first), &size1); data2 = gcr_certificate_get_der_data (GCR_CERTIFICATE (other), &size2); return gcr_comparable_memcmp (data1, size1, data2, size2); }
/** * gcr_certificate_is_issuer: * @self: a #GcrCertificate * @issuer: a possible issuer #GcrCertificate * * Check if @issuer could be the issuer of this certificate. This is done by * comparing the relevant subject and issuer fields. No signature check is * done. Proper verification of certificates must be done via a crypto * library. * * Returns: whether @issuer could be the issuer of the certificate. */ gboolean gcr_certificate_is_issuer (GcrCertificate *self, GcrCertificate *issuer) { EggBytes *subject_dn; EggBytes *issuer_dn; gboolean ret; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE); g_return_val_if_fail (GCR_IS_CERTIFICATE (issuer), FALSE); subject_dn = _gcr_certificate_get_subject_const (issuer); g_return_val_if_fail (subject_dn, FALSE); issuer_dn = _gcr_certificate_get_issuer_const (self); g_return_val_if_fail (issuer_dn, FALSE); ret = egg_bytes_equal (subject_dn, issuer_dn); egg_bytes_unref (subject_dn); egg_bytes_unref (issuer_dn); return ret; }
/** * gcr_certificate_mixin_emit_notify: * @self: the #GcrCertificate * * Implementers of the #GcrCertificate mixin should call this function to notify * when the certificate has changed to emit notifications on the various * properties. */ void gcr_certificate_mixin_emit_notify (GcrCertificate *self) { GObject *obj; g_return_if_fail (GCR_IS_CERTIFICATE (self)); obj = G_OBJECT (self); g_object_notify (obj, "label"); g_object_notify (obj, "markup"); g_object_notify (obj, "subject"); g_object_notify (obj, "issuer"); g_object_notify (obj, "expiry"); }
/** * gcr_certificate_get_key_size: * @self: a #GcrCertificate * * Get the key size in bits of the public key represented * by this certificate. * * Returns: The key size of the certificate. */ guint gcr_certificate_get_key_size (GcrCertificate *self) { GcrCertificateInfo *info; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), 0); info = certificate_info_load (self); g_return_val_if_fail (info, 0); if (!info->key_size) info->key_size = calculate_key_size (info); return info->key_size; }
/** * gcr_certificate_get_subject_raw: * @self: a #GcrCertificate * @n_data: The length of the returned data. * * Get the raw DER data for the subject DN of the certificate. * * The data should be freed by using g_free() when no longer required. * * Returns: allocated memory containing the raw subject. */ gpointer gcr_certificate_get_subject_raw (GcrCertificate *self, gsize *n_data) { GcrCertificateInfo *info; gconstpointer data; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_data, NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); data = _gcr_certificate_get_subject_const (self, n_data); return g_memdup (data, data ? *n_data : 0); }
/** * gcr_certificate_get_serial_number_hex: * @self: a #GcrCertificate * * Get the serial number of the certificate as a hex string. * * The caller should free the returned data using g_free() when * it is no longer required. * * Returns: an allocated string containing the serial number as hex. */ gchar* gcr_certificate_get_serial_number_hex (GcrCertificate *self) { guchar *serial; gsize n_serial; gchar *hex; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); serial = gcr_certificate_get_serial_number (self, &n_serial); if (serial == NULL) return NULL; hex = egg_hex_encode (serial, n_serial); g_free (serial); return hex; }
static GChecksum* digest_certificate (GcrCertificate *self, GChecksumType type) { GChecksum *digest; gconstpointer der; gsize n_der; g_assert (GCR_IS_CERTIFICATE (self)); der = gcr_certificate_get_der_data (self, &n_der); g_return_val_if_fail (der, NULL); digest = g_checksum_new (type); g_return_val_if_fail (digest, NULL); g_checksum_update (digest, der, n_der); return digest; }
/** * gcr_certificate_get_expiry_date: * @self: a #GcrCertificate * * Get the expiry date of this certificate. * * The #GDate returned should be freed by the caller using * g_date_free() when no longer required. * * Returns: An allocated expiry date of this certificate. */ GDate* gcr_certificate_get_expiry_date (GcrCertificate *self) { GcrCertificateInfo *info; GDate *date; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); date = g_date_new (); if (!egg_asn1x_get_time_as_date (egg_asn1x_node (info->asn1, "tbsCertificate", "validity", "notAfter", NULL), date)) { g_date_free (date); return NULL; } return date; }
/** * gcr_certificate_get_key_size: * @self: a #GcrCertificate * * Get the key size in bits of the public key represented * by this certificate. * * Returns: The key size of the certificate. */ guint gcr_certificate_get_key_size (GcrCertificate *self) { GcrCertificateInfo *info; GNode *subject_public_key; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), 0); info = certificate_info_load (self); g_return_val_if_fail (info, 0); if (!info->key_size) { subject_public_key = egg_asn1x_node (info->asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL); info->key_size = _gcr_subject_public_key_calculate_size (subject_public_key); } return info->key_size; }
