Replaces the ugly CertificateViewer widget.
])])
+ PKG_CHECK_MODULES(
+ [GCR], [gcr-3 >= gcr_minimum_version],,
+ [AC_MSG_ERROR([
+
+ gcr-3.0 not found (or version < gcr_minimum_version)
+
+ If you want to disable gcr-3.0's GTK+ widgets,
+ please append --disable-gtk to configure.
+
+ ])])
+
AC_DEFINE(HAVE_GTK, 1, [Define to 1 if you have the gtk+-3.0 package.])
fi
AM_CONDITIONAL(HAVE_GTK, [test x$enable_gtk = xyes])
gchar *old_hash = NULL;
gchar *cert_errs_str;
gchar *markup = NULL;
- gint issuer_count;
g_return_val_if_fail (
E_IS_SOURCE_WEBDAV (extension),
g_free (cert_errs_str);
g_free (markup);
- issuer_count = 0;
- while (cert) {
- GTlsCertificate *issuer = NULL;
- g_object_get (cert, "issuer", &issuer, NULL);
-
- cert = issuer;
-
- if (cert) {
- bytes = NULL;
- g_object_get (cert, "certificate", &bytes, NULL);
-
- if (bytes) {
- base64 = g_base64_encode (bytes->data, bytes->len);
- if (issuer_count == 0) {
- e_named_parameters_set (
- parameters, "issuer", base64);
- } else {
- gchar *name;
-
- name = g_strdup_printf (
- "issuer-%d", issuer_count);
- e_named_parameters_set (
- parameters, name, base64);
- g_free (name);
- }
-
- g_free (base64);
- g_byte_array_unref (bytes);
- } else {
- break;
- }
- }
-
- issuer_count++;
- }
-
return E_TRUST_PROMPT_RESPONSE_UNKNOWN;
}
NULL =
-TRUST_PROMPT_SOURCES = trust-prompt-gtk.c \
- certificate-viewer.c \
- certificate-viewer.h
-TRUST_PROMPT_CFLAGS = $(GNOME_PLATFORM_CFLAGS) $(GTK_CFLAGS)
-TRUST_PROMPT_LIBS = $(GNOME_PLATFORM_LIBS) $(GTK_LIBS)
+TRUST_PROMPT_SOURCES = trust-prompt-gtk.c
+TRUST_PROMPT_CFLAGS = $(GNOME_PLATFORM_CFLAGS) $(GTK_CFLAGS) $(GCR_CFLAGS)
+TRUST_PROMPT_LIBS = $(GNOME_PLATFORM_LIBS) $(GTK_LIBS) $(GCR_LIBS)
module_LTLIBRARIES = module-trust-prompt.la
$(NULL)
module_trust_prompt_la_SOURCES = \
- e-asn1-object.c \
- e-asn1-object.h \
module-trust-prompt.c \
trust-prompt.h \
$(TRUST_PROMPT_SOURCES) \
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with the program; if not, see <http://www.gnu.org/licenses/>
- *
- *
- * Authors:
- * Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <glib/gi18n.h>
-
-#include "pk11pub.h"
-#include "hasht.h"
-
-#include <libedataserver/libedataserver.h>
-
-#include "e-asn1-object.h"
-#include "certificate-viewer.h"
-
-#define CERTIFICATE_VIEWER_PRIV_KEY "CertificateViewerPriv-key"
-
-typedef struct _CertificateViewerPriv
-{
- GtkWidget *issued_to_cn;
- GtkWidget *issued_to_o;
- GtkWidget *issued_to_ou;
- GtkWidget *issued_to_serial;
- GtkWidget *issued_by_cn;
- GtkWidget *issued_by_o;
- GtkWidget *issued_by_ou;
- GtkWidget *validity_issued_on;
- GtkWidget *validity_expires_on;
- GtkWidget *fingerprints_sha1;
- GtkWidget *fingerprints_md5;
- GtkWidget *cert_hierarchy_treeview;
- GtkWidget *cert_fields_treeview;
- GtkWidget *cert_field_value_textview;
-
- CERTCertificate *cert;
- GSList *issuers;
- GtkTextTag *monospace_tag;
-} CertificateViewerPriv;
-
-static void
-free_priv_struct (gpointer ptr)
-{
- CertificateViewerPriv *priv = ptr;
- GSList *iter;
-
- if (!priv)
- return;
-
- if (priv->cert)
- CERT_DestroyCertificate (priv->cert);
-
- for (iter = priv->issuers; iter; iter = iter->next) {
- CERTCertificate *cert = iter->data;
-
- if (cert)
- CERT_DestroyCertificate (cert);
- }
-
- g_slist_free (priv->issuers);
-
- g_free (priv);
-}
-
-static void
-begin_section (GtkGrid *add_to,
- const gchar *caption,
- gint *from_row,
- gint for_rows)
-{
- GtkWidget *widget;
- PangoAttribute *attr;
- PangoAttrList *bold;
-
- g_return_if_fail (add_to != NULL);
- g_return_if_fail (caption != NULL);
- g_return_if_fail (from_row != NULL);
-
- bold = pango_attr_list_new ();
- attr = pango_attr_weight_new (PANGO_WEIGHT_BOLD);
- pango_attr_list_insert (bold, attr);
-
- widget = gtk_label_new (caption);
- g_object_set (
- G_OBJECT (widget),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_START,
- "justify", GTK_JUSTIFY_LEFT,
- "attributes", bold,
- "ellipsize", PANGO_ELLIPSIZE_NONE,
- NULL);
-
- pango_attr_list_unref (bold);
-
- gtk_grid_attach (add_to, widget, 0, *from_row, 3, 1);
- (*from_row)++;
-
- widget = gtk_alignment_new (0.0, 0.0, 0.0, 0.0);
- gtk_alignment_set_padding (GTK_ALIGNMENT (widget), 0, 0, 12, 0);
-
- gtk_grid_attach (add_to, widget, 0, *from_row, 1, for_rows);
-}
-
-static GtkWidget *
-add_info_label (GtkGrid *add_to,
- const gchar *caption,
- gint *at_row)
-{
- GtkWidget *widget;
-
- g_return_val_if_fail (add_to != NULL, NULL);
- g_return_val_if_fail (at_row != NULL, NULL);
-
- if (caption) {
- widget = gtk_label_new (caption);
- g_object_set (
- G_OBJECT (widget),
- "hexpand", FALSE,
- "halign", GTK_ALIGN_START,
- "justify", GTK_JUSTIFY_LEFT,
- "ellipsize", PANGO_ELLIPSIZE_NONE,
- NULL);
-
- gtk_grid_attach (add_to, widget, 1, *at_row, 1, 1);
- }
-
- widget = gtk_label_new ("");
- g_object_set (
- G_OBJECT (widget),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_START,
- "justify", GTK_JUSTIFY_LEFT,
- "ellipsize", PANGO_ELLIPSIZE_NONE,
- "selectable", caption != NULL,
- NULL);
-
- gtk_grid_attach (add_to, widget, caption ? 2 : 1, *at_row, caption ? 1 : 2, 1);
-
- (*at_row)++;
-
- return widget;
-}
-
-static GtkWidget *
-add_scrolled_window (GtkGrid *add_to,
- const gchar *caption,
- gint *at_row,
- GtkWidget *add_widget)
-{
- GtkWidget *widget;
- PangoAttribute *attr;
- PangoAttrList *bold;
-
- g_return_val_if_fail (add_to != NULL, NULL);
- g_return_val_if_fail (caption != NULL, NULL);
- g_return_val_if_fail (at_row != NULL, NULL);
-
- bold = pango_attr_list_new ();
- attr = pango_attr_weight_new (PANGO_WEIGHT_BOLD);
- pango_attr_list_insert (bold, attr);
-
- widget = gtk_label_new (caption);
- g_object_set (
- G_OBJECT (widget),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_START,
- "justify", GTK_JUSTIFY_LEFT,
- "attributes", bold,
- "ellipsize", PANGO_ELLIPSIZE_NONE,
- NULL);
-
- pango_attr_list_unref (bold);
-
- gtk_grid_attach (add_to, widget, 0, *at_row, 1, 1);
- (*at_row)++;
-
- widget = gtk_scrolled_window_new (NULL, NULL);
- g_object_set (
- G_OBJECT (widget),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_FILL,
- "vexpand", TRUE,
- "valign", GTK_ALIGN_FILL,
- "hscrollbar-policy", GTK_POLICY_AUTOMATIC,
- "vscrollbar-policy", GTK_POLICY_AUTOMATIC,
- "shadow-type", GTK_SHADOW_ETCHED_IN,
- NULL);
-
- gtk_scrolled_window_add_with_viewport (GTK_SCROLLED_WINDOW (widget), add_widget);
-
- gtk_grid_attach (add_to, widget, 0, *at_row, 1, 1);
- (*at_row)++;
-
- return add_widget;
-}
-
-#define FLAG_NONE (0)
-#define FLAG_PORT_MEMORY (1 << 0)
-#define FLAG_MARKUP (1 << 1)
-
-static void
-set_label_text (GtkWidget *label,
- const gchar *not_part_markup,
- gchar *text,
- guint32 flags)
-{
- if (text) {
- if ((flags & FLAG_MARKUP) != 0)
- gtk_label_set_markup (GTK_LABEL (label), text);
- else
- gtk_label_set_text (GTK_LABEL (label), text);
-
- if ((flags & FLAG_PORT_MEMORY) != 0)
- PORT_Free (text);
- else
- g_free (text);
- } else {
- gtk_label_set_markup (GTK_LABEL (label), not_part_markup);
- }
-}
-
-static void
-get_cert_times (CERTCertificate *cert,
- gchar **issued_on,
- gchar **expires_on)
-{
- PRTime time_issued_on;
- PRTime time_expires_on;
- PRExplodedTime explodedTime;
- struct tm exploded_tm;
- gchar buf[128];
-
- g_return_if_fail (cert != NULL);
- g_return_if_fail (issued_on != NULL);
- g_return_if_fail (expires_on != NULL);
-
- if (SECSuccess != CERT_GetCertTimes (cert, &time_issued_on, &time_expires_on))
- return;
-
- PR_ExplodeTime (time_issued_on, PR_LocalTimeParameters, &explodedTime);
- exploded_tm.tm_sec = explodedTime.tm_sec;
- exploded_tm.tm_min = explodedTime.tm_min;
- exploded_tm.tm_hour = explodedTime.tm_hour;
- exploded_tm.tm_mday = explodedTime.tm_mday;
- exploded_tm.tm_mon = explodedTime.tm_month;
- exploded_tm.tm_year = explodedTime.tm_year - 1900;
- e_utf8_strftime (buf, sizeof (buf), "%x", &exploded_tm);
- *issued_on = g_strdup (buf);
-
- PR_ExplodeTime (time_expires_on, PR_LocalTimeParameters, &explodedTime);
- exploded_tm.tm_sec = explodedTime.tm_sec;
- exploded_tm.tm_min = explodedTime.tm_min;
- exploded_tm.tm_hour = explodedTime.tm_hour;
- exploded_tm.tm_mday = explodedTime.tm_mday;
