2
* Copyright (C) 2010 Stefan Walter
4
* This program is free software; you can redistribute it and/or modify
5
* it under the terms of the GNU Lesser General Public License as
6
* published by the Free Software Foundation; either version 2.1 of
7
* the License, or (at your option) any later version.
9
* This program is distributed in the hope that it will be useful, but
10
* WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12
* Lesser General Public License for more details.
14
* You should have received a copy of the GNU Lesser General Public
15
* License along with this program; if not, write to the Free Software
16
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
22
#include "gcr-certificate.h"
23
#include "gcr-certificate-renderer.h"
24
#include "gcr-display-view.h"
25
#include "gcr-icons.h"
26
#include "gcr-simple-certificate.h"
27
#include "gcr-renderer.h"
29
#include "egg/egg-asn1x.h"
30
#include "egg/egg-asn1-defs.h"
31
#include "egg/egg-dn.h"
32
#include "egg/egg-oid.h"
33
#include "egg/egg-hex.h"
38
#include <glib/gi18n-lib.h>
47
struct _GcrCertificateRendererPrivate {
48
GcrCertificate *certificate;
49
GckAttributes *attributes;
54
static void gcr_renderer_iface_init (GcrRendererIface *iface);
56
G_DEFINE_TYPE_WITH_CODE (GcrCertificateRenderer, gcr_certificate_renderer, G_TYPE_OBJECT,
57
G_IMPLEMENT_INTERFACE (GCR_TYPE_RENDERER, gcr_renderer_iface_init));
59
/* -----------------------------------------------------------------------------
64
calculate_label (GcrCertificateRenderer *self, GNode *asn)
69
return g_strdup (self->pv->label);
71
if (self->pv->attributes) {
72
if (gck_attributes_find_string (self->pv->attributes, CKA_LABEL, &label))
77
label = egg_dn_read_part (egg_asn1x_node (asn, "tbsCertificate", "subject", "rdnSequence", NULL), "CN");
82
return g_strdup (_("Certificate"));
86
append_extension (GcrCertificateRenderer *self, GcrDisplayView *view,
87
GNode *asn, const guchar *data, gsize n_data, gint index)
89
GcrRenderer *renderer = GCR_RENDERER (self);
98
/* Make sure it is present */
99
node = egg_asn1x_node (asn, "tbsCertificate", "extensions", index, NULL);
103
/* Dig out the OID */
104
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (node, "extnID", NULL));
105
g_return_val_if_fail (oid, FALSE);
107
_gcr_display_view_append_heading (view, renderer, _("Extension"));
111
text = egg_oid_get_description (oid);
112
_gcr_display_view_append_value (view, renderer, _("Identifier"), text, FALSE);
115
/* Extension value */
116
value = egg_asn1x_get_raw_value (egg_asn1x_node (node, "extnValue", NULL), &n_value);
118
/* TODO: Parsing of extensions that we understand */
119
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
120
_gcr_display_view_append_value (view, renderer, _("Value"), display, TRUE);
125
if (egg_asn1x_get_boolean (egg_asn1x_node (node, "critical", NULL), &critical))
126
_gcr_display_view_append_value (view, renderer, _("Critical"), critical ? _("Yes") : _("No"), FALSE);
131
typedef struct _on_parsed_dn_args {
132
GcrCertificateRenderer *renderer;
133
GcrDisplayView *view;
137
on_parsed_dn_part (guint index, GQuark oid, const guchar *value,
138
gsize n_value, gpointer user_data)
140
GcrCertificateRenderer *self = ((on_parsed_dn_args*)user_data)->renderer;
141
GcrDisplayView *view = ((on_parsed_dn_args*)user_data)->view;
147
g_return_if_fail (GCR_IS_CERTIFICATE_RENDERER (self));
149
attr = egg_oid_get_name (oid);
150
desc = egg_oid_get_description (oid);
152
/* Combine them into something sane */
154
if (strcmp (attr, desc) == 0)
155
field = g_strdup (attr);
157
field = g_strdup_printf ("%s (%s)", attr, desc);
158
} else if (!attr && !desc) {
159
field = g_strdup ("");
161
field = g_strdup (attr);
163
field = g_strdup (desc);
165
g_assert_not_reached ();
168
