/*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) version 3.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with the program; if not, see <http://www.gnu.org/licenses/>
*
*
* Authors:
* Chris Toshok <toshok@ximian.com>
*
* Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <glib/gi18n.h>
#include "pk11pub.h"
#include "hasht.h"
#include <libedataserver/libedataserver.h>
#include "e-asn1-object.h"
#include "certificate-viewer.h"
#define CERTIFICATE_VIEWER_PRIV_KEY "CertificateViewerPriv-key"
typedef struct _CertificateViewerPriv
{
GtkWidget *issued_to_cn;
GtkWidget *issued_to_o;
GtkWidget *issued_to_ou;
GtkWidget *issued_to_serial;
GtkWidget *issued_by_cn;
GtkWidget *issued_by_o;
GtkWidget *issued_by_ou;
GtkWidget *validity_issued_on;
GtkWidget *validity_expires_on;
GtkWidget *fingerprints_sha1;
GtkWidget *fingerprints_md5;
GtkWidget *cert_hierarchy_treeview;
GtkWidget *cert_fields_treeview;
GtkWidget *cert_field_value_textview;
CERTCertificate *cert;
GSList *issuers;
GtkTextTag *monospace_tag;
} CertificateViewerPriv;
static void
free_priv_struct (gpointer ptr)
{
CertificateViewerPriv *priv = ptr;
GSList *iter;
if (!priv)
return;
if (priv->cert)
CERT_DestroyCertificate (priv->cert);
for (iter = priv->issuers; iter; iter = iter->next) {
CERTCertificate *cert = iter->data;
if (cert)
CERT_DestroyCertificate (cert);
}
g_slist_free (priv->issuers);
g_free (priv);
}
static void
begin_section (GtkGrid *add_to,
const gchar *caption,
gint *from_row,
gint for_rows)
{
GtkWidget *widget;
PangoAttribute *attr;
PangoAttrList *bold;
g_return_if_fail (add_to != NULL);
g_return_if_fail (caption != NULL);
g_return_if_fail (from_row != NULL);
bold = pango_attr_list_new ();
attr = pango_attr_weight_new (PANGO_WEIGHT_BOLD);
pango_attr_list_insert (bold, attr);
widget = gtk_label_new (caption);
g_object_set (
G_OBJECT (widget),
"hexpand", TRUE,
"halign", GTK_ALIGN_START,
"justify", GTK_JUSTIFY_LEFT,
"attributes", bold,
"ellipsize", PANGO_ELLIPSIZE_NONE,
NULL);
pango_attr_list_unref (bold);
gtk_grid_attach (add_to, widget, 0, *from_row, 3, 1);
(*from_row)++;
widget = gtk_alignment_new (0.0, 0.0, 0.0, 0.0);
gtk_alignment_set_padding (GTK_ALIGNMENT (widget), 0, 0, 12, 0);
gtk_grid_attach (add_to, widget, 0, *from_row, 1, for_rows);
}
static GtkWidget *
add_info_label (GtkGrid *add_to,
const gchar *caption,
gint *at_row)
{
GtkWidget *widget;
g_return_val_if_fail (add_to != NULL, NULL);
g_return_val_if_fail (at_row != NULL, NULL);
if (caption) {
widget = gtk_label_new (caption);
g_object_set (
G_OBJECT (widget),
"hexpand", FALSE,
"halign", GTK_ALIGN_START,
"justify", GTK_JUSTIFY_LEFT,
"ellipsize", PANGO_ELLIPSIZE_NONE,
NULL);
gtk_grid_attach (add_to, widget, 1, *at_row, 1, 1);
}
widget = gtk_label_new ("");
g_object_set (
G_OBJECT (widget),
"hexpand", TRUE,
"halign", GTK_ALIGN_START,
"justify", GTK_JUSTIFY_LEFT,
"ellipsize", PANGO_ELLIPSIZE_NONE,
"selectable", caption != NULL,
NULL);