- exploded_tm.tm_mon = explodedTime.tm_month;
- exploded_tm.tm_year = explodedTime.tm_year - 1900;
- e_utf8_strftime (buf, sizeof (buf), "%x", &exploded_tm);
- *expires_on = g_strdup (buf);
-}
-
-static void
-fill_general_page (CertificateViewerPriv *priv)
-{
- gchar *not_part_markup;
- gchar *issued_on = NULL;
- gchar *expires_on = NULL;
- gchar *port_str;
- guchar fingerprint[128];
- SECItem fpItem;
-
- g_return_if_fail (priv != NULL);
-
- not_part_markup = g_strconcat ("<i><", _("Not part of certificate"), "></i>", NULL);
-
- set_label_text (priv->issued_to_cn, not_part_markup, CERT_GetCommonName (&priv->cert->subject), FLAG_PORT_MEMORY);
- set_label_text (priv->issued_to_o, not_part_markup, CERT_GetOrgName (&priv->cert->subject), FLAG_PORT_MEMORY);
- set_label_text (priv->issued_to_ou, not_part_markup, CERT_GetOrgUnitName (&priv->cert->subject), FLAG_PORT_MEMORY);
- set_label_text (priv->issued_to_serial, not_part_markup, CERT_Hexify (&priv->cert->serialNumber, TRUE), FLAG_PORT_MEMORY);
-
- set_label_text (priv->issued_by_cn, not_part_markup, CERT_GetCommonName (&priv->cert->issuer), FLAG_PORT_MEMORY);
- set_label_text (priv->issued_by_o, not_part_markup, CERT_GetOrgName (&priv->cert->issuer), FLAG_PORT_MEMORY);
- set_label_text (priv->issued_by_ou, not_part_markup, CERT_GetOrgUnitName (&priv->cert->issuer), FLAG_PORT_MEMORY);
-
- get_cert_times (priv->cert, &issued_on, &expires_on);
- set_label_text (priv->validity_issued_on, not_part_markup, issued_on, FLAG_NONE);
- set_label_text (priv->validity_expires_on, not_part_markup, expires_on, FLAG_NONE);
-
- memset (fingerprint, 0, sizeof fingerprint);
- PK11_HashBuf (
- SEC_OID_SHA1, fingerprint,
- priv->cert->derCert.data,
- priv->cert->derCert.len);
- fpItem.data = fingerprint;
- fpItem.len = SHA1_LENGTH;
- port_str = CERT_Hexify (&fpItem, TRUE);
- set_label_text (priv->fingerprints_sha1, not_part_markup, g_strconcat ("<tt>", port_str, "</tt>", NULL), FLAG_MARKUP);
- PORT_Free (port_str);
-
- memset (fingerprint, 0, sizeof fingerprint);
- PK11_HashBuf (
- SEC_OID_MD5, fingerprint,
- priv->cert->derCert.data,
- priv->cert->derCert.len);
- fpItem.data = fingerprint;
- fpItem.len = MD5_LENGTH;
- port_str = CERT_Hexify (&fpItem, TRUE);
- set_label_text (priv->fingerprints_md5, not_part_markup, g_strconcat ("<tt>", port_str, "</tt>", NULL), FLAG_MARKUP);
- PORT_Free (port_str);
-
- g_free (not_part_markup);
-}
-
-static void
-populate_fields_tree (CertificateViewerPriv *priv,
- EASN1Object *asn1,
- GtkTreeIter *root)
-{
- GtkTreeStore *fields_store;
- GtkTreeIter new_iter;
-
- if (!asn1)
- return;
-
- fields_store = GTK_TREE_STORE (gtk_tree_view_get_model (GTK_TREE_VIEW (priv->cert_fields_treeview)));
-
- /* first insert a node for the current asn1 */
- gtk_tree_store_insert (fields_store, &new_iter, root, -1);
- gtk_tree_store_set (
- fields_store, &new_iter,
- 0, e_asn1_object_get_display_name (asn1),
- 1, asn1,
- -1);
-
- if (e_asn1_object_is_valid_container (asn1)) {
- GList *children = e_asn1_object_get_children (asn1);
-
- if (children) {
- GList *iter;
- for (iter = children; iter; iter = iter->next) {
- EASN1Object *subasn1 = iter->data;
-
- populate_fields_tree (priv, subasn1, &new_iter);
- }
- }
-
- g_list_free_full (children, g_object_unref);
- }
-}
-
-static void
-hierarchy_selection_changed_cb (GtkTreeSelection *selection,
- CertificateViewerPriv *priv)
-{
- GtkTreeIter iter;
- GtkTreeModel *model;
-
- if (gtk_tree_selection_get_selected (selection, &model, &iter)) {
- CERTCertificate *cert;
- EASN1Object *asn1;
- GtkTreeStore *fields_store;
-
- gtk_tree_model_get (model, &iter, 1, &cert, -1);
-
- if (!cert)
- return;
-
- /* display the cert's ASN1 structure */
- asn1 = e_asn1_object_new_from_cert (cert);
-
- /* wipe out the old model */
- fields_store = gtk_tree_store_new (2, G_TYPE_STRING, G_TYPE_OBJECT);
- gtk_tree_view_set_model (
- GTK_TREE_VIEW (priv->cert_fields_treeview),
- GTK_TREE_MODEL (fields_store));
-
- /* populate the fields from the newly selected cert */
- populate_fields_tree (priv, asn1, NULL);
- gtk_tree_view_expand_all (GTK_TREE_VIEW (priv->cert_fields_treeview));
- if (asn1)
- g_object_unref (asn1);
-
- /* and blow away the field value */
- gtk_text_buffer_set_text (
- gtk_text_view_get_buffer (GTK_TEXT_VIEW (priv->cert_field_value_textview)),
- "", 0);
- }
-}
-
-static void
-fields_selection_changed_cb (GtkTreeSelection *selection,
- CertificateViewerPriv *priv)
-{
- GtkTreeIter iter;
- GtkTreeModel *model;
-
- if (gtk_tree_selection_get_selected (selection, &model, &iter)) {
- EASN1Object *asn1 = NULL;
- const gchar *value = NULL;
- GtkTextView *textview;
- GtkTextBuffer *textbuffer;
-
- gtk_tree_model_get (model, &iter, 1, &asn1, -1);
-
- if (asn1)
- value = e_asn1_object_get_display_value (asn1);
-
- textview = GTK_TEXT_VIEW (priv->cert_field_value_textview);
- textbuffer = gtk_text_view_get_buffer (textview);
-
- gtk_text_buffer_set_text (textbuffer, "", 0);
-
- if (value) {
- GtkTextIter text_iter;
-
- gtk_text_buffer_get_start_iter (textbuffer, &text_iter);
-
- gtk_text_buffer_insert_with_tags (
- textbuffer, &text_iter,
- value, strlen (value),
- priv->monospace_tag, NULL);
- }
-
- if (asn1)
- g_object_unref (asn1);
- }
-}
-
-static void
-fill_details_page (CertificateViewerPriv *priv)
-{
- GSList *iter;
- GtkTreeIter root;
- GtkTreeSelection *selection;
- gboolean root_set = FALSE;
- GtkTreeStore *hierarchy_store;
-
- g_return_if_fail (priv != NULL);
-
- gtk_tree_view_set_headers_visible (GTK_TREE_VIEW (priv->cert_hierarchy_treeview), FALSE);
-
- hierarchy_store = gtk_tree_store_new (2, G_TYPE_STRING, G_TYPE_POINTER);
- gtk_tree_view_set_model (
- GTK_TREE_VIEW (priv->cert_hierarchy_treeview),
- GTK_TREE_MODEL (hierarchy_store));
-
- gtk_tree_view_insert_column_with_attributes (
- GTK_TREE_VIEW (priv->cert_hierarchy_treeview),
- -1, "Cert", gtk_cell_renderer_text_new (),
- "text", 0, NULL);
-
- selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (priv->cert_hierarchy_treeview));
- g_signal_connect (
- selection, "changed",
- G_CALLBACK (hierarchy_selection_changed_cb), priv);
-
- gtk_tree_view_set_headers_visible (GTK_TREE_VIEW (priv->cert_fields_treeview), FALSE);
-
- gtk_tree_view_insert_column_with_attributes (
- GTK_TREE_VIEW (priv->cert_fields_treeview),
- -1, "Field", gtk_cell_renderer_text_new (),
- "text", 0, NULL);
-
- selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (priv->cert_fields_treeview));
- g_signal_connect (
- selection, "changed",
- G_CALLBACK (fields_selection_changed_cb), priv);
-
- /* set the font of the field value viewer to be some fixed
- * width font to the hex display looks nice. */
- priv->monospace_tag = gtk_text_buffer_create_tag (
- gtk_text_view_get_buffer (GTK_TEXT_VIEW (priv->cert_field_value_textview)),
- "mono", "font", "Mono", NULL);
-
- /* initially populate the hierarchy from the issuers' chain */
- for (iter = priv->issuers; iter; iter = g_slist_next (iter)) {
- CERTCertificate *cert = iter->data;
- gchar *str;
- GtkTreeIter new_iter;
-
- if (!cert)
- continue;
-
- str = CERT_GetCommonName (&cert->subject);
-
- gtk_tree_store_insert (hierarchy_store, &new_iter, root_set ? &root : NULL, -1);
- gtk_tree_store_set (
- hierarchy_store, &new_iter,
- 0, str ? str : cert->subjectName,
- 1, cert,
- -1);
-
- root = new_iter;
- root_set = TRUE;
-
- if (str)
- PORT_Free (str);
- }
-
- gtk_tree_view_expand_all (GTK_TREE_VIEW (priv->cert_hierarchy_treeview));
-}
-
-static gchar *
-get_window_title (CERTCertificate *cert)
-{
- gchar *str;
-
- g_return_val_if_fail (cert != NULL, NULL);
-
- if (cert->nickname)
- return g_strdup (cert->nickname);
-
- str = CERT_GetCommonName (&cert->subject);
- if (str) {
- gchar *title;
-
- title = g_strdup (str);
- PORT_Free (str);
-
- return title;
- }
-
- return g_strdup (cert->subjectName);
-}
-
-GtkWidget *
-certificate_viewer_new (GtkWindow *parent,
- const CERTCertificate *cert,
- const GSList *issuers_chain_certs)
-{
- CertificateViewerPriv *priv;
- GtkWidget *dialog, *notebook, *widget;
- GtkGrid *grid;
- gint row;
- GSList *iter;
- gchar *title;
-
