static void debug_certificate_chain (GcrCertificateChain *chain) { GEnumClass *enum_class; GEnumValue *enum_value; gint idx, length; GcrCertificate *cert; enum_class = G_ENUM_CLASS (g_type_class_peek (GCR_TYPE_CERTIFICATE_CHAIN_STATUS)); enum_value = g_enum_get_value (enum_class, gcr_certificate_chain_get_status (chain)); length = gcr_certificate_chain_get_length (chain); DEBUG ("Certificate chain: length %u status %s", length, enum_value ? enum_value->value_nick : "XXX"); for (idx = 0; idx < length; ++idx) { cert = gcr_certificate_chain_get_certificate (chain, idx); debug_certificate (cert); } }
static void build_certificate_list_for_gnutls (GcrCertificateChain *chain, gnutls_x509_crt_t **list, guint *n_list, gnutls_x509_crt_t **anchors, guint *n_anchors) { GcrCertificate *cert; guint idx, length; gnutls_x509_crt_t *retval; gnutls_x509_crt_t gcert; gnutls_datum_t datum; gsize n_data; g_assert (list); g_assert (n_list); g_assert (anchors); g_assert (n_anchors); *list = *anchors = NULL; *n_list = *n_anchors = 0; length = gcr_certificate_chain_get_length (chain); retval = g_malloc0 (sizeof (gnutls_x509_crt_t) * length); /* Convert the main body of the chain to gnutls */ for (idx = 0; idx < length; ++idx) { cert = gcr_certificate_chain_get_certificate (chain, idx); datum.data = (gpointer)gcr_certificate_get_der_data (cert, &n_data); datum.size = n_data; gnutls_x509_crt_init (&gcert); if (gnutls_x509_crt_import (gcert, &datum, GNUTLS_X509_FMT_DER) < 0) g_return_if_reached (); retval[idx] = gcert; } *list = retval; *n_list = length; /* See if we have an anchor */ if (gcr_certificate_chain_get_status (chain) == GCR_CERTIFICATE_CHAIN_ANCHORED) { cert = gcr_certificate_chain_get_anchor (chain); g_return_if_fail (cert); datum.data = (gpointer)gcr_certificate_get_der_data (cert, &n_data); datum.size = n_data; gnutls_x509_crt_init (&gcert); if (gnutls_x509_crt_import (gcert, &datum, GNUTLS_X509_FMT_DER) < 0) g_return_if_reached (); retval = g_malloc0 (sizeof (gnutls_x509_crt_t) * 1); retval[0] = gcert; *anchors = retval; *n_anchors = 1; } }
static void load_chain (PatrolDialogWindow *self, PatrolDialogRecord *r, guint idx, GtkWidget *container) { /* build tree model */ GtkTreeStore *tree_store = gtk_tree_store_new(COLS_NUM, G_TYPE_STRING, G_TYPE_BOOLEAN, G_TYPE_INT, G_TYPE_POINTER, G_TYPE_POINTER); GtkTreeIter *parent = NULL, iter; gint i, num_certs = gcr_certificate_chain_get_length(r->chain); GcrCertificate *cert = NULL; for (i = num_certs - 1; i >= 0; i--) { cert = gcr_certificate_chain_get_certificate(r->chain, i); gchar *label = gcr_certificate_get_subject_name(cert); gtk_tree_store_append(tree_store, &iter, parent); gtk_tree_store_set(tree_store, &iter, COL_NAME, label, COL_PIN, i == r->pin_level, COL_PIN_LEVEL, i, COL_CERT, cert, COL_REC, r, -1); parent = &iter; g_free(label); } /* set hierarchy title */ GtkWidget *title_box = gtk_box_new(GTK_ORIENTATION_VERTICAL, 0); gtk_box_pack_start(GTK_BOX(container), title_box, FALSE, FALSE, 0); gchar *text, *str; GtkWidget *label = gtk_label_new(NULL); GtkWidget *value; if (idx == 0) { switch (self->pv->result) { case PATROL_VERIFY_NEW: case PATROL_VERIFY_CHANGE: text = g_strdup_printf("<b>%s</b>", _("New Certificate")); break; case PATROL_VERIFY_REJECT: text = g_strdup_printf("<b>%s</b>", _("Rejected Certificate")); break; default: text = g_strdup_printf("<b>%s</b>", _("Selected Certificate")); break; } } else { text = g_strdup_printf("<b>%s #%d</b>", _("Stored Certificate"), idx); gtk_widget_set_margin_bottom(GTK_WIDGET(label), 2); } gtk_label_set_markup(GTK_LABEL(label), text); g_free(text); gtk_widget_set_halign(GTK_WIDGET(label), GTK_ALIGN_START); gtk_box_pack_start(GTK_BOX(title_box), label, FALSE, FALSE, 0); GtkWidget *grid = gtk_grid_new(); gtk_widget_set_margin_left(GTK_WIDGET(grid), 5); gtk_box_pack_start(GTK_BOX(title_box), grid, FALSE, FALSE, 0); label = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(label), _("Seen: ")); str = g_strdup_printf("%" G_GINT64_FORMAT, r->rec.count_seen); text = g_strdup_printf(g_dngettext(textdomain(NULL), "%s time", "%s times", r->rec.count_seen), str); g_free(str); value = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(value), text); g_free(text); gtk_widget_set_halign(GTK_WIDGET(label), GTK_ALIGN_START); gtk_widget_set_halign(GTK_WIDGET(value), GTK_ALIGN_START); gtk_grid_attach(GTK_GRID(grid), label, 0, 0, 1, 1); gtk_grid_attach(GTK_GRID(grid), value, 1, 0, 1, 1); label = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(label), _("First seen: ")); GDateTime *dtime = g_date_time_new_from_unix_local(r->rec.first_seen); text = g_date_time_format(dtime, "%c"); g_date_time_unref(dtime); value = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(value), text); g_free(text); gtk_widget_set_halign(GTK_WIDGET(label), GTK_ALIGN_START); gtk_widget_set_halign(GTK_WIDGET(value), GTK_ALIGN_START); gtk_grid_attach(GTK_GRID(grid), label, 0, 1, 1, 1); gtk_grid_attach(GTK_GRID(grid), value, 1, 1, 1, 1); if (r->rec.first_seen != r->rec.last_seen) { label = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(label), _("Last seen: ")); dtime = g_date_time_new_from_unix_local(r->rec.last_seen); text = g_date_time_format(dtime, "%c"); g_date_time_unref(dtime); value = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(value), text); g_free(text); gtk_widget_set_halign(GTK_WIDGET(label), GTK_ALIGN_START); gtk_widget_set_halign(GTK_WIDGET(value), GTK_ALIGN_START); gtk_grid_attach(GTK_GRID(grid), label, 0, 2, 1, 1); gtk_grid_attach(GTK_GRID(grid), value, 1, 2, 1, 1); } if (cert) { label = gtk_label_new(NULL); gtk_label_set_text(GTK_LABEL(label), _("Validity: ")); GDate *expiry = gcr_certificate_get_expiry_date(cert); GDate *now = g_date_new(); g_date_set_time_t(now, time(NULL)); gint diff = g_date_days_between(now, expiry); g_date_free(now); g_date_free(expiry); if (diff > 0) { text = g_strdup_printf(g_dngettext(textdomain(NULL), "Certificate is valid for %d more day", "Certificate is valid for %d more days", diff), diff); } else if (diff < 0) { diff = abs(diff); text = g_strdup_printf(g_dngettext(textdomain(NULL), "Certificate <b>expired</b> %d day ago", "Certificate <b>expired</b> %d days ago", diff), diff); } else { text = g_strdup_printf("Certificate expires today"); } value = gtk_label_new(NULL); gtk_label_set_markup(GTK_LABEL(value), text); g_free(text); gtk_widget_set_halign(GTK_WIDGET(label), GTK_ALIGN_START); gtk_widget_set_halign(GTK_WIDGET(value), GTK_ALIGN_START); gtk_grid_attach(GTK_GRID(grid), label, 0, 3, 1, 1); gtk_grid_attach(GTK_GRID(grid), value, 1, 3, 1, 1); } gtk_widget_show_all(title_box); /* build tree view */ GtkWidget *tree_view; tree_view = gtk_tree_view_new_with_model(GTK_TREE_MODEL(tree_store)); gtk_tree_view_expand_all(GTK_TREE_VIEW(tree_view)); gtk_box_pack_start(GTK_BOX(container), tree_view, FALSE, FALSE, 0); gtk_widget_show(tree_view); g_signal_connect(tree_view, "focus-in-event", G_CALLBACK(on_tree_view_focus), self); g_signal_connect(self->pv->renderer, "data-changed", G_CALLBACK(on_cert_changed), tree_view); GtkTreeSelection *tree_sel = gtk_tree_view_get_selection(GTK_TREE_VIEW(tree_view)); g_signal_connect(tree_sel, "changed", G_CALLBACK(on_tree_selection_changed), self); if (idx == 0) // new chain gtk_tree_selection_select_iter(tree_sel, &iter); /* first column */ GtkCellRenderer *tree_renderer = gtk_cell_renderer_text_new(); GtkTreeViewColumn *tree_column = gtk_tree_view_column_new_with_attributes(_("Certificate Hierarchy"), tree_renderer, "text", COL_NAME, NULL); gtk_tree_view_column_set_expand (tree_column, TRUE); gtk_tree_view_insert_column (GTK_TREE_VIEW (tree_view), tree_column, -1); /* second column */ GtkCellRenderer *toggle_renderer = gtk_cell_renderer_toggle_new(); g_signal_connect(toggle_renderer, "toggled", G_CALLBACK(on_radio_toggled), tree_store); gtk_cell_renderer_toggle_set_radio(GTK_CELL_RENDERER_TOGGLE(toggle_renderer), TRUE); gtk_tree_view_insert_column_with_attributes(GTK_TREE_VIEW(tree_view), -1, _("Pin"), toggle_renderer, "active", COL_PIN, NULL); g_object_unref(tree_store); }