gtk_grid_attach (add_to, widget, caption ? 2 : 1, *at_row, caption ? 1 : 2, 1);
(*at_row)++;
return widget;
}
static GtkWidget *
add_scrolled_window (GtkGrid *add_to,
const gchar *caption,
gint *at_row,
GtkWidget *add_widget)
{
GtkWidget *widget;
PangoAttribute *attr;
PangoAttrList *bold;
g_return_val_if_fail (add_to != NULL, NULL);
g_return_val_if_fail (caption != NULL, NULL);
g_return_val_if_fail (at_row != NULL, NULL);
bold = pango_attr_list_new ();
attr = pango_attr_weight_new (PANGO_WEIGHT_BOLD);
pango_attr_list_insert (bold, attr);
widget = gtk_label_new (caption);
g_object_set (
G_OBJECT (widget),
"hexpand", TRUE,
"halign", GTK_ALIGN_START,
"justify", GTK_JUSTIFY_LEFT,
"attributes", bold,
"ellipsize", PANGO_ELLIPSIZE_NONE,
NULL);
pango_attr_list_unref (bold);
gtk_grid_attach (add_to, widget, 0, *at_row, 1, 1);
(*at_row)++;
widget = gtk_scrolled_window_new (NULL, NULL);
g_object_set (
G_OBJECT (widget),
"hexpand", TRUE,
"halign", GTK_ALIGN_FILL,
"vexpand", TRUE,
"valign", GTK_ALIGN_FILL,
"hscrollbar-policy", GTK_POLICY_AUTOMATIC,
"vscrollbar-policy", GTK_POLICY_AUTOMATIC,
"shadow-type", GTK_SHADOW_ETCHED_IN,
NULL);
gtk_scrolled_window_add_with_viewport (GTK_SCROLLED_WINDOW (widget), add_widget);
gtk_grid_attach (add_to, widget, 0, *at_row, 1, 1);
(*at_row)++;
return add_widget;
}
#define FLAG_NONE (0)
#define FLAG_PORT_MEMORY (1 << 0)
#define FLAG_MARKUP (1 << 1)
static void
set_label_text (GtkWidget *label,
const gchar *not_part_markup,
gchar *text,
guint32 flags)
{
if (text) {
if ((flags & FLAG_MARKUP) != 0)
gtk_label_set_markup (GTK_LABEL (label), text);
else
gtk_label_set_text (GTK_LABEL (label), text);
if ((flags & FLAG_PORT_MEMORY) != 0)
PORT_Free (text);
else
g_free (text);
} else {
gtk_label_set_markup (GTK_LABEL (label), not_part_markup);
}
}
static void
get_cert_times (CERTCertificate *cert,
gchar **issued_on,
gchar **expires_on)
{
PRTime time_issued_on;
PRTime time_expires_on;
PRExplodedTime explodedTime;
struct tm exploded_tm;
gchar buf[128];
g_return_if_fail (cert != NULL);
g_return_if_fail (issued_on != NULL);
g_return_if_fail (expires_on != NULL);
if (SECSuccess != CERT_GetCertTimes (cert, &time_issued_on, &time_expires_on))
return;
PR_ExplodeTime (time_issued_on, PR_LocalTimeParameters, &explodedTime);
exploded_tm.tm_sec = explodedTime.tm_sec;
exploded_tm.tm_min = explodedTime.tm_min;
exploded_tm.tm_hour = explodedTime.tm_hour;
exploded_tm.tm_mday = explodedTime.tm_mday;
exploded_tm.tm_mon = explodedTime.tm_month;
exploded_tm.tm_year = explodedTime.tm_year - 1900;
e_utf8_strftime (buf, sizeof (buf), "%x", &exploded_tm);
*issued_on = g_strdup (buf);
PR_ExplodeTime (time_expires_on, PR_LocalTimeParameters, &explodedTime);
exploded_tm.tm_sec = explodedTime.tm_sec;
exploded_tm.tm_min = explodedTime.tm_min;
exploded_tm.tm_hour = explodedTime.tm_hour;
exploded_tm.tm_mday = explodedTime.tm_mday;
exploded_tm.tm_mon = explodedTime.tm_month;
exploded_tm.tm_year = explodedTime.tm_year - 1900;