- g_return_val_if_fail (cert != NULL, NULL);
-
- priv = g_new0 (CertificateViewerPriv, 1);
- priv->cert = CERT_DupCertificate ((CERTCertificate *) cert);
- priv->issuers = g_slist_copy ((GSList *) issuers_chain_certs);
-
- /* root issuer first, then bottom down to certificate itself */
- priv->issuers = g_slist_reverse (priv->issuers);
- priv->issuers = g_slist_append (priv->issuers, priv->cert);
-
- for (iter = priv->issuers; iter; iter = g_slist_next (iter)) {
- iter->data = CERT_DupCertificate (iter->data);
- }
-
- title = get_window_title (priv->cert);
-
- dialog = gtk_dialog_new_with_buttons (
- title, parent,
- GTK_DIALOG_DESTROY_WITH_PARENT | GTK_DIALOG_MODAL,
- _("_Close"), GTK_RESPONSE_CLOSE,
- NULL);
-
- g_free (title);
-
- g_object_set_data_full (G_OBJECT (dialog), CERTIFICATE_VIEWER_PRIV_KEY, priv, free_priv_struct);
-
- notebook = gtk_notebook_new ();
- gtk_container_add (GTK_CONTAINER (gtk_dialog_get_content_area (GTK_DIALOG (dialog))), notebook);
- gtk_container_set_border_width (GTK_CONTAINER (notebook), 12);
-
- /* General page */
- row = 0;
- grid = GTK_GRID (gtk_grid_new ());
- g_object_set (
- G_OBJECT (grid),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_FILL,
- "vexpand", FALSE,
- "valign", GTK_ALIGN_START,
- "border-width", 12,
- "row-spacing", 6,
- "column-spacing", 6,
- NULL);
-
- begin_section (grid, _("This certificate has been verified for the following uses:"), &row, 4);
-
- if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & certificateUsageSSLClient) != 0) {
- widget = add_info_label (grid, NULL, &row);
- gtk_label_set_text (GTK_LABEL (widget), _("SSL Client Certificate"));
- }
-
- if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & (certificateUsageSSLServer | certificateUsageSSLCA)) != 0) {
- widget = add_info_label (grid, NULL, &row);
- gtk_label_set_text (GTK_LABEL (widget), _("SSL Server Certificate"));
- }
-
- if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & certificateUsageEmailSigner) != 0) {
- widget = add_info_label (grid, NULL, &row);
- gtk_label_set_text (GTK_LABEL (widget), _("Email Signer Certificate"));
- }
-
- if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & certificateUsageEmailRecipient) != 0) {
- widget = add_info_label (grid, NULL, &row);
- gtk_label_set_text (GTK_LABEL (widget), _("Email Recipient Certificate"));
- }
-
- widget = gtk_separator_new (GTK_ORIENTATION_HORIZONTAL);
- g_object_set (
- G_OBJECT (widget),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_FILL,
- "vexpand", FALSE,
- "valign", GTK_ALIGN_START,
- NULL);
-
- gtk_grid_attach (grid, widget, 0, row, 3, 1);
- row++;
-
- begin_section (grid, _("Issued To"), &row, 4);
- priv->issued_to_cn = add_info_label (grid, _("Common Name (CN)"), &row);
- priv->issued_to_o = add_info_label (grid, _("Organization (O)"), &row);
- priv->issued_to_ou = add_info_label (grid, _("Organizational Unit (OU)"), &row);
- priv->issued_to_serial = add_info_label (grid, _("Serial Number"), &row);
-
- begin_section (grid, _("Issued By"), &row, 3);
- priv->issued_by_cn = add_info_label (grid, _("Common Name (CN)"), &row);
- priv->issued_by_o = add_info_label (grid, _("Organization (O)"), &row);
- priv->issued_by_ou = add_info_label (grid, _("Organizational Unit (OU)"), &row);
-
- begin_section (grid, _("Validity"), &row, 2);
- priv->validity_issued_on = add_info_label (grid, _("Issued On"), &row);
- priv->validity_expires_on = add_info_label (grid, _("Expires On"), &row);
-
- begin_section (grid, _("Fingerprints"), &row, 2);
- priv->fingerprints_sha1 = add_info_label (grid, _("SHA1 Fingerprint"), &row);
- priv->fingerprints_md5 = add_info_label (grid, _("MD5 Fingerprint"), &row);
-
- widget = gtk_label_new (_("General"));
- gtk_notebook_append_page (GTK_NOTEBOOK (notebook), GTK_WIDGET (grid), widget);
-
- /* Details page */
- row = 0;
- grid = GTK_GRID (gtk_grid_new ());
- g_object_set (
- G_OBJECT (grid),
- "hexpand", TRUE,
- "halign", GTK_ALIGN_FILL,
- "vexpand", TRUE,
- "valign", GTK_ALIGN_FILL,
- "border-width", 12,
- "row-spacing", 6,
- "column-spacing", 6,
- NULL);
-
- priv->cert_hierarchy_treeview = add_scrolled_window (
- grid,
- _("Certificate Hierarchy"), &row, gtk_tree_view_new ());
-
- priv->cert_fields_treeview = add_scrolled_window (
- grid,
- _("Certificate Fields"), &row, gtk_tree_view_new ());
-
- priv->cert_field_value_textview = add_scrolled_window (
- grid,
- _("Field Value"), &row, gtk_text_view_new ());
-
- widget = gtk_label_new (_("Details"));
- gtk_notebook_append_page (GTK_NOTEBOOK (notebook), GTK_WIDGET (grid), widget);
-
- gtk_widget_show_all (notebook);
-
- fill_general_page (priv);
- fill_details_page (priv);
-
- return dialog;
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with the program; if not, see <http://www.gnu.org/licenses/>
- *
- *
- * Authors:
- * Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
- */
-
-#ifndef CERTIFICATE_VIEWER_H
-#define CERTIFICATE_VIEWER_H
-
-#include <gtk/gtk.h>
-#include <cert.h>
-
-GtkWidget * certificate_viewer_new (GtkWindow *parent,
- const CERTCertificate *cert,
- const GSList *issuers_chain_certs);
-
-#endif /* CERTIFICATE_VIEWER_H */
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/* The following is the mozilla license blurb, as the bodies some of
- * these functions were derived from the mozilla source. */
-/*
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- */
-
-/*
- * Author: Chris Toshok (toshok@ximian.com)
- *
- * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <glib/gi18n.h>
-
-#include "e-asn1-object.h"
-
-#include "pk11func.h"
-#include "certdb.h"
-#include "hasht.h"
-
-#define E_ASN1_OBJECT_GET_PRIVATE(obj) \
- (G_TYPE_INSTANCE_GET_PRIVATE \
- ((obj), E_TYPE_ASN1_OBJECT, EASN1ObjectPrivate))
-
-struct _EASN1ObjectPrivate {
- PRUint32 tag;
- PRUint32 type;
- gboolean valid_container;
-
- GList *children;
-
- gchar *display_name;
- gchar *value;
-
- gchar *data;
- guint data_len;
-};
-
-G_DEFINE_TYPE (EASN1Object, e_asn1_object, G_TYPE_OBJECT)
-
-static gboolean
-get_int_value (SECItem *versionItem,
- gulong *version)
-{
- SECStatus srv;
- srv = SEC_ASN1DecodeInteger (versionItem,version);
- if (srv != SECSuccess) {
- g_warning ("could not decode version of cert");
- return FALSE;
- }
- return TRUE;
-}
-
-static gboolean
-process_version (SECItem *versionItem,
- EASN1Object **retItem)
-{
- EASN1Object *item = e_asn1_object_new ();
- gulong version;
-
- e_asn1_object_set_display_name (item, _("Version"));
-
- /* Now to figure out what version this certificate is. */
-
- if (versionItem->data) {
- if (!get_int_value (versionItem, &version))
- return FALSE;
- } else {
- /* If there is no version present in the cert, then rfc2459
- * says we default to v1 (0) */
- version = 0;
- }
-
- switch (version) {
- case 0:
- e_asn1_object_set_display_value (item, _("Version 1"));
- break;
- case 1:
- e_asn1_object_set_display_value (item, _("Version 2"));
- break;
- case 2:
- e_asn1_object_set_display_value (item, _("Version 3"));
- break;
- default:
- g_warning ("Bad value for cert version");
- return FALSE;
- }
-
- *retItem = item;
- return TRUE;
-}
-
-static gboolean
-process_serial_number_der (SECItem *serialItem,
- EASN1Object **retItem)
-{
- gchar *serialNumber;
- EASN1Object *item = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (item, _("Serial Number"));
-
- serialNumber = CERT_Hexify (serialItem, 1);
-
- e_asn1_object_set_display_value (item, serialNumber);
- PORT_Free (serialNumber); /* XXX the right free to use? */
-
- *retItem = item;
- return TRUE;
-}
-
-static gboolean
-get_default_oid_format (SECItem *oid,
- gchar **text)
-{
- GString *str;
- gulong val = oid->data[0];
- guint ii = val % 40;
-
- val /= 40;
-
- str = g_string_new ("");
- g_string_append_printf (str, "%lu %u ", val, ii);
-
- val = 0;
- for (ii = 1; ii < oid->len; ii++) {
- /* In this loop, we have to parse a DER formatted
- * If the first bit is a 1, then the integer is
- * represented by more than one byte. If the
- * first bit is set then we continue on and add
- * the values of the later bytes until we get
- * a byte without the first bit set.
