static GcrCertificateInfo* certificate_info_load (GcrCertificate *cert) { GcrCertificateInfo *info; GNode *asn1; gconstpointer der; gsize n_der; g_assert (GCR_IS_CERTIFICATE (cert)); der = gcr_certificate_get_der_data (cert, &n_der); g_return_val_if_fail (der, NULL); info = g_object_get_qdata (G_OBJECT (cert), CERTIFICATE_INFO); if (info != NULL) { if (n_der == info->n_der && der == info->der) return info; } /* Cache is invalid or non existent */ asn1 = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", der, n_der); if (asn1 == NULL) { g_warning ("a derived class provided an invalid or unparseable X.509 DER certificate data."); return NULL; } info = g_new0 (GcrCertificateInfo, 1); info->der = der; info->n_der = n_der; info->asn1 = asn1; g_object_set_qdata_full (G_OBJECT (cert), CERTIFICATE_INFO, info, certificate_info_free); return info; }
static void prepare_data_for_der (GcrCertificateExporter *self) { gconstpointer data; gsize n_data; data = gcr_certificate_get_der_data (self->pv->certificate, &n_data); g_return_if_fail (data); self->pv->buffer = g_byte_array_new (); g_byte_array_append (self->pv->buffer, data, n_data); }
/** * gcr_certificate_compare: * @first: (allow-none): the certificate to compare * @other: (allow-none): the certificate to compare against * * Compare one certificate against another. If the certificates are equal * then zero is returned. If one certificate is %NULL or not a certificate, * then a non-zero value is returned. * * The return value is useful in a stable sort, but has no user logical * meaning. * * Returns: zero if the certificates match, non-zero otherwise. */ gint gcr_certificate_compare (GcrComparable *first, GcrComparable *other) { gconstpointer data1, data2; gsize size1, size2; if (!GCR_IS_CERTIFICATE (first)) first = NULL; if (!GCR_IS_CERTIFICATE (other)) other = NULL; if (first == other) return TRUE; if (!first) return 1; if (!other) return -1; data1 = gcr_certificate_get_der_data (GCR_CERTIFICATE (first), &size1); data2 = gcr_certificate_get_der_data (GCR_CERTIFICATE (other), &size2); return gcr_comparable_memcmp (data1, size1, data2, size2); }
static GChecksum* digest_certificate (GcrCertificate *self, GChecksumType type) { GChecksum *digest; gconstpointer der; gsize n_der; g_assert (GCR_IS_CERTIFICATE (self)); der = gcr_certificate_get_der_data (self, &n_der); g_return_val_if_fail (der, NULL); digest = g_checksum_new (type); g_return_val_if_fail (digest, NULL); g_checksum_update (digest, der, n_der); return digest; }
static void add_anchor_to_module (GcrCertificate *certificate, const gchar *purpose) { GckAttributes *attrs; gconstpointer data; gsize n_data; data = gcr_certificate_get_der_data (certificate, &n_data); g_assert (data); /* And add a pinned certificate for the signed certificate */ attrs = gck_attributes_new (); gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data); gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION); gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE); gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose); gck_mock_module_take_object (attrs); }
static void prepare_data_for_pem (GcrCertificateExporter *self) { gconstpointer data; gpointer encoded; gsize n_data, n_encoded; data = gcr_certificate_get_der_data (self->pv->certificate, &n_data); g_return_if_fail (data); self->pv->buffer = g_byte_array_new (); encoded = egg_armor_write (data, n_data, g_quark_from_static_string ("CERTIFICATE"), NULL, &n_encoded); g_byte_array_append (self->pv->buffer, encoded, n_encoded); g_free (encoded); }
static void add_certificate_to_module (GcrCertificate *certificate) { GckAttributes *attrs; gconstpointer data; gsize n_data, n_subject; gpointer subject; data = gcr_certificate_get_der_data (certificate, &n_data); g_assert (data); subject = gcr_certificate_get_subject_raw (certificate, &n_subject); g_assert (subject); /* Add a certificate to the module */ attrs = gck_attributes_new (); gck_attributes_add_data (attrs, CKA_VALUE, data, n_data); gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_CERTIFICATE); gck_attributes_add_ulong (attrs, CKA_CERTIFICATE_TYPE, CKC_X_509); gck_attributes_add_data (attrs, CKA_SUBJECT, subject, n_subject); gck_mock_module_take_object (attrs); g_free (subject); }
static void build_certificate_list_for_gnutls (GcrCertificateChain *chain, gnutls_x509_crt_t **list, guint *n_list, gnutls_x509_crt_t **anchors, guint *n_anchors) { GcrCertificate *cert; guint idx, length; gnutls_x509_crt_t *retval; gnutls_x509_crt_t gcert; gnutls_datum_t datum; gsize n_data; g_assert (list); g_assert (n_list); g_assert (anchors); g_assert (n_anchors); *list = *anchors = NULL; *n_list = *n_anchors = 0; length = gcr_certificate_chain_get_length (chain); retval = g_malloc0 (sizeof (gnutls_x509_crt_t) * length); /* Convert the main body of the chain to gnutls */ for (idx = 0; idx < length; ++idx) { cert = gcr_certificate_chain_get_certificate (chain, idx); datum.data = (gpointer)gcr_certificate_get_der_data (cert, &n_data); datum.size = n_data; gnutls_x509_crt_init (&gcert); if (gnutls_x509_crt_import (gcert, &datum, GNUTLS_X509_FMT_DER) < 0) g_return_if_reached (); retval[idx] = gcert; } *list = retval; *n_list = length; /* See if we have an anchor */ if (gcr_certificate_chain_get_status (chain) == GCR_CERTIFICATE_CHAIN_ANCHORED) { cert = gcr_certificate_chain_get_anchor (chain); g_return_if_fail (cert); datum.data = (gpointer)gcr_certificate_get_der_data (cert, &n_data); datum.size = n_data; gnutls_x509_crt_init (&gcert); if (gnutls_x509_crt_import (gcert, &datum, GNUTLS_X509_FMT_DER) < 0) g_return_if_reached (); retval = g_malloc0 (sizeof (gnutls_x509_crt_t) * 1); retval[0] = gcert; *anchors = retval; *n_anchors = 1; } }