e_utf8_strftime (buf, sizeof (buf), "%x", &exploded_tm);
*expires_on = g_strdup (buf);
}
static void
fill_general_page (CertificateViewerPriv *priv)
{
gchar *not_part_markup;
gchar *issued_on = NULL;
gchar *expires_on = NULL;
gchar *port_str;
guchar fingerprint[128];
SECItem fpItem;
g_return_if_fail (priv != NULL);
not_part_markup = g_strconcat ("<i><", _("Not part of certificate"), "></i>", NULL);
set_label_text (priv->issued_to_cn, not_part_markup, CERT_GetCommonName (&priv->cert->subject), FLAG_PORT_MEMORY);
set_label_text (priv->issued_to_o, not_part_markup, CERT_GetOrgName (&priv->cert->subject), FLAG_PORT_MEMORY);
set_label_text (priv->issued_to_ou, not_part_markup, CERT_GetOrgUnitName (&priv->cert->subject), FLAG_PORT_MEMORY);
set_label_text (priv->issued_to_serial, not_part_markup, CERT_Hexify (&priv->cert->serialNumber, TRUE), FLAG_PORT_MEMORY);
set_label_text (priv->issued_by_cn, not_part_markup, CERT_GetCommonName (&priv->cert->issuer), FLAG_PORT_MEMORY);
set_label_text (priv->issued_by_o, not_part_markup, CERT_GetOrgName (&priv->cert->issuer), FLAG_PORT_MEMORY);
set_label_text (priv->issued_by_ou, not_part_markup, CERT_GetOrgUnitName (&priv->cert->issuer), FLAG_PORT_MEMORY);
get_cert_times (priv->cert, &issued_on, &expires_on);
set_label_text (priv->validity_issued_on, not_part_markup, issued_on, FLAG_NONE);
set_label_text (priv->validity_expires_on, not_part_markup, expires_on, FLAG_NONE);
memset (fingerprint, 0, sizeof fingerprint);
PK11_HashBuf (
SEC_OID_SHA1, fingerprint,
priv->cert->derCert.data,
priv->cert->derCert.len);
fpItem.data = fingerprint;
fpItem.len = SHA1_LENGTH;
port_str = CERT_Hexify (&fpItem, TRUE);
set_label_text (priv->fingerprints_sha1, not_part_markup, g_strconcat ("<tt>", port_str, "</tt>", NULL), FLAG_MARKUP);
PORT_Free (port_str);
memset (fingerprint, 0, sizeof fingerprint);
PK11_HashBuf (
SEC_OID_MD5, fingerprint,
priv->cert->derCert.data,
priv->cert->derCert.len);
fpItem.data = fingerprint;
fpItem.len = MD5_LENGTH;
port_str = CERT_Hexify (&fpItem, TRUE);
set_label_text (priv->fingerprints_md5, not_part_markup, g_strconcat ("<tt>", port_str, "</tt>", NULL), FLAG_MARKUP);
PORT_Free (port_str);
g_free (not_part_markup);
}
static void
populate_fields_tree (CertificateViewerPriv *priv,
EASN1Object *asn1,
GtkTreeIter *root)
{
GtkTreeStore *fields_store;
GtkTreeIter new_iter;
if (!asn1)
return;
fields_store = GTK_TREE_STORE (gtk_tree_view_get_model (GTK_TREE_VIEW (priv->cert_fields_treeview)));
/* first insert a node for the current asn1 */
gtk_tree_store_insert (fields_store, &new_iter, root, -1);
gtk_tree_store_set (
fields_store, &new_iter,
0, e_asn1_object_get_display_name (asn1),
1, asn1,
-1);
if (e_asn1_object_is_valid_container (asn1)) {
GList *children = e_asn1_object_get_children (asn1);
if (children) {
GList *iter;
for (iter = children; iter; iter = iter->next) {
EASN1Object *subasn1 = iter->data;
populate_fields_tree (priv, subasn1, &new_iter);
}
}