- */
- gulong jj;
-
- jj = oid->data[ii];
- val = (val << 7) | (jj & 0x7f);
- if (jj & 0x80)
- continue;
- g_string_append_printf (str, "%lu ", val);
-
- val = 0;
- }
-
- *text = g_string_free (str, FALSE);
-
- return TRUE;
-}
-
-static gboolean
-get_oid_text (SECItem *oid,
- gchar **text)
-{
- SECOidTag oidTag = SECOID_FindOIDTag (oid);
- gchar *temp;
-
- switch (oidTag) {
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 MD2 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 MD5 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 SHA-1 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 SHA-256 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 SHA-384 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 SHA-512 With RSA Encryption"));
- break;
- case SEC_OID_AVA_COUNTRY_NAME:
- *text = g_strdup ("C");
- break;
- case SEC_OID_AVA_COMMON_NAME:
- *text = g_strdup ("CN");
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- *text = g_strdup ("OU");
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- *text = g_strdup ("O");
- break;
- case SEC_OID_AVA_LOCALITY:
- *text = g_strdup ("L");
- break;
- case SEC_OID_AVA_DN_QUALIFIER:
- *text = g_strdup ("DN");
- break;
- case SEC_OID_AVA_DC:
- *text = g_strdup ("DC");
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- *text = g_strdup ("ST");
- break;
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 RSA Encryption"));
- break;
- case SEC_OID_X509_KEY_USAGE:
- *text = g_strdup (_("Certificate Key Usage"));
- break;
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- *text = g_strdup (_("Netscape Certificate Type"));
- break;
- case SEC_OID_X509_AUTH_KEY_ID:
- *text = g_strdup (_("Certificate Authority Key Identifier"));
- break;
- case SEC_OID_RFC1274_UID:
- *text = g_strdup ("UID");
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- *text = g_strdup ("E");
- break;
- default:
- if (!get_default_oid_format (oid, &temp))
- return FALSE;
-
- *text = g_strdup_printf (_("Object Identifier (%s)"), temp);
- g_free (temp);
-
- break;
- }
- return TRUE;
-}
-
-static gboolean
-process_raw_bytes (SECItem *data,
- gchar **text)
-{
- /* This function is used to display some DER bytes
- * that we have not added support for decoding.
- * It prints the value of the byte out into a
- * string that can later be displayed as a byte
- * string. We place a new line after 24 bytes
- * to break up extermaly long sequence of bytes.
- */
- GString *str = g_string_new ("");
- PRUint32 i;
-
- for (i = 0; i < data->len; i++) {
- g_string_append_printf (str, "%02x ", data->data[i]);
- if ((i + 1) % 16 == 0) {
- g_string_append (str, "\n");
- }
- }
- *text = g_string_free (str, FALSE);
- return TRUE;
-}
-
-static gboolean
-process_sec_algorithm_id (SECAlgorithmID *algID,
- EASN1Object **retSequence)
-{
- EASN1Object *sequence = e_asn1_object_new ();
- gchar *text = NULL;
-
- *retSequence = NULL;
-
- get_oid_text (&algID->algorithm, &text);
-
- if (!algID->parameters.len ||
- algID->parameters.data[0] == E_ASN1_OBJECT_TYPE_NULL) {
- e_asn1_object_set_display_value (sequence, text);
- e_asn1_object_set_valid_container (sequence, FALSE);
- } else {
- EASN1Object *subitem;
-
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_name (subitem, _("Algorithm Identifier"));
- e_asn1_object_set_display_value (subitem, text);
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- g_free (text);
-
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_name (subitem, _("Algorithm Parameters"));
- process_raw_bytes (&algID->parameters, &text);
- e_asn1_object_set_display_value (subitem, text);
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
- }
-
- g_free (text);
- *retSequence = sequence;
- return TRUE;
-}
-
-static gboolean
-process_subject_public_key_info (CERTSubjectPublicKeyInfo *spki,
- EASN1Object *parentSequence)
-{
- EASN1Object *spkiSequence = e_asn1_object_new ();
- EASN1Object *sequenceItem;
- EASN1Object *printableItem;
- SECItem data;
- gchar *text = NULL;
-
- e_asn1_object_set_display_name (spkiSequence, _("Subject Public Key Info"));
-
- if (!process_sec_algorithm_id (&spki->algorithm, &sequenceItem))
- return FALSE;
-
- e_asn1_object_set_display_name (sequenceItem, _("Subject Public Key Algorithm"));
-
- e_asn1_object_append_child (spkiSequence, sequenceItem);
-
- /* The subjectPublicKey field is encoded as a bit string.
- * ProcessRawBytes expects the lenght to be in bytes, so
- * let's convert the lenght into a temporary SECItem.