/** * gcr_certificate_get_subject_raw: * @self: a #GcrCertificate * @n_data: The length of the returned data. * * Get the raw DER data for the subject DN of the certificate. * * The data should be freed by using g_free() when no longer required. * * Returns: (transfer full) (array length=n_data): allocated memory containing * the raw subject */ guchar * gcr_certificate_get_subject_raw (GcrCertificate *self, gsize *n_data) { EggBytes *bytes; guchar *result; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_data != NULL, NULL); bytes = _gcr_certificate_get_subject_const (self); if (bytes == NULL) return NULL; *n_data = egg_bytes_get_size (bytes); result = g_memdup (egg_bytes_get_data (bytes), *n_data); egg_bytes_unref (bytes); return result; }
/** * gcr_certificate_get_fingerprint: * @self: a #GcrCertificate * @type: the type of algorithm for the fingerprint. * @n_length: The length of the resulting fingerprint. * * Calculate the fingerprint for this certificate. * * You can pass G_CHECKSUM_SHA1 or G_CHECKSUM_MD5 as the @type * parameter. * * The caller should free the returned data using g_free() when * it is no longer required. * * Returns: the raw binary fingerprint. **/ guchar* gcr_certificate_get_fingerprint (GcrCertificate *self, GChecksumType type, gsize *n_length) { GChecksum *sum; guchar *digest; gssize length; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_length, NULL); sum = digest_certificate (self, type); g_return_val_if_fail (sum, NULL); length = g_checksum_type_get_length (type); g_return_val_if_fail (length > 0, NULL); digest = g_malloc (length); *n_length = length; g_checksum_get_digest (sum, digest, n_length); g_checksum_free (sum); return digest; }
/** * gcr_certificate_get_serial_number: * @self: a #GcrCertificate * @n_length: the length of the returned data. * * Get the raw binary serial number of the certificate. * * The caller should free the returned data using g_free() when * it is no longer required. * * Returns: (array length=n_length): the raw binary serial number. */ guchar * gcr_certificate_get_serial_number (GcrCertificate *self, gsize *n_length) { GcrCertificateInfo *info; EggBytes *bytes; guchar *result; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); g_return_val_if_fail (n_length != NULL, NULL); info = certificate_info_load (self); g_return_val_if_fail (info, NULL); bytes = egg_asn1x_get_integer_as_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "serialNumber", NULL)); g_return_val_if_fail (bytes != NULL, NULL); *n_length = egg_bytes_get_size (bytes); result = g_memdup (egg_bytes_get_data (bytes), *n_length); egg_bytes_unref (bytes); return result; }
/** * gcr_certificate_get_fingerprint_hex: * @self: a #GcrCertificate * @type: the type of algorithm for the fingerprint. * * Calculate the fingerprint for this certificate, and return it * as a hex string. * * You can pass G_CHECKSUM_SHA1 or G_CHECKSUM_MD5 as the @type * parameter. * * The caller should free the returned data using g_free() when * it is no longer required. * * Returns: an allocated hex string which contains the fingerprint. */ gchar* gcr_certificate_get_fingerprint_hex (GcrCertificate *self, GChecksumType type) { GChecksum *sum; guchar *digest; gsize n_digest; gssize length; gchar *hex; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); sum = digest_certificate (self, type); g_return_val_if_fail (sum, NULL); length = g_checksum_type_get_length (type); g_return_val_if_fail (length > 0, NULL); digest = g_malloc (length); n_digest = length; g_checksum_get_digest (sum, digest, &n_digest); hex = egg_hex_encode_full (digest, n_digest, TRUE, ' ', 1); g_checksum_free (sum); g_free (digest); return hex; }
/** * gcr_certificate_get_basic_constraints: * @self: the certificate * @is_ca: (allow-none): location to place a %TRUE if is an authority * @path_len: (allow-none): location to place the max path length * * Get the basic constraints for the certificate if present. If %FALSE is * returned then no basic constraints are present and the @is_ca and * @path_len arguments are not changed. * * Returns: whether basic constraints are present or not */ gboolean gcr_certificate_get_basic_constraints (GcrCertificate *self, gboolean *is_ca, gint *path_len) { GcrCertificateInfo *info; EggBytes *value; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE); info = certificate_info_load (self); g_return_val_if_fail (info, FALSE); value = _gcr_certificate_extension_find (info->asn1, GCR_OID_BASIC_CONSTRAINTS, NULL); if (!value) return FALSE; if (!_gcr_certificate_extension_basic_constraints (value, is_ca, path_len)) g_return_val_if_reached (FALSE); egg_bytes_unref (value); return TRUE; }
/** * gcr_certificate_get_icon: * @self: The certificate * * Get the icon for a certificate. * * Returns: (transfer full): the icon for this certificate, which should be * released with g_object_unref() */ GIcon * gcr_certificate_get_icon (GcrCertificate *self) { g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE); return g_themed_icon_new (GCR_ICON_CERTIFICATE); }