g_list_free_full (children, g_object_unref);
}
}
static void
hierarchy_selection_changed_cb (GtkTreeSelection *selection,
CertificateViewerPriv *priv)
{
GtkTreeIter iter;
GtkTreeModel *model;
if (gtk_tree_selection_get_selected (selection, &model, &iter)) {
CERTCertificate *cert;
EASN1Object *asn1;
GtkTreeStore *fields_store;
gtk_tree_model_get (model, &iter, 1, &cert, -1);
if (!cert)
return;
/* display the cert's ASN1 structure */
asn1 = e_asn1_object_new_from_cert (cert);
/* wipe out the old model */
fields_store = gtk_tree_store_new (2, G_TYPE_STRING, G_TYPE_OBJECT);
gtk_tree_view_set_model (
GTK_TREE_VIEW (priv->cert_fields_treeview),
GTK_TREE_MODEL (fields_store));
/* populate the fields from the newly selected cert */
populate_fields_tree (priv, asn1, NULL);
gtk_tree_view_expand_all (GTK_TREE_VIEW (priv->cert_fields_treeview));
if (asn1)
g_object_unref (asn1);
/* and blow away the field value */
gtk_text_buffer_set_text (
gtk_text_view_get_buffer (GTK_TEXT_VIEW (priv->cert_field_value_textview)),
"", 0);
}
}
static void
fields_selection_changed_cb (GtkTreeSelection *selection,
CertificateViewerPriv *priv)
{
GtkTreeIter iter;
GtkTreeModel *model;
if (gtk_tree_selection_get_selected (selection, &model, &iter)) {
EASN1Object *asn1 = NULL;
const gchar *value = NULL;
GtkTextView *textview;
GtkTextBuffer *textbuffer;
gtk_tree_model_get (model, &iter, 1, &asn1, -1);
if (asn1)
value = e_asn1_object_get_display_value (asn1);
textview = GTK_TEXT_VIEW (priv->cert_field_value_textview);
textbuffer = gtk_text_view_get_buffer (textview);
gtk_text_buffer_set_text (textbuffer, "", 0);
if (value) {
GtkTextIter text_iter;
gtk_text_buffer_get_start_iter (textbuffer, &text_iter);
gtk_text_buffer_insert_with_tags (
textbuffer, &text_iter,
value, strlen (value),
priv->monospace_tag, NULL);
}
if (asn1)
g_object_unref (asn1);
}
}
static void
fill_details_page (CertificateViewerPriv *priv)
{
GSList *iter;
GtkTreeIter root;
GtkTreeSelection *selection;
gboolean root_set = FALSE;
GtkTreeStore *hierarchy_store;
g_return_if_fail (priv != NULL);
gtk_tree_view_set_headers_visible (GTK_TREE_VIEW (priv->cert_hierarchy_treeview), FALSE);
hierarchy_store = gtk_tree_store_new (2, G_TYPE_STRING, G_TYPE_POINTER);
gtk_tree_view_set_model (
GTK_TREE_VIEW (priv->cert_hierarchy_treeview),
GTK_TREE_MODEL (hierarchy_store));
gtk_tree_view_insert_column_with_attributes (
GTK_TREE_VIEW (priv->cert_hierarchy_treeview),
-1, "Cert", gtk_cell_renderer_text_new (),
"text", 0, NULL);
selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (priv->cert_hierarchy_treeview));
g_signal_connect (
selection, "changed",
G_CALLBACK (hierarchy_selection_changed_cb), priv);
gtk_tree_view_set_headers_visible (GTK_TREE_VIEW (priv->cert_fields_treeview), FALSE);
gtk_tree_view_insert_column_with_attributes (
GTK_TREE_VIEW (priv->cert_fields_treeview),
-1, "Field", gtk_cell_renderer_text_new (),
"text", 0, NULL);
selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (priv->cert_fields_treeview));
