/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ /* e-cert.c * * Copyright (C) 2003 Ximian, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public * License as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public * License along with this program; if not, write to the * Free Software Foundation, Inc., 59 Temple Place - Suite 330, * Boston, MA 02111-1307, USA. * * Author: Chris Toshok (toshok@ximian.com) */ /* The following is the mozilla license blurb, as the bodies some of these functions were derived from the mozilla source. */ /* * The contents of this file are subject to the Mozilla Public * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or * implied. See the License for the specific language governing * rights and limitations under the License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is Netscape * Communications Corporation. Portions created by Netscape are * Copyright (C) 2000 Netscape Communications Corporation. All * Rights Reserved. * * Alternatively, the contents of this file may be used under the * terms of the GNU General Public License Version 2 or later (the * "GPL"), in which case the provisions of the GPL are applicable * instead of those above. If you wish to allow use of your * version of this file only under the terms of the GPL and not to * allow others to use your version of this file under the MPL, * indicate your decision by deleting the provisions above and * replace them with the notice and other provisions required by * the GPL. If you do not delete the provisions above, a recipient * may use your version of this file under either the MPL or the * GPL. * */ #include #include #include /* for e_utf8_strftime, what about e_time_format_time? */ #include "e-cert.h" #include "e-cert-trust.h" #include "pk11func.h" #include "certdb.h" #include "hasht.h" struct _ECertPrivate { CERTCertificate *cert; /* pointers we cache since the nss implementation allocs the string */ char *org_name; char *org_unit_name; char *cn; char *issuer_org_name; char *issuer_org_unit_name; char *issuer_cn; PRTime issued_on; PRTime expires_on; char *issued_on_string; char *expires_on_string; char *serial_number; char *sha1_fingerprint; char *md5_fingerprint; gboolean delete; }; #define PARENT_TYPE G_TYPE_OBJECT static GObjectClass *parent_class; static void e_cert_dispose (GObject *object) { ECert *ec = E_CERT (object); if (!ec->priv) return; if (ec->priv->org_name) PORT_Free (ec->priv->org_name); if (ec->priv->org_unit_name) PORT_Free (ec->priv->org_unit_name); if (ec->priv->cn) PORT_Free (ec->priv->cn); if (ec->priv->issuer_org_name) PORT_Free (ec->priv->issuer_org_name); if (ec->priv->issuer_org_unit_name) PORT_Free (ec->priv->issuer_org_unit_name); if (ec->priv->issuer_cn) PORT_Free (ec->priv->issuer_cn); if (ec->priv->issued_on_string) PORT_Free (ec->priv->issued_on_string); if (ec->priv->expires_on_string) PORT_Free (ec->priv->expires_on_string); if (ec->priv->serial_number) PORT_Free (ec->priv->serial_number); if (ec->priv->sha1_fingerprint) PORT_Free (ec->priv->sha1_fingerprint); if (ec->priv->md5_fingerprint) PORT_Free (ec->priv->md5_fingerprint); if (ec->priv->delete) { printf ("attempting to delete cert marked for deletion\n"); if (e_cert_get_cert_type (ec) == E_CERT_USER) { PK11_DeleteTokenCertAndKey(ec->priv->cert, NULL); } else if (!PK11_IsReadOnly(ec->priv->cert->slot)) { /* If the list of built-ins does contain a non-removable copy of this certificate, our call