- */
- data.data = spki->subjectPublicKey.data;
- data.len = spki->subjectPublicKey.len / 8;
-
- process_raw_bytes (&data, &text);
- printableItem = e_asn1_object_new ();
-
- e_asn1_object_set_display_value (printableItem, text);
- e_asn1_object_set_display_name (printableItem, _("Subject's Public Key"));
- e_asn1_object_append_child (spkiSequence, printableItem);
- g_object_unref (printableItem);
- g_free (text);
-
- e_asn1_object_append_child (parentSequence, spkiSequence);
- g_object_unref (spkiSequence);
-
- return TRUE;
-}
-
-static gboolean
-process_ns_cert_type_extensions (SECItem *extData,
- GString *text)
-{
- SECItem decoded;
- guchar nsCertType;
-
- decoded.data = NULL;
- decoded.len = 0;
- if (SECSuccess != SEC_ASN1DecodeItem (NULL, &decoded,
- SEC_ASN1_GET (SEC_BitStringTemplate), extData)) {
- g_string_append (text, _("Error: Unable to process extension"));
- return TRUE;
- }
-
- nsCertType = decoded.data[0];
-
- PORT_Free (decoded.data); /* XXX right free? */
-
- if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) {
- g_string_append (text, _("SSL Client Certificate"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_SSL_SERVER) {
- g_string_append (text, _("SSL Server Certificate"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_EMAIL) {
- g_string_append (text, _("Email"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) {
- g_string_append (text, _("Object Signer"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_SSL_CA) {
- g_string_append (text, _("SSL Certificate Authority"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_EMAIL_CA) {
- g_string_append (text, _("Email Certificate Authority"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) {
- g_string_append (text, _("Object Signer"));
- g_string_append (text, "\n");
- }
- return TRUE;
-}
-
-static gboolean
-process_key_usage_extensions (SECItem *extData,
- GString *text)
-{
- SECItem decoded;
- guchar keyUsage;
-
- decoded.data = NULL;
- decoded.len = 0;
- if (SECSuccess != SEC_ASN1DecodeItem (NULL, &decoded,
- SEC_ASN1_GET (SEC_BitStringTemplate), extData)) {
- g_string_append (text, _("Error: Unable to process extension"));
- return TRUE;
- }
-
- keyUsage = decoded.data[0];
- PORT_Free (decoded.data); /* XXX right free? */
-
- if (keyUsage & KU_DIGITAL_SIGNATURE) {
- g_string_append (text, _("Signing"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_NON_REPUDIATION) {
- g_string_append (text, _("Non-repudiation"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_KEY_ENCIPHERMENT) {
- g_string_append (text, _("Key Encipherment"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_DATA_ENCIPHERMENT) {
- g_string_append (text, _("Data Encipherment"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_KEY_AGREEMENT) {
- g_string_append (text, _("Key Agreement"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_KEY_CERT_SIGN) {
- g_string_append (text, _("Certificate Signer"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_CRL_SIGN) {
- g_string_append (text, _("CRL Signer"));
- g_string_append (text, "\n");
- }
-
- return TRUE;
-}
-
-static gboolean
-process_extension_data (SECOidTag oidTag,
- SECItem *extData,
- GString *str)
-{
- gboolean rv;
- switch (oidTag) {
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- rv = process_ns_cert_type_extensions (extData, str);
- break;
- case SEC_OID_X509_KEY_USAGE:
- rv = process_key_usage_extensions (extData, str);
- break;
- default: {
- gchar *text;
- rv = process_raw_bytes (extData, &text);
- g_string_append (str, text);
- g_free (text);
- break;
- }
- }
- return rv;
-}
-
-static gboolean
-process_single_extension (CERTCertExtension *extension,
- EASN1Object **retExtension)
-{
- GString *str = g_string_new ("");
- gchar *text;
- EASN1Object *extensionItem;
- SECOidTag oidTag = SECOID_FindOIDTag (&extension->id);
-
- get_oid_text (&extension->id, &text);
-
- extensionItem = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (extensionItem, text);
- g_free (text);
-
- if (extension->critical.data != NULL) {
- if (extension->critical.data[0]) {
- g_string_append (str, _("Critical"));
- } else {
- g_string_append (str, _("Not Critical"));
- }
- } else {
- g_string_append (str, _("Not Critical"));
- }
- g_string_append (str, "\n");
- if (!process_extension_data (oidTag, &extension->value, str)) {
- g_string_free (str, TRUE);
- return FALSE;
- }
-
- e_asn1_object_set_display_value (extensionItem, str->str);
- g_string_free (str, TRUE);
- *retExtension = extensionItem;
- return TRUE;
-}
-
-static gboolean
-process_extensions (CERTCertExtension **extensions,
- EASN1Object *parentSequence)
-{
- EASN1Object *extensionSequence = e_asn1_object_new ();
- PRInt32 i;
-
- e_asn1_object_set_display_name (extensionSequence, _("Extensions"));
-
- for (i = 0; extensions[i] != NULL; i++) {
- EASN1Object *newExtension;
-
- if (!process_single_extension (extensions[i],
- &newExtension))
- return FALSE;
-
- e_asn1_object_append_child (extensionSequence, newExtension);
- }
- e_asn1_object_append_child (parentSequence, extensionSequence);
- return TRUE;
-}
-
-static gboolean
-process_name (CERTName *name,
- gchar **value)
-{
- CERTRDN ** rdns;
- CERTRDN ** rdn;
- CERTAVA ** avas;
- CERTAVA * ava;
- SECItem *decodeItem = NULL;
- GString *final_string = g_string_new ("");
-
- gchar *type;
- GString *avavalue;
- gchar *temp;
- CERTRDN **lastRdn;
-
- rdns = name->rdns;
-
- /* find last RDN */
- lastRdn = rdns;
- while (*lastRdn) lastRdn++;
-
- /* The above whille loop will put us at the last member
- * of the array which is a NULL pointer. So let's back
- * up one spot so that we have the last non-NULL entry in
- * the array in preparation for traversing the
- * RDN's (Relative Distinguished Name) in reverse order.
- */
- lastRdn--;
-
- /*
- * Loop over name contents in _reverse_ RDN order appending to string
- * When building the Ascii string, NSS loops over these entries in
- * reverse order, so I will as well. The difference is that NSS
- * will always place them in a one line string separated by commas,
- * where I want each entry on a single line. I can't just use a comma
- * as my delimitter because it is a valid character to have in the
- * value portion of the AVA and could cause trouble when parsing.
- */
- for (rdn = lastRdn; rdn >= rdns; rdn--) {
- avas = (*rdn)->avas;
- while ((ava = *avas++) != 0) {
- if (!get_oid_text (&ava->type, &type))
- return FALSE;
-
- /* This function returns a string in UTF8 format. */
- decodeItem = CERT_DecodeAVAValue (&ava->value);
- if (!decodeItem) {
- g_free (type);
- return FALSE;
- }
-
- avavalue = g_string_new_len (
- (gchar *) decodeItem->data, decodeItem->len);
-
- SECITEM_FreeItem (decodeItem, PR_TRUE);
-
- /* Translators: This string is used in Certificate
- * details for fields like Issuer or Subject, which
- * shows the field name on the left and its respective
- * value on the right, both as stored in the
- * certificate itself. You probably do not need to
- * change this string, unless changing the order of
- * name and value. As a result example:
- * "OU = VeriSign Trust Network" */
- temp = g_strdup_printf (_("%s = %s"), type, avavalue->str);
-
- g_string_append (final_string, temp);
- g_string_append (final_string, "\n");
- g_string_free (avavalue, TRUE);
- g_free (temp);
- g_free (type);
- }
- }
- *value = g_string_free (final_string, FALSE);
- return TRUE;
-}
-
-static gboolean
-create_tbs_certificate_asn1_struct (CERTCertificate *cert,
- EASN1Object **seq)
-{
- /*
- ** TBSCertificate ::= SEQUENCE {
- ** version [0] EXPLICIT Version DEFAULT v1,
- ** serialNumber CertificateSerialNumber,
- ** signature AlgorithmIdentifier,
- ** issuer Name,
- ** validity Validity,
- ** subject Name,
- ** subjectPublicKeyInfo SubjectPublicKeyInfo,
- ** issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- ** -- If present, version shall be v2 or v3
- ** subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- ** -- If present, version shall be v2 or v3
- ** extensions [3] EXPLICIT Extensions OPTIONAL
- ** -- If present, version shall be v3
- ** }
- **
- ** This is the ASN1 structure we should be dealing with at this point.
- ** The code in this method will assert this is the structure we're
- ** dealing and then add more user friendly text for that field.
- */
- EASN1Object *sequence = e_asn1_object_new ();
- gchar *text;
- EASN1Object *subitem;
- SECItem data;
-
- e_asn1_object_set_display_name (sequence, _("Certificate"));
-
- if (!process_version (&cert->version, &subitem))
- return FALSE;
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- if (!process_serial_number_der (&cert->serialNumber, &subitem))
- return FALSE;
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- if (!process_sec_algorithm_id (&cert->signature, &subitem))
- return FALSE;
-
- e_asn1_object_set_display_name (
- subitem, _("Certificate Signature Algorithm"));
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- process_name (&cert->issuer, &text);
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
-
- e_asn1_object_set_display_name (subitem, _("Issuer"));
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
-#ifdef notyet
- nsCOMPtr < nsIASN1Sequence> validitySequence = new nsNSSASN1Sequence ();
- nssComponent->GetPIPNSSBundleString (
- NS_LITERAL_STRING ("CertDumpValidity").get (), text);
- validitySequence->SetDisplayName (text);
- asn1Objects->AppendElement (validitySequence, PR_FALSE);
- nssComponent->GetPIPNSSBundleString (
- NS_LITERAL_STRING ("CertDumpNotBefore").get (), text);
- nsCOMPtr < nsIX509CertValidity> validityData;
- GetValidity (getter_AddRefs (validityData));
- PRTime notBefore, notAfter;
-
- validityData->GetNotBefore (¬Before);
- validityData->GetNotAfter (¬After);
- validityData = 0;
- rv = ProcessTime (notBefore, text.get (), validitySequence);
- if (NS_FAILED (rv))
- return rv;
-
- nssComponent->GetPIPNSSBundleString (
- NS_LITERAL_STRING ("CertDumpNotAfter").get (), text);
- rv = ProcessTime (notAfter, text.get (), validitySequence);
- if (NS_FAILED (rv))
- return rv;
-#endif
-
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_name (subitem, _("Subject"));
-
- process_name (&cert->subject, &text);
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- if (!process_subject_public_key_info (
- &cert->subjectPublicKeyInfo, sequence))
- return FALSE;
-
- /* Is there an issuerUniqueID? */
- if (cert->issuerID.data) {
- /* The issuerID is encoded as a bit string.
- * The function ProcessRawBytes expects the
- * length to be in bytes, so let's convert the
- * length in a temporary SECItem
- */
- data.data = cert->issuerID.data;
- data.len = cert->issuerID.len / 8;
-
- subitem = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (subitem, _("Issuer Unique ID"));
- process_raw_bytes (&data, &text);
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
-
- e_asn1_object_append_child (sequence, subitem);
- }
-
- if (cert->subjectID.data) {
- /* The subjectID is encoded as a bit string.