static void refresh_display (GcrCertificateDetailsWidget *self) { GtkTextIter start, iter; const guchar *data, *value; gsize n_data, n_value; const gchar *text; gulong version; guint index, size, n_bits; gchar *display; guchar *bits; GNode *asn; GQuark oid; GDate date; gtk_text_buffer_get_start_iter (self->pv->buffer, &start); gtk_text_buffer_get_end_iter (self->pv->buffer, &iter); gtk_text_buffer_delete (self->pv->buffer, &start, &iter); if (!self->pv->certificate) return; data = gcr_certificate_get_der_data (self->pv->certificate, &n_data); g_return_if_fail (data); asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", data, n_data); g_return_if_fail (asn); /* The subject */ append_heading (self, _("Subject Name")); egg_dn_parse (egg_asn1x_node (asn, "tbsCertificate", "subject", "rdnSequence", NULL), on_parsed_dn_part, self); /* The Issuer */ append_heading (self, _("Issuer Name")); egg_dn_parse (egg_asn1x_node (asn, "tbsCertificate", "issuer", "rdnSequence", NULL), on_parsed_dn_part, self); /* The Issued Parameters */ append_heading (self, _("Issued Certificate")); if (!egg_asn1x_get_integer_as_ulong (egg_asn1x_node (asn, "tbsCertificate", "version", NULL), &version)) g_return_if_reached (); display = g_strdup_printf ("%lu", version + 1); append_field_and_value (self, _("Version"), display, FALSE); g_free (display); value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "tbsCertificate", "serialNumber", NULL), &n_value); g_return_if_fail (value); display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1); append_field_and_value (self, _("Serial Number"), display, TRUE); g_free (display); display = g_malloc0 (128); if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notBefore", NULL), &date)) { if (!g_date_strftime (display, 128, "%Y-%m-%d", &date)) g_return_if_reached (); append_field_and_value (self, _("Not Valid Before"), display, FALSE); } if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notAfter", NULL), &date)) { if (!g_date_strftime (display, 128, "%Y-%m-%d", &date)) g_return_if_reached (); append_field_and_value (self, _("Not Valid After"), display, FALSE); } g_free (display); /* Signature */ append_heading (self, _("Signature")); oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "signatureAlgorithm", "algorithm", NULL)); text = egg_oid_get_description (oid); append_field_and_value (self, _("Signature Algorithm"), text, FALSE); value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "signatureAlgorithm", "parameters", NULL), &n_value); if (value && n_value) { display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1); append_field_and_value (self, _("Signature Parameters"), display, TRUE); g_free (display); } value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "signature", NULL), &n_value); g_return_if_fail (value); display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1); append_field_and_value (self, _("Signature"), display, TRUE); g_free (display); /* Public Key Info */ append_heading (self, _("Public Key Info")); oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo", "algorithm", "algorithm", NULL)); text = egg_oid_get_description (oid); append_field_and_value (self, _("Key Algorithm"), text, FALSE); value = egg_asn1x_get_raw_value (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo", "algorithm", "parameters", NULL), &n_value); if (value && n_value) { display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1); append_field_and_value (self, _("Key Parameters"), display, TRUE); g_free (display); } size = gcr_certificate_get_key_size (self->pv->certificate); if (size > 0) { display = g_strdup_printf ("%u", size); append_field_and_value (self, _("Key Size"), display, FALSE); g_free (display); } bits = egg_asn1x_get_bits_as_raw (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo", "subjectPublicKey", NULL), NULL, &n_bits); g_return_if_fail (bits); display = egg_hex_encode_full (bits, n_bits / 8, TRUE, ' ', 1); append_field_and_value (self, _("Public Key"), display, TRUE); g_free (display); g_free (bits); /* Fingerprints */ append_heading (self, _("Fingerprints")); append_fingerprint (self, data, n_data, "SHA1", G_CHECKSUM_SHA1); append_fingerprint (self, data, n_data, "MD5", G_CHECKSUM_MD5); /* Extensions */ for (index = 1; TRUE; ++index) { if (!append_extension (self, asn, data, n_data, index)) break; } egg_asn1x_destroy (asn); }