will not remove the certificate permanently, but rather remove all trust. */ SEC_DeletePermCertificate(ec->priv->cert); } } g_free (ec->priv); ec->priv = NULL; if (G_OBJECT_CLASS (parent_class)->dispose) G_OBJECT_CLASS (parent_class)->dispose (object); } static void e_cert_class_init (ECertClass *klass) { GObjectClass *object_class; object_class = G_OBJECT_CLASS(klass); parent_class = g_type_class_ref (PARENT_TYPE); object_class->dispose = e_cert_dispose; } static void e_cert_init (ECert *ec) { ec->priv = g_new0 (ECertPrivate, 1); } GType e_cert_get_type (void) { static GType cert_type = 0; if (!cert_type) { static const GTypeInfo cert_info = { sizeof (ECertClass), NULL, /* base_init */ NULL, /* base_finalize */ (GClassInitFunc) e_cert_class_init, NULL, /* class_finalize */ NULL, /* class_data */ sizeof (ECert), 0, /* n_preallocs */ (GInstanceInitFunc) e_cert_init, }; cert_type = g_type_register_static (PARENT_TYPE, "ECert", &cert_info, 0); } return cert_type; } static void e_cert_populate (ECert *cert) { CERTCertificate *c = cert->priv->cert; unsigned char fingerprint[20]; SECItem fpItem; cert->priv->org_name = CERT_GetOrgName (&c->subject); cert->priv->org_unit_name = CERT_GetOrgUnitName (&c->subject); cert->priv->issuer_org_name = CERT_GetOrgName (&c->issuer); cert->priv->issuer_org_unit_name = CERT_GetOrgUnitName (&c->issuer); cert->priv->cn = CERT_GetCommonName (&c->subject); cert->priv->issuer_cn = CERT_GetCommonName (&c->issuer); if (SECSuccess == CERT_GetCertTimes (c, &cert->priv->issued_on, &cert->priv->expires_on)) { PRExplodedTime explodedTime; struct tm exploded_tm; char buf[32]; PR_ExplodeTime (cert->priv->issued_on, PR_LocalTimeParameters, &explodedTime); exploded_tm.tm_sec = explodedTime.tm_sec; exploded_tm.tm_min = explodedTime.tm_min; exploded_tm.tm_hour = explodedTime.tm_hour; exploded_tm.tm_mday = explodedTime.tm_mday; exploded_tm.tm_mon = explodedTime.tm_month; exploded_tm.tm_year = explodedTime.tm_year - 1900; e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm); cert->priv->issued_on_string = g_strdup (buf); PR_ExplodeTime (cert->priv->expires_on, PR_LocalTimeParameters, &explodedTime); exploded_tm.tm_sec = explodedTime.tm_sec; exploded_tm.tm_min = explodedTime.tm_min; exploded_tm.tm_hour = explodedTime.tm_hour; exploded_tm.tm_mday = explodedTime.tm_mday; exploded_tm.tm_mon = explodedTime.tm_month; exploded_tm.tm_year = explodedTime.tm_year - 1900; e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm); cert->priv->expires_on_string = g_strdup (buf); } cert->priv->serial_number = CERT_Hexify (&cert->priv->cert->serialNumber, TRUE); memset(fingerprint, 0, sizeof fingerprint); PK11_HashBuf(SEC_OID_SHA1, fingerprint, cert->priv->cert->derCert.data, cert->priv->cert->derCert.len); fpItem.data = fingerprint; fpItem.len = SHA1_LENGTH; cert->priv->sha1_fingerprint = CERT_Hexify (&fpItem, TRUE); memset(fingerprint, 0, sizeof fingerprint); PK11_HashBuf(SEC_OID_MD5, fingerprint, cert->priv->cert->derCert.data, cert->priv->cert->derCert.len); fpItem.data = fingerprint; fpItem.len = MD5_LENGTH; cert->priv->md5_fingerprint = CERT_Hexify (&fpItem, TRUE); } ECert* e_cert_new (CERTCertificate *cert) { ECert *ecert = E_CERT (g_object_new (E_TYPE_CERT, NULL)); ecert->priv->cert = cert; e_cert_populate (ecert); return ecert; } ECert* e_cert_new_from_der (char *data, guint32 len) { CERTCertificate *cert = CERT_DecodeCertFromPackage (data, len); if (!cert) return NULL; if (cert->dbhandle == NULL) cert->dbhandle = CERT_GetDefaultCertDB(); return e_cert_new (cert); } CERTCertificate* e_cert_get_internal_cert (ECert *cert) { /* XXX should this refcnt it? */ return cert->priv->cert; } gboolean e_cert_get_raw_der (ECert *cert, char **data, guint32 *len) { /* XXX do we really need to check if cert->priv->cert is NULL here? it should always be non-null if we have the ECert.. */ if (cert->priv->cert) { *data = (char*)cert->priv->cert->derCert.data; *len = (guint32)cert->priv->cert->derCert.len; return TRUE; } *len = 0; return FALSE; } const char* e_cert_get_nickname (ECert *cert) { return cert->priv->cert->nickname; } const char* e_cert_get_email (ECert *cert) { return cert->priv->cert->emailAddr; } const char* e_cert_get_org (ECert *cert) { return cert->priv->org_name; } const char* e_cert_get_org_unit (ECert *cert) { return cert->priv->org_unit_name; } const char* e_cert_get_cn (ECert *cert) { return cert->priv->cn; } const char* e_cert_get_issuer_name (ECert *cert) { return cert->priv->cert->issuerName; } const char* e_cert_get_issuer_cn (ECert *cert) { return cert->priv->issuer_cn; } const char* e_cert_get_issuer_org (ECert *cert) { return cert->priv->issuer_org_name; } const char* e_cert_get_issuer_org_unit (ECert *cert) { return cert->priv->issuer_org_unit_name; } const char* e_cert_get_subject_name (ECert *cert) { return cert->priv->cert->subjectName; } PRTime e_cert_get_issued_on_time (ECert *cert) { return cert->priv->issued_on; } const char* e_cert_get_issued_on (ECert *cert) { return cert->priv->issued_on_string; } PRTime e_cert_get_expires_on_time (ECert *cert) { return cert->priv->expires_on; } const char* e_cert_get_expires_on (ECert *cert) { return cert->priv->expires_on_string; } const char* e_cert_get_serial_number (ECert *cert) { return cert->priv->serial_number; } const char* e_cert_get_sha1_fingerprint (ECert *cert) { return cert->priv->sha1_fingerprint; } const char* e_cert_get_md5_fingerprint (ECert *cert) { return cert->priv->md5_fingerprint; } GList* e_cert_get_chain (ECert *ecert) { GList *l = NULL; g_object_ref (ecert); while (ecert) { CERTCertificate *cert = e_cert_get_internal_cert (ecert); CERTCertificate *next_cert; l = g_list_append (l, ecert); if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) == SECEqual) break; next_cert = CERT_FindCertIssuer (cert, PR_Now(), certUsageSSLClient); if (!next_cert) break; ecert = e_cert_new (next_cert); } return l; } gboolean e_cert_mark_for_deletion (ECert *cert) { // nsNSSShutDownPreventionLock locker; #if 0 // make sure user is logged in to the token nsCOMPtr ctx = new PipUIContext(); #endif if (PK11_NeedLogin(cert->priv->cert->slot) && !PK11_NeedUserInit(cert->priv->cert->slot) && !PK11_IsInternal(cert->priv->cert->slot)) { if (SECSuccess != PK11_Authenticate(cert->priv->cert->slot, PR_TRUE, NULL)) { return FALSE; } } cert->priv->delete = TRUE; return TRUE; } ECertType e_cert_get_cert_type (ECert *ecert) { const char *nick = e_cert_get_nickname (ecert); const char *email = e_cert_get_email (ecert); CERTCertificate *cert = ecert->priv->cert; if (nick) { if (e_cert_trust_has_any_user (cert->trust)) return E_CERT_USER; if (e_cert_trust_has_any_ca (cert->trust) || CERT_IsCACert(cert,NULL)) return E_CERT_CA; if (e_cert_trust_has_peer (cert->trust, PR_TRUE, PR_FALSE, PR_FALSE)) return E_CERT_SITE; } if (email && e_cert_trust_has_peer (cert->trust, PR_FALSE, PR_TRUE, PR_FALSE)) return E_CERT_CONTACT; return E_CERT_UNKNOWN; }