- * The function ProcessRawBytes expects the
- * length to be in bytes, so let's convert the
- * length in a temporary SECItem
- */
- data.data = cert->issuerID.data;
- data.len = cert->issuerID.len / 8;
-
- subitem = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (subitem, _("Subject Unique ID"));
- process_raw_bytes (&data, &text);
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
-
- e_asn1_object_append_child (sequence, subitem);
- }
- if (cert->extensions) {
- if (!process_extensions (cert->extensions, sequence))
- return FALSE;
- }
-
- *seq = sequence;
-
- return TRUE;
-}
-
-static gboolean
-fill_asn1_from_cert (EASN1Object *asn1,
- CERTCertificate *cert)
-{
- EASN1Object *sequence;
- SECItem temp;
- gchar *text;
-
- g_return_val_if_fail (asn1 != NULL, FALSE);
- g_return_val_if_fail (cert != NULL, FALSE);
-
- if (cert->nickname) {
- e_asn1_object_set_display_name (asn1, cert->nickname);
- } else {
- gchar *str;
-
- str = CERT_GetCommonName (&cert->subject);
- if (str) {
- e_asn1_object_set_display_name (asn1, str);
- PORT_Free (str);
- } else {
- e_asn1_object_set_display_name (asn1, cert->subjectName);
- }
- }
-
- /* This sequence will be contain the tbsCertificate, signatureAlgorithm,
- * and signatureValue. */
-
- if (!create_tbs_certificate_asn1_struct (cert, &sequence))
- return FALSE;
- e_asn1_object_append_child (asn1, sequence);
- g_object_unref (sequence);
-
- if (!process_sec_algorithm_id (
- &cert->signatureWrap.signatureAlgorithm, &sequence))
- return FALSE;
-
- e_asn1_object_set_display_name (
- sequence, _("Certificate Signature Algorithm"));
- e_asn1_object_append_child (asn1, sequence);
- g_object_unref (sequence);
-
- sequence = e_asn1_object_new ();
- e_asn1_object_set_display_name (
- sequence, _("Certificate Signature Value"));
-
- /* The signatureWrap is encoded as a bit string.
- * The function ProcessRawBytes expects the
- * length to be in bytes, so let's convert the
- * length in a temporary SECItem */
- temp.data = cert->signatureWrap.signature.data;
- temp.len = cert->signatureWrap.signature.len / 8;
- process_raw_bytes (&temp, &text);
- e_asn1_object_set_display_value (sequence, text);
- e_asn1_object_append_child (asn1, sequence);
- g_free (text);
-
- return TRUE;
-}
-
-static void
-e_asn1_object_finalize (GObject *object)
-{
- EASN1ObjectPrivate *priv;
-
- priv = E_ASN1_OBJECT_GET_PRIVATE (object);
-
- g_free (priv->display_name);
- g_free (priv->value);
-
- g_list_free_full (priv->children, (GDestroyNotify) g_object_unref);
-
- /* Chain up to parent's finalize() method. */
- G_OBJECT_CLASS (e_asn1_object_parent_class)->finalize (object);
-}
-
-static void
-e_asn1_object_class_init (EASN1ObjectClass *class)
-{
- GObjectClass *object_class;
-
- g_type_class_add_private (class, sizeof (EASN1ObjectPrivate));
-
- object_class = G_OBJECT_CLASS (class);
- object_class->finalize = e_asn1_object_finalize;
-}
-
-static void
-e_asn1_object_init (EASN1Object *asn1)
-{
- asn1->priv = E_ASN1_OBJECT_GET_PRIVATE (asn1);
-
- asn1->priv->valid_container = TRUE;
-}
-
-EASN1Object *
-e_asn1_object_new (void)
-{
- return E_ASN1_OBJECT (g_object_new (E_TYPE_ASN1_OBJECT, NULL));
-}
-
-EASN1Object *
-e_asn1_object_new_from_cert (CERTCertificate *cert)
-{
- EASN1Object *asn1;
-
- g_return_val_if_fail (cert != NULL, NULL);
-
- asn1 = e_asn1_object_new ();
- if (!fill_asn1_from_cert (asn1, cert)) {
- g_object_unref (asn1);
- return NULL;
- }
-
- return asn1;
-}
-
-void
-e_asn1_object_set_valid_container (EASN1Object *obj,
- gboolean flag)
-{
- obj->priv->valid_container = flag;
-}
-
-gboolean
-e_asn1_object_is_valid_container (EASN1Object *obj)
-{
- return obj->priv->valid_container;
-}
-
-PRUint32
-e_asn1_object_get_asn1_type (EASN1Object *obj)
-{
- return obj->priv->type;
-}
-
-PRUint32
-e_asn1_object_get_asn1_tag (EASN1Object *obj)
-{
- return obj->priv->tag;
-}
-
-GList *
-e_asn1_object_get_children (EASN1Object *obj)
-{
- GList *children = g_list_copy (obj->priv->children);
-
- g_list_foreach (children, (GFunc) g_object_ref, NULL);
-
- return children;
-}
-
-void
-e_asn1_object_append_child (EASN1Object *parent,
- EASN1Object *child)
-{
- parent->priv->children = g_list_append (
- parent->priv->children, g_object_ref (child));
-}
-
-void
-e_asn1_object_set_display_name (EASN1Object *obj,
- const gchar *name)
-{
- g_free (obj->priv->display_name);
- obj->priv->display_name = g_strdup (name);
-}
-
-const gchar *
-e_asn1_object_get_display_name (EASN1Object *obj)
-{
- return obj->priv->display_name;
-}
-
-void
-e_asn1_object_set_display_value (EASN1Object *obj,
- const gchar *value)
-{
- g_free (obj->priv->value);
- obj->priv->value = g_strdup (value);
-}
-
-const gchar *
-e_asn1_object_get_display_value (EASN1Object *obj)
-{
- return obj->priv->value;
-}
-
-void
-e_asn1_object_get_data (EASN1Object *obj,
- gchar **data,
- guint32 *len)
-{
- *data = obj->priv->data;
- *len = obj->priv->data_len;
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with the program; if not, see <http://www.gnu.org/licenses/>
- *
- *
- * Authors:
- * Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
- */
-
-#ifndef E_ASN1_OBJECT_H
-#define E_ASN1_OBJECT_H
-
-#include <glib-object.h>
-
-#include <cert.h>
-
-#define E_TYPE_ASN1_OBJECT (e_asn1_object_get_type ())
-#define E_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_ASN1_OBJECT, EASN1Object))
-#define E_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_ASN1_OBJECT, EASN1ObjectClass))
-#define E_IS_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_ASN1_OBJECT))
-#define E_IS_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_ASN1_OBJECT))
-#define E_ASN1_OBJECT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_ASN1_OBJECT, EASN1ObjectClass))
-
-typedef struct _EASN1Object EASN1Object;
-typedef struct _EASN1ObjectClass EASN1ObjectClass;
-typedef struct _EASN1ObjectPrivate EASN1ObjectPrivate;
-
-enum {
- /*
- * Identifiers for the possible types of object.
- */
- E_ASN1_OBJECT_TYPE_END_CONTENTS = 0,
- E_ASN1_OBJECT_TYPE_BOOLEAN = 1,
- E_ASN1_OBJECT_TYPE_INTEGER = 2,
- E_ASN1_OBJECT_TYPE_BIT_STRING = 3,
- E_ASN1_OBJECT_TYPE_OCTET_STRING = 4,
- E_ASN1_OBJECT_TYPE_NULL = 5,
- E_ASN1_OBJECT_TYPE_OBJECT_ID = 6,
- E_ASN1_OBJECT_TYPE_ENUMERATED = 10,
- E_ASN1_OBJECT_TYPE_UTF8_STRING = 12,
- E_ASN1_OBJECT_TYPE_SEQUENCE = 16,
- E_ASN1_OBJECT_TYPE_SET = 17,
- E_ASN1_OBJECT_TYPE_PRINTABLE_STRING = 19,
- E_ASN1_OBJECT_TYPE_T61_STRING = 20,
- E_ASN1_OBJECT_TYPE_IA5_STRING = 22,
- E_ASN1_OBJECT_TYPE_UTC_TIME = 23,
- E_ASN1_OBJECT_TYPE_GEN_TIME = 24,
- E_ASN1_OBJECT_TYPE_VISIBLE_STRING = 26,
- E_ASN1_OBJECT_TYPE_UNIVERSAL_STRING = 28,
- E_ASN1_OBJECT_TYPE_BMP_STRING = 30,
- E_ASN1_OBJECT_TYPE_HIGH_TAG_NUMBER = 31,
- E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC = 32,
- E_ASN1_OBJECT_TYPE_APPLICATION = 33,
- E_ASN1_OBJECT_TYPE_PRIVATE = 34
-};
-
-struct _EASN1Object {
- GObject parent;
-
- EASN1ObjectPrivate *priv;
-};
-
-struct _EASN1ObjectClass {
- GObjectClass parent_class;
-
- /* Padding for future expansion */
- void (*_ecert_reserved0) (void);