display = egg_dn_print_value (oid, value, n_value);
170
display = g_strdup ("");
172
_gcr_display_view_append_value (view, GCR_RENDERER (self), field, display, FALSE);
177
/* -----------------------------------------------------------------------------
182
gcr_certificate_renderer_init (GcrCertificateRenderer *self)
184
self->pv = (G_TYPE_INSTANCE_GET_PRIVATE (self, GCR_TYPE_CERTIFICATE_RENDERER, GcrCertificateRendererPrivate));
188
gcr_certificate_renderer_dispose (GObject *obj)
190
GcrCertificateRenderer *self = GCR_CERTIFICATE_RENDERER (obj);
192
if (self->pv->certificate)
193
g_object_unref (self->pv->certificate);
194
self->pv->certificate = NULL;
196
G_OBJECT_CLASS (gcr_certificate_renderer_parent_class)->dispose (obj);
200
gcr_certificate_renderer_finalize (GObject *obj)
202
GcrCertificateRenderer *self = GCR_CERTIFICATE_RENDERER (obj);
204
g_assert (!self->pv->certificate);
206
if (self->pv->attributes)
207
gck_attributes_unref (self->pv->attributes);
208
self->pv->attributes = NULL;
210
g_free (self->pv->label);
211
self->pv->label = NULL;
213
G_OBJECT_CLASS (gcr_certificate_renderer_parent_class)->finalize (obj);
217
gcr_certificate_renderer_set_property (GObject *obj, guint prop_id, const GValue *value,
220
GcrCertificateRenderer *self = GCR_CERTIFICATE_RENDERER (obj);
223
case PROP_CERTIFICATE:
224
gcr_certificate_renderer_set_certificate (self, g_value_get_object (value));
227
g_free (self->pv->label);
228
self->pv->label = g_value_dup_string (value);
229
g_object_notify (obj, "label");
230
gcr_renderer_emit_data_changed (GCR_RENDERER (self));
232
case PROP_ATTRIBUTES:
233
gcr_certificate_renderer_set_attributes (self, g_value_get_boxed (value));
236
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
242
gcr_certificate_renderer_get_property (GObject *obj, guint prop_id, GValue *value,
245
GcrCertificateRenderer *self = GCR_CERTIFICATE_RENDERER (obj);
248
case PROP_CERTIFICATE:
249
g_value_set_object (value, self->pv->certificate);
252
g_value_take_string (value, calculate_label (self, NULL));
254
case PROP_ATTRIBUTES:
255
g_value_set_boxed (value, self->pv->attributes);
258
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
264
gcr_certificate_renderer_class_init (GcrCertificateRendererClass *klass)
266
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
267
GckAttributes *registered;
269
gcr_certificate_renderer_parent_class = g_type_class_peek_parent (klass);
270
g_type_class_add_private (klass, sizeof (GcrCertificateRendererPrivate));
272
gobject_class->dispose = gcr_certificate_renderer_dispose;
273
gobject_class->finalize = gcr_certificate_renderer_finalize;
274
gobject_class->set_property = gcr_certificate_renderer_set_property;
275
gobject_class->get_property = gcr_certificate_renderer_get_property;
277
g_object_class_install_property (gobject_class, PROP_CERTIFICATE,
278
g_param_spec_object("certificate", "Certificate", "Certificate to display.",
279
GCR_TYPE_CERTIFICATE, G_PARAM_READWRITE));
281
g_object_class_override_property (gobject_class, PROP_LABEL, "label");
282
g_object_class_override_property (gobject_class, PROP_ATTRIBUTES, "attributes");
284
_gcr_icons_register ();
286
/* Register this as a renderer which can be loaded */
287
registered = gck_attributes_new ();
288
gck_attributes_add_ulong (registered, CKA_CLASS, CKO_CERTIFICATE);
289
gcr_renderer_register (GCR_TYPE_CERTIFICATE_RENDERER, registered);
290
gck_attributes_unref (registered);
294
gcr_certificate_renderer_real_render (GcrRenderer *renderer, GcrViewer *viewer)
296
GcrCertificateRenderer *self;
297
gconstpointer data, value;
298
gsize n_data, n_value, n_raw;
299
GcrDisplayView *view;
300
on_parsed_dn_args args;
310
self = GCR_CERTIFICATE_RENDERER (renderer);
312
if (GCR_IS_DISPLAY_VIEW (viewer)) {
313