g_signal_connect (
selection, "changed",
G_CALLBACK (fields_selection_changed_cb), priv);
/* set the font of the field value viewer to be some fixed
* width font to the hex display looks nice. */
priv->monospace_tag = gtk_text_buffer_create_tag (
gtk_text_view_get_buffer (GTK_TEXT_VIEW (priv->cert_field_value_textview)),
"mono", "font", "Mono", NULL);
/* initially populate the hierarchy from the issuers' chain */
for (iter = priv->issuers; iter; iter = g_slist_next (iter)) {
CERTCertificate *cert = iter->data;
gchar *str;
GtkTreeIter new_iter;
if (!cert)
continue;
str = CERT_GetCommonName (&cert->subject);
gtk_tree_store_insert (hierarchy_store, &new_iter, root_set ? &root : NULL, -1);
gtk_tree_store_set (
hierarchy_store, &new_iter,
0, str ? str : cert->subjectName,
1, cert,
-1);
root = new_iter;
root_set = TRUE;
if (str)
PORT_Free (str);
}
gtk_tree_view_expand_all (GTK_TREE_VIEW (priv->cert_hierarchy_treeview));
}
static gchar *
get_window_title (CERTCertificate *cert)
{
gchar *str;
g_return_val_if_fail (cert != NULL, NULL);
if (cert->nickname)
return g_strdup (cert->nickname);
str = CERT_GetCommonName (&cert->subject);
if (str) {
gchar *title;
title = g_strdup (str);
PORT_Free (str);
return title;
}
return cert->subjectName;
}
GtkWidget *
certificate_viewer_new (GtkWindow *parent,
const CERTCertificate *cert,
const GSList *issuers_chain_certs)
{
CertificateViewerPriv *priv;
GtkWidget *dialog, *notebook, *widget;
GtkGrid *grid;
gint row;
GSList *iter;
gchar *title;
g_return_val_if_fail (cert != NULL, NULL);
priv = g_new0 (CertificateViewerPriv, 1);
priv->cert = CERT_DupCertificate ((CERTCertificate *) cert);
priv->issuers = g_slist_copy ((GSList *) issuers_chain_certs);
/* root issuer first, then bottom down to certificate itself */
priv->issuers = g_slist_reverse (priv->issuers);
priv->issuers = g_slist_append (priv->issuers, priv->cert);
for (iter = priv->issuers; iter; iter = g_slist_next (iter)) {
iter->data = CERT_DupCertificate (iter->data);
}
title = get_window_title (priv->cert);
dialog = gtk_dialog_new_with_buttons (
title, parent,
GTK_DIALOG_DESTROY_WITH_PARENT | GTK_DIALOG_MODAL,
GTK_STOCK_CLOSE, GTK_RESPONSE_CLOSE,
NULL);
g_free (title);
g_object_set_data_full (G_OBJECT (dialog), CERTIFICATE_VIEWER_PRIV_KEY, priv, free_priv_struct);
notebook = gtk_notebook_new ();
gtk_container_add (GTK_CONTAINER (gtk_dialog_get_content_area (GTK_DIALOG (dialog))), notebook);
gtk_container_set_border_width (GTK_CONTAINER (notebook), 12);
/* General page */
row = 0;
grid = GTK_GRID (gtk_grid_new ());
g_object_set (
G_OBJECT (grid),
"hexpand", TRUE,
"halign", GTK_ALIGN_FILL,
"vexpand", FALSE,
"valign", GTK_ALIGN_START,
"border-width", 12,
"row-spacing", 6,
"column-spacing", 6,
NULL);
begin_section (grid, _("This certificate has been verified for the following uses:"), &row, 4);
if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & certificateUsageSSLClient) != 0) {