- void (*_ecert_reserved1) (void);
- void (*_ecert_reserved2) (void);
- void (*_ecert_reserved3) (void);
- void (*_ecert_reserved4) (void);
-};
-
-GType e_asn1_object_get_type (void);
-EASN1Object * e_asn1_object_new (void);
-EASN1Object * e_asn1_object_new_from_cert (CERTCertificate *cert);
-
-void e_asn1_object_set_valid_container (EASN1Object *obj,
- gboolean flag);
-gboolean e_asn1_object_is_valid_container (EASN1Object *obj);
-PRUint32 e_asn1_object_get_asn1_type (EASN1Object *obj);
-PRUint32 e_asn1_object_get_asn1_tag (EASN1Object *obj);
-GList * e_asn1_object_get_children (EASN1Object *obj);
-void e_asn1_object_append_child (EASN1Object *parent,
- EASN1Object *child);
-void e_asn1_object_set_display_name (EASN1Object *obj,
- const gchar *name);
-const gchar * e_asn1_object_get_display_name (EASN1Object *obj);
-void e_asn1_object_set_display_value (EASN1Object *obj,
- const gchar *value);
-const gchar * e_asn1_object_get_display_value (EASN1Object *obj);
-
-void e_asn1_object_get_data (EASN1Object *obj,
- gchar **data,
- guint32 *len);
-
-#endif /* E_ASN1_OBJECT_H */
#include <glib/gi18n-lib.h>
-#include <cert.h>
-
#include <libebackend/libebackend.h>
#include "trust-prompt.h"
struct _ETrustPrompt {
EUserPrompterServerExtension parent;
-
- gboolean nss_initialized;
};
struct _ETrustPromptClass {
/* Forward Declarations */
GType e_trust_prompt_get_type (void);
-G_DEFINE_DYNAMIC_TYPE (ETrustPrompt, e_trust_prompt, E_TYPE_USER_PROMPTER_SERVER_EXTENSION)
-
-static gboolean trust_prompt_show_trust_prompt (EUserPrompterServerExtension *extension,
- gint prompt_id,
- const ENamedParameters *parameters);
+G_DEFINE_DYNAMIC_TYPE (
+ ETrustPrompt,
+ e_trust_prompt,
+ E_TYPE_USER_PROMPTER_SERVER_EXTENSION)
#define TRUST_PROMPT_DIALOG "ETrustPrompt::trust-prompt"
-static void
-trust_prompt_register_dialogs (EExtension *extension,
- EUserPrompterServer *server)
-{
- ETrustPrompt *trust_prompt = E_TRUST_PROMPT (extension);
-
- if (!trust_prompt->nss_initialized) {
- trust_prompt->nss_initialized = TRUE;
-
- /* Use camel_init() to initialise NSS consistently... */
- camel_init (e_get_user_data_dir (), TRUE);
- }
-
- e_user_prompter_server_register (server, extension, TRUST_PROMPT_DIALOG);
-}
-
-static gboolean
-trust_prompt_prompt (EUserPrompterServerExtension *extension,
- gint prompt_id,
- const gchar *dialog_name,
- const ENamedParameters *parameters)
-{
- if (g_strcmp0 (dialog_name, TRUST_PROMPT_DIALOG) == 0)
- return trust_prompt_show_trust_prompt (extension, prompt_id, parameters);
-
- return FALSE;
-}
-
-static void
-trust_prompt_finalize (GObject *object)
-{
- ETrustPrompt *trust_prompt = E_TRUST_PROMPT (object);
-
- if (trust_prompt->nss_initialized)
- camel_shutdown ();
-
- /* Chain up to parent's finalize() method. */
- G_OBJECT_CLASS (e_trust_prompt_parent_class)->finalize (object);
-}
-
-static void
-e_trust_prompt_class_init (ETrustPromptClass *class)
-{
- GObjectClass *object_class;
- EUserPrompterServerExtensionClass *server_extension_class;
-
- object_class = G_OBJECT_CLASS (class);
- object_class->finalize = trust_prompt_finalize;
-
- server_extension_class = E_USER_PROMPTER_SERVER_EXTENSION_CLASS (class);
- server_extension_class->register_dialogs = trust_prompt_register_dialogs;
- server_extension_class->prompt = trust_prompt_prompt;
-}
-
-static void
-e_trust_prompt_class_finalize (ETrustPromptClass *class)
-{
-}
-
-static void
-e_trust_prompt_init (ETrustPrompt *trust_prompt)
-{
- trust_prompt->nss_initialized = FALSE;
-}
-
-G_MODULE_EXPORT void
-e_module_load (GTypeModule *type_module)
-{
- e_trust_prompt_register_type (type_module);
-}
-
-G_MODULE_EXPORT void
-e_module_unload (GTypeModule *type_module)
-{
-}
-
/* dialog definitions */
/* ETrustPrompt::trust-prompt
* "certificate" - a base64-encoded DER certificate, for which ask on trust
* "certificate-errors" - a hexa-decimal integer (as string) corresponding to GTlsCertificateFlags
*
- * It can contain, optionally, chain of issuers:
- * "issuer" - a base64-encoded DER certificate, issuer of "certificate"
- * "issuer-1" - a base64-encoded DER certificate, issuer of "issuer"
- * "issuer-2" - a base64-encoded DER certificate, issuer of "issuer-1"
- * and so on
- *
* Result of the dialog is:
* 0 - reject
* 1 - accept permanently
*/
static gchar *
-cert_fingerprint (CERTCertificate *cert)
-{
- GChecksum *checksum;
- guint8 *digest;
- gsize length;
- guchar fingerprint[50], *f;
- gint i;
- const gchar tohex[16] = "0123456789abcdef";
-
- length = g_checksum_type_get_length (G_CHECKSUM_MD5);
- digest = g_alloca (length);
-
- checksum = g_checksum_new (G_CHECKSUM_MD5);
- g_checksum_update (checksum, cert->derCert.data, cert->derCert.len);
- g_checksum_get_digest (checksum, digest, &length);
- g_checksum_free (checksum);
-
- for (i = 0,f = fingerprint; i < length; i++) {
- guint c = digest[i];
-
- *f++ = tohex[(c >> 4) & 0xf];
- *f++ = tohex[c & 0xf];
- *f++ = ':';
- }
-
- fingerprint[47] = 0;
-
- return g_strdup ((gchar *) fingerprint);
-}
-
-static gchar *
cert_errors_to_reason (GTlsCertificateFlags flags)
{
struct _convert_table {
}
static void
-trust_prompt_free_certificate (gpointer cert)
+parser_parsed_cb (GcrParser *parser,
+ GcrParsed **out_parsed)
{
- if (!cert)
- return;
+ GcrParsed *parsed;
- CERT_DestroyCertificate (cert);
-}
+ parsed = gcr_parser_get_parsed (parser);
+ g_return_if_fail (parsed != NULL);
-static GSList *
-trust_prompt_get_issuers (CERTCertDBHandle *certdb,
- const ENamedParameters *parameters)
-{
- GSList *issuers = NULL;
- CERTCertificate *cert;
- SECItem derCert;
- gsize derCert_len = 0;
- gint ii;
-
- g_return_val_if_fail (certdb != NULL, NULL);
- g_return_val_if_fail (parameters != NULL, NULL);
-
- for (ii = 0; ii >= 0; ii++) {
- const gchar *base64_cert;
-
- if (ii == 0) {
- base64_cert = e_named_parameters_get (parameters, "issuer");
- } else {
- gchar *key;
-
- key = g_strdup_printf ("issuer-%d", ii);
- base64_cert = e_named_parameters_get (parameters, key);
- g_free (key);
- }
-
- if (!base64_cert)
- break;
-
- derCert.type = siDERCertBuffer;
- derCert.data = g_base64_decode (base64_cert, &derCert_len);
- if (!derCert.data)
- break;
-
- derCert.len = derCert_len;
-
- cert = CERT_NewTempCertificate (certdb, &derCert, NULL, PR_FALSE, PR_TRUE);
- g_free (derCert.data);
-
- if (!cert)
- break;
-
- issuers = g_slist_prepend (issuers, cert);
- }
-
- return g_slist_reverse (issuers);
+ *out_parsed = gcr_parsed_ref (parsed);
}
static gboolean
const ENamedParameters *parameters)
{
const gchar *host, *markup, *base64_cert, *cert_errs_str;
- gchar *fingerprint, *reason;
+ gchar *reason;
gint64 cert_errs;
- CERTCertDBHandle *certdb;
- CERTCertificate *cert;
- GSList *issuers;
- SECItem derCert;
- gsize derCert_len = 0;
+ GcrParser *parser;
+ GcrParsed *parsed = NULL;
+ guchar *data;
+ gsize data_length;
gboolean success;
+ GError *local_error = NULL;
g_return_val_if_fail (extension != NULL, FALSE);
g_return_val_if_fail (parameters != NULL, FALSE);
+ /* Continue even if PKCS#11 module registration fails.