view = GCR_DISPLAY_VIEW (viewer);
316
g_warning ("GcrCertificateRenderer only works with internal specific "
317
"GcrViewer returned by gcr_viewer_new().");
321
_gcr_display_view_clear (view, renderer);
323
if (!self->pv->certificate)
326
_gcr_display_view_set_stock_image (view, GCR_RENDERER (self), GCR_ICON_CERTIFICATE);
328
data = gcr_certificate_get_der_data (self->pv->certificate, &n_data);
329
g_return_if_fail (data);
331
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", data, n_data);
332
g_return_if_fail (asn);
334
display = calculate_label (self, asn);
335
_gcr_display_view_append_title (view, renderer, display);
338
display = egg_dn_read_part (egg_asn1x_node (asn, "tbsCertificate", "subject", "rdnSequence", NULL), "CN");
339
_gcr_display_view_append_content (view, renderer, _("Identity"), display);
342
display = egg_dn_read_part (egg_asn1x_node (asn, "tbsCertificate", "issuer", "rdnSequence", NULL), "CN");
343
_gcr_display_view_append_content (view, renderer, _("Verified by"), display);
346
if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notAfter", NULL), &date)) {
347
display = g_malloc0 (128);
348
if (!g_date_strftime (display, 128, "%x", &date))
349
g_return_if_reached ();
350
_gcr_display_view_append_content (view, renderer, _("Expires"), display);
354
_gcr_display_view_start_details (view, renderer);
356
args.renderer = self;
360
_gcr_display_view_append_heading (view, renderer, _("Subject Name"));
361
egg_dn_parse (egg_asn1x_node (asn, "tbsCertificate", "subject", "rdnSequence", NULL), on_parsed_dn_part, &args);
364
_gcr_display_view_append_heading (view, renderer, _("Issuer Name"));
365
egg_dn_parse (egg_asn1x_node (asn, "tbsCertificate", "issuer", "rdnSequence", NULL), on_parsed_dn_part, &args);
367
/* The Issued Parameters */
368
_gcr_display_view_append_heading (view, renderer, _("Issued Certificate"));
370
if (!egg_asn1x_get_integer_as_ulong (egg_asn1x_node (asn, "tbsCertificate", "version", NULL), &version))
371
g_return_if_reached ();
372
display = g_strdup_printf ("%lu", version + 1);
373
_gcr_display_view_append_value (view, renderer, _("Version"), display, FALSE);
376
raw = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "tbsCertificate", "serialNumber", NULL), NULL, &n_raw);
377
g_return_if_fail (raw);
378
display = egg_hex_encode_full (raw, n_raw, TRUE, ' ', 1);
379
_gcr_display_view_append_value (view, renderer, _("Serial Number"), display, TRUE);
383
display = g_malloc0 (128);
384
if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notBefore", NULL), &date)) {
385
if (!g_date_strftime (display, 128, "%Y-%m-%d", &date))
386
g_return_if_reached ();
387
_gcr_display_view_append_value (view, renderer, _("Not Valid Before"), display, FALSE);
389
if (egg_asn1x_get_time_as_date (egg_asn1x_node (asn, "tbsCertificate", "validity", "notAfter", NULL), &date)) {
390
if (!g_date_strftime (display, 128, "%Y-%m-%d", &date))
391
g_return_if_reached ();
392
_gcr_display_view_append_value (view, renderer, _("Not Valid After"), display, FALSE);
397
_gcr_display_view_append_heading (view, renderer, ("Signature"));
399
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "signatureAlgorithm", "algorithm", NULL));
400
text = egg_oid_get_description (oid);
401
_gcr_display_view_append_value (view, renderer, _("Signature Algorithm"), text, FALSE);
403
value = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "signatureAlgorithm", "parameters", NULL), &n_value);
404
if (value && n_value) {
405
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
406
_gcr_display_view_append_value (view, renderer, _("Signature Parameters"), display, TRUE);
410
raw = egg_asn1x_get_bits_as_raw (egg_asn1x_node (asn, "signature", NULL), NULL, &bits);
411
g_return_if_fail (raw);
412