widget = add_info_label (grid, NULL, &row);
gtk_label_set_text (GTK_LABEL (widget), _("SSL Client Certificate"));
}
if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & (certificateUsageSSLServer | certificateUsageSSLCA)) != 0) {
widget = add_info_label (grid, NULL, &row);
gtk_label_set_text (GTK_LABEL (widget), _("SSL Server Certificate"));
}
if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & certificateUsageEmailSigner) != 0) {
widget = add_info_label (grid, NULL, &row);
gtk_label_set_text (GTK_LABEL (widget), _("Email Signer Certificate"));
}
if (!priv->cert->keyUsagePresent || (priv->cert->keyUsage & certificateUsageEmailRecipient) != 0) {
widget = add_info_label (grid, NULL, &row);
gtk_label_set_text (GTK_LABEL (widget), _("Email Recipient Certificate"));
}
widget = gtk_separator_new (GTK_ORIENTATION_HORIZONTAL);
g_object_set (
G_OBJECT (widget),
"hexpand", TRUE,
"halign", GTK_ALIGN_FILL,
"vexpand", FALSE,
"valign", GTK_ALIGN_START,
NULL);
gtk_grid_attach (grid, widget, 0, row, 3, 1);
row++;
begin_section (grid, _("Issued To"), &row, 4);
priv->issued_to_cn = add_info_label (grid, _("Common Name (CN)"), &row);
priv->issued_to_o = add_info_label (grid, _("Organization (O)"), &row);
priv->issued_to_ou = add_info_label (grid, _("Organizational Unit (OU)"), &row);
priv->issued_to_serial = add_info_label (grid, _("Serial Number"), &row);
begin_section (grid, _("Issued By"), &row, 3);
priv->issued_by_cn = add_info_label (grid, _("Common Name (CN)"), &row);
priv->issued_by_o = add_info_label (grid, _("Organization (O)"), &row);
priv->issued_by_ou = add_info_label (grid, _("Organizational Unit (OU)"), &row);
begin_section (grid, _("Validity"), &row, 2);
priv->validity_issued_on = add_info_label (grid, _("Issued On"), &row);
priv->validity_expires_on = add_info_label (grid, _("Expires On"), &row);
begin_section (grid, _("Fingerprints"), &row, 2);
priv->fingerprints_sha1 = add_info_label (grid, _("SHA1 Fingerprint"), &row);
priv->fingerprints_md5 = add_info_label (grid, _("MD5 Fingerprint"), &row);
widget = gtk_label_new (_("General"));
gtk_notebook_append_page (GTK_NOTEBOOK (notebook), GTK_WIDGET (grid), widget);
/* Details page */
row = 0;
grid = GTK_GRID (gtk_grid_new ());
g_object_set (
G_OBJECT (grid),
"hexpand", TRUE,
"halign", GTK_ALIGN_FILL,
"vexpand", TRUE,
"valign", GTK_ALIGN_FILL,
"border-width", 12,
"row-spacing", 6,
"column-spacing", 6,
NULL);
priv->cert_hierarchy_treeview = add_scrolled_window (
grid, _("Certificate Hierarchy"), &row, gtk_tree_view_new ());
priv->cert_fields_treeview = add_scrolled_window (
grid, _("Certificate Fields"), &row, gtk_tree_view_new ());
priv->cert_field_value_textview = add_scrolled_window (
grid, _("Field Value"), &row, gtk_text_view_new ());
widget = gtk_label_new (_("Details"));
gtk_notebook_append_page (GTK_NOTEBOOK (notebook), GTK_WIDGET (grid), widget);
gtk_widget_show_all (notebook);
fill_general_page (priv);
fill_details_page (priv);
return dialog;
}