+ * Certificate details won't display correctly but the
+ * user can still respond to the prompt. */
+ gcr_pkcs11_initialize (NULL, &local_error);
+ if (local_error != NULL) {
+ g_warning ("%s: %s", G_STRFUNC, local_error->message);
+ g_clear_error (&local_error);
+ }
+
host = e_named_parameters_get (parameters, "host");
markup = e_named_parameters_get (parameters, "markup");
base64_cert = e_named_parameters_get (parameters, "certificate");
g_return_val_if_fail (base64_cert != NULL, FALSE);
g_return_val_if_fail (cert_errs_str != NULL, FALSE);
- derCert.type = siDERCertBuffer;
- derCert.data = g_base64_decode (base64_cert, &derCert_len);
- g_return_val_if_fail (derCert.data != NULL, FALSE);
- derCert.len = derCert_len;
+ cert_errs = g_ascii_strtoll (cert_errs_str, NULL, 16);
+ reason = cert_errors_to_reason (cert_errs);
- certdb = CERT_GetDefaultCertDB ();
- cert = CERT_NewTempCertificate (certdb, &derCert, NULL, PR_FALSE, PR_TRUE);
- g_return_val_if_fail (cert != NULL, FALSE);
+ parser = gcr_parser_new ();
- issuers = trust_prompt_get_issuers (certdb, parameters);
+ g_signal_connect (
+ parser, "parsed",
+ G_CALLBACK (parser_parsed_cb), &parsed);
- cert_errs = g_ascii_strtoll (cert_errs_str, NULL, 16);
- reason = cert_errors_to_reason (cert_errs);
- fingerprint = cert_fingerprint (cert);
+ data = g_base64_decode (base64_cert, &data_length);
+ gcr_parser_parse_data (parser, data, data_length, &local_error);
+ g_free (data);
- success = trust_prompt_show (extension, prompt_id, host, markup, cert, fingerprint, reason, issuers);
+ g_object_unref (parser);
+
+ /* Sanity check. */
+ g_warn_if_fail (
+ ((parsed != NULL) && (local_error == NULL)) ||
+ ((parsed == NULL) && (local_error != NULL)));
+
+ if (parsed != NULL) {
+ success = trust_prompt_show (
+ extension, prompt_id, host, markup, parsed, reason);
+ gcr_parsed_unref (parsed);
+ }
+
+ if (local_error != NULL) {
+ g_warning ("%s: %s", G_STRFUNC, local_error->message);
+ g_clear_error (&local_error);
+ success = FALSE;
+ }
- trust_prompt_free_certificate (cert);
- g_slist_free_full (issuers, trust_prompt_free_certificate);
- g_free (derCert.data);
- g_free (fingerprint);
g_free (reason);
return success;
}
+static void
+trust_prompt_register_dialogs (EExtension *extension,
+ EUserPrompterServer *server)
+{
+ e_user_prompter_server_register (server, extension, TRUST_PROMPT_DIALOG);
+}
+
+static gboolean
+trust_prompt_prompt (EUserPrompterServerExtension *extension,
+ gint prompt_id,
+ const gchar *dialog_name,
+ const ENamedParameters *parameters)
+{
+ if (g_strcmp0 (dialog_name, TRUST_PROMPT_DIALOG) == 0)
+ return trust_prompt_show_trust_prompt (extension, prompt_id, parameters);
+
+ return FALSE;
+}
+
+static void
+e_trust_prompt_class_init (ETrustPromptClass *class)
+{
+ EUserPrompterServerExtensionClass *server_extension_class;
+
+ server_extension_class = E_USER_PROMPTER_SERVER_EXTENSION_CLASS (class);
+ server_extension_class->register_dialogs = trust_prompt_register_dialogs;
+ server_extension_class->prompt = trust_prompt_prompt;
+}
+
+static void
+e_trust_prompt_class_finalize (ETrustPromptClass *class)
+{
+}
+
+static void
+e_trust_prompt_init (ETrustPrompt *trust_prompt)
+{
+}
+
+G_MODULE_EXPORT void
+e_module_load (GTypeModule *type_module)
+{
+ e_trust_prompt_register_type (type_module);
+}
+
+G_MODULE_EXPORT void
+e_module_unload (GTypeModule *type_module)
+{
+}
+
#include <gtk/gtk.h>
#include <glib/gi18n-lib.h>
-#include <cert.h>
#include <libebackend/libebackend.h>
#include "trust-prompt.h"
-#include "certificate-viewer.h"
static void
trust_prompt_add_info_line (GtkGrid *grid,
pango_attr_list_unref (bold);
}
-static void
-trust_prompt_free_certificate (gpointer cert)
-{
- if (!cert)
- return;
-
- CERT_DestroyCertificate (cert);
-}
-
-static void
-trust_prompt_free_issuers (gpointer issuers)
-{
- if (!issuers)
- return;
-
- g_slist_free_full (issuers, trust_prompt_free_certificate);
-}
-
#define TRUST_PROMP_ID_KEY "ETrustPrompt::prompt-id-key"
-#define TRUST_PROMP_CERT_KEY "ETrustPrompt::cert-key"
-#define TRUST_PROMP_ISSUERS_KEY "ETrustPrompt::issuers-key"
static void
trust_prompt_response_cb (GtkWidget *dialog,
{
gint prompt_id;
- if (response == GTK_RESPONSE_HELP) {
- GtkWidget *viewer;
-
- viewer = certificate_viewer_new (
- GTK_WINDOW (dialog),
- g_object_get_data (G_OBJECT (dialog), TRUST_PROMP_CERT_KEY),
- g_object_get_data (G_OBJECT (dialog), TRUST_PROMP_ISSUERS_KEY));
-
- gtk_dialog_run (GTK_DIALOG (viewer));
- gtk_widget_destroy (viewer);
-
- return;
- }
-
prompt_id = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (dialog), TRUST_PROMP_ID_KEY));
gtk_widget_destroy (dialog);
gint prompt_id,
const gchar *host,
const gchar *markup,
- const CERTCertificate *pcert,
- const gchar *cert_fingerprint,
- const gchar *reason,
- const GSList *pissuers)
+ GcrParsed *parsed,
+ const gchar *reason)
{
+ GcrCertificateWidget *certificate_widget;
+ GcrCertificate *certificate;
+ GckAttributes *attributes;
GtkWidget *dialog, *widget;
GtkGrid *grid;
- gchar *tmp, *issuer, *subject, *head;
- GSList *issuers, *iter;
- CERTCertificate *cert;
+ const guchar *data;
+ gsize length;
+ gchar *tmp;
gint row = 0;
- cert = CERT_DupCertificate ((CERTCertificate *) pcert);
- issuers = g_slist_copy ((GSList *) pissuers);
- for (iter = issuers; iter; iter = g_slist_next (iter)) {
- if (iter->data)
- iter->data = CERT_DupCertificate (iter->data);
- }
-
dialog = gtk_dialog_new_with_buttons (
_("Certificate trust..."), NULL, 0,
- _("_View Certificate"), GTK_RESPONSE_HELP,
_("_Reject"), GTK_RESPONSE_REJECT,
_("Accept _Temporarily"), GTK_RESPONSE_YES,
_("_Accept Permanently"), GTK_RESPONSE_ACCEPT,
NULL);
+ widget = gtk_dialog_get_content_area (GTK_DIALOG (dialog));
+
gtk_window_set_icon_name (GTK_WINDOW (dialog), "evolution");
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_YES);
+ gtk_container_set_border_width (GTK_CONTAINER (dialog), 5);
grid = g_object_new (
GTK_TYPE_GRID,
"orientation", GTK_ORIENTATION_HORIZONTAL,
"row-homogeneous", FALSE,
- "row-spacing", 2,
+ "row-spacing", 6,
"column-homogeneous", FALSE,
- "column-spacing", 6,
+ "column-spacing", 12,
"hexpand", TRUE,
"halign", GTK_ALIGN_FILL,
"vexpand", TRUE,
"valign", GTK_ALIGN_FILL,
- "border-width", 12,
NULL);
- widget = gtk_dialog_get_content_area (GTK_DIALOG (dialog));
+ gtk_container_set_border_width (GTK_CONTAINER (grid), 5);
gtk_container_add (GTK_CONTAINER (widget), GTK_WIDGET (grid));
widget = gtk_image_new_from_icon_name ("dialog-warning", GTK_ICON_SIZE_DIALOG);
G_OBJECT (widget),
"vexpand", FALSE,
"valign", GTK_ALIGN_START,
- "xpad", 6,
NULL);
gtk_grid_attach (grid, widget, 0, row, 1, 3);
markup = tmp;
}
- head = g_strdup_printf ("%s\n\n%s", markup, _("Detailed information about the certificate:"));
-
widget = gtk_label_new (NULL);
- gtk_label_set_markup (GTK_LABEL (widget), head);
+ gtk_label_set_markup (GTK_LABEL (widget), markup);
gtk_misc_set_alignment (GTK_MISC (widget), 0.0, 0.0);
- g_free (head);
+
g_free (tmp);
gtk_grid_attach (grid, widget, 1, row, 2, 1);
row++;
- issuer = CERT_NameToAscii (&cert->issuer);
- subject = CERT_NameToAscii (&cert->subject);
-
- trust_prompt_add_info_line (grid, _("Issuer:"), issuer, TRUE, &row);
- trust_prompt_add_info_line (grid, _("Subject:"), subject, TRUE, &row);
- trust_prompt_add_info_line (grid, _("Fingerprint:"), cert_fingerprint, TRUE, &row);
trust_prompt_add_info_line (grid, _("Reason:"), reason, FALSE, &row);
- PORT_Free (issuer);
- PORT_Free (subject);
+ data = gcr_parsed_get_data (parsed, &length);
+ attributes = gcr_parsed_get_attributes (parsed);
+
+ certificate = gcr_simple_certificate_new (data, length);
+
+ certificate_widget = gcr_certificate_widget_new (certificate);
+ gcr_certificate_widget_set_attributes (certificate_widget, attributes);
+
+ widget = GTK_WIDGET (certificate_widget);
+ gtk_grid_attach (grid, widget, 1, row, 2, 1);
+ gtk_widget_show (widget);
+
+ g_clear_object (&certificate);
g_object_set_data (G_OBJECT (dialog), TRUST_PROMP_ID_KEY, GINT_TO_POINTER (prompt_id));
- g_object_set_data_full (G_OBJECT (dialog), TRUST_PROMP_CERT_KEY, cert, trust_prompt_free_certificate);
- g_object_set_data_full (G_OBJECT (dialog), TRUST_PROMP_ISSUERS_KEY, issuers, trust_prompt_free_issuers);
g_signal_connect (dialog, "response", G_CALLBACK (trust_prompt_response_cb), extension);
#ifndef TRUST_PROMPT_H
#define TRUST_PROMPT_H
-#include <cert.h>
+/* XXX Yeah, yeah... */
+#define GCR_API_SUBJECT_TO_CHANGE
+
+#include <gcr/gcr.h>
#include <libebackend/libebackend.h>
/* This shows a trust-prompt. The function may not block and returns whether
gint prompt_id,
const gchar *host,
const gchar *markup,
- const CERTCertificate *pcert,
- const gchar *cert_fingerprint,
- const gchar *reason,
- const GSList *pissuers);
+ GcrParsed *parsed,
+ const gchar *reason);
#endif /* TRUST_PROMPT_H */