display = egg_hex_encode_full (raw, bits / 8, TRUE, ' ', 1);
413
_gcr_display_view_append_value (view, renderer, _("Signature"), display, TRUE);
417
/* Public Key Info */
418
_gcr_display_view_append_heading (view, renderer, _("Public Key Info"));
420
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo",
421
"algorithm", "algorithm", NULL));
422
text = egg_oid_get_description (oid);
423
_gcr_display_view_append_value (view, renderer, _("Key Algorithm"), text, FALSE);
425
value = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo",
426
"algorithm", "parameters", NULL), &n_value);
427
if (value && n_value) {
428
display = egg_hex_encode_full (value, n_value, TRUE, ' ', 1);
429
_gcr_display_view_append_value (view, renderer, _("Key Parameters"), display, TRUE);
433
bits = gcr_certificate_get_key_size (self->pv->certificate);
435
display = g_strdup_printf ("%u", bits);
436
_gcr_display_view_append_value (view, renderer, _("Key Size"), display, FALSE);
440
raw = egg_asn1x_get_bits_as_raw (egg_asn1x_node (asn, "tbsCertificate", "subjectPublicKeyInfo",
441
"subjectPublicKey", NULL), NULL, &bits);
442
g_return_if_fail (raw);
443
display = egg_hex_encode_full (raw, bits / 8, TRUE, ' ', 1);
444
_gcr_display_view_append_value (view, renderer, _("Public Key"), display, TRUE);
449
_gcr_display_view_append_heading (view, renderer, _("Fingerprints"));
451
_gcr_display_view_append_fingerprint (view, renderer, data, n_data, "SHA1", G_CHECKSUM_SHA1);
452
_gcr_display_view_append_fingerprint (view, renderer, data, n_data, "MD5", G_CHECKSUM_MD5);
455
for (index = 1; TRUE; ++index) {
456
if (!append_extension (self, view, asn, data, n_data, index))
460
egg_asn1x_destroy (asn);
464
gcr_renderer_iface_init (GcrRendererIface *iface)
466
iface->render = gcr_certificate_renderer_real_render;
469
/* -----------------------------------------------------------------------------
473
GcrCertificateRenderer*
474
gcr_certificate_renderer_new (GcrCertificate *certificate)
476
return g_object_new (GCR_TYPE_CERTIFICATE_RENDERER, "certificate", certificate, NULL);
480
gcr_certificate_renderer_get_certificate (GcrCertificateRenderer *self)
482
g_return_val_if_fail (GCR_IS_CERTIFICATE_RENDERER (self), NULL);
483
return self->pv->certificate;
487
gcr_certificate_renderer_set_certificate (GcrCertificateRenderer *self, GcrCertificate *cert)
489
g_return_if_fail (GCR_IS_CERTIFICATE_RENDERER (self));
491
if (self->pv->certificate)
492
g_object_unref (self->pv->certificate);
493
self->pv->certificate = cert;
494
if (self->pv->certificate)
495
g_object_ref (self->pv->certificate);
497
gcr_renderer_emit_data_changed (GCR_RENDERER (self));
498
g_object_notify (G_OBJECT (self), "certificate");
502
gcr_certificate_renderer_get_attributes (GcrCertificateRenderer *self)
504
g_return_val_if_fail (GCR_IS_CERTIFICATE_RENDERER (self), NULL);
505
return self->pv->attributes;
509
gcr_certificate_renderer_set_attributes (GcrCertificateRenderer *self, GckAttributes *attrs)
511
GcrCertificate *cert;
513
gboolean emit = TRUE;
515
g_return_if_fail (GCR_IS_CERTIFICATE_RENDERER (self));
517
gck_attributes_unref (self->pv->attributes);
518
self->pv->attributes = attrs;\
520
if (self->pv->attributes) {
521
gck_attributes_ref (self->pv->attributes);
522
attr = gck_attributes_find (self->pv->attributes, CKA_VALUE);
524
/* Create a new certificate object refferring to same memory */
525
cert = gcr_simple_certificate_new_static (attr->value, attr->length);
526
g_object_set_data_full (G_OBJECT (cert), "attributes",
527
gck_attributes_ref (self->pv->attributes),
528
(GDestroyNotify)gck_attributes_unref);
529
gcr_certificate_renderer_set_certificate (self, cert);
530
g_object_unref (cert);
533
gcr_certificate_renderer_set_certificate (self, NULL);
538
gcr_renderer_emit_data_changed (GCR_RENDERER (self));