/*
* Copyright (C) 2010 Stefan Walter
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
#include "gcr/gcr-oids.h"
#include "gcr/gcr-subject-public-key.h"
#include "gcr-certificate-renderer-private.h"
#include "gcr-certificate-request-renderer.h"
#include "gcr-display-view.h"
#include "egg/egg-asn1x.h"
#include "egg/egg-asn1-defs.h"
#include "egg/egg-dn.h"
#include "egg/egg-oid.h"
#include "gck/gck.h"
#include <glib/gi18n-lib.h>
/**
* GcrCertificateRequestRenderer:
*
* An implementation of #GcrRenderer which renders certificate requests
*/
/**
* GcrCertificateRequestRendererClass:
* @parent_class: The parent class
*
* The class for #GcrCertificateRequestRenderer
*/
enum {
PROP_0,
PROP_LABEL,
PROP_ATTRIBUTES
};
struct _GcrCertificateRequestRendererPrivate {
GckAttributes *attrs;
gchar *label;
guint key_size;
gulong type;
GNode *asn;
};
static void _gcr_certificate_request_renderer_iface (GcrRendererIface *iface);
G_DEFINE_TYPE_WITH_CODE (GcrCertificateRequestRenderer, _gcr_certificate_request_renderer, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (GCR_TYPE_RENDERER, _gcr_certificate_request_renderer_iface);
);
static gchar*
calculate_label (GcrCertificateRequestRenderer *self)
{
gchar *label = NULL;
if (self->pv->label)
return g_strdup (self->pv->label);
if (self->pv->attrs) {
if (gck_attributes_find_string (self->pv->attrs, CKA_LABEL, &label))
return label;
}
if (self->pv->asn && self->pv->type == CKQ_GCR_PKCS10) {
label = egg_dn_read_part (egg_asn1x_node (self->pv->asn,
"certificationRequestInfo",
"subject",
"rdnSequence",
NULL), "CN");
}
if (label != NULL)
return label;
return g_strdup (_("Certificate request"));
}
static void
_gcr_certificate_request_renderer_init (GcrCertificateRequestRenderer *self)
{
self->pv = (G_TYPE_INSTANCE_GET_PRIVATE (self, GCR_TYPE_CERTIFICATE_REQUEST_RENDERER,
GcrCertificateRequestRendererPrivate));
}
static void
_gcr_certificate_request_renderer_finalize (GObject *obj)
{
GcrCertificateRequestRenderer *self = GCR_CERTIFICATE_REQUEST_RENDERER (obj);
if (self->pv->attrs)
gck_attributes_unref (self->pv->attrs);
self->pv->attrs = NULL;
g_free (self->pv->label);
self->pv->label = NULL;
egg_asn1x_destroy (self->pv->asn);
G_OBJECT_CLASS (_gcr_certificate_request_renderer_parent_class)->finalize (obj);
}
static void
_gcr_certificate_request_renderer_set_property (GObject *obj,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
GcrCertificateRequestRenderer *self = GCR_CERTIFICATE_REQUEST_RENDERER (obj);
switch (prop_id) {
case PROP_LABEL:
g_free (self->pv->label);
self->pv->label = g_value_dup_string (value);
g_object_notify (obj, "label");
gcr_renderer_emit_data_changed (GCR_RENDERER (self));
break;
case PROP_ATTRIBUTES:
_gcr_certificate_request_renderer_set_attributes (self, g_value_get_boxed (value));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
static void
_gcr_certificate_request_renderer_get_property (GObject *obj,
guint prop_id,
GValue *value,
GParamSpec *pspec)
{
GcrCertificateRequestRenderer *self = GCR_CERTIFICATE_REQUEST_RENDERER (obj);
switch (prop_id) {
case PROP_LABEL:
g_value_take_string (value, calculate_label (self));
break;
case PROP_ATTRIBUTES:
g_value_set_boxed (value, self->pv->attrs);
break;
default:
gcr_certificate_mixin_get_property (obj, prop_id, value, pspec);
break;
}
}
static void
_gcr_certificate_request_renderer_class_init (GcrCertificateRequestRendererClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GckBuilder builder = GCK_BUILDER_INIT;
g_type_class_add_private (klass, sizeof (GcrCertificateRequestRendererPrivate));
gobject_class->finalize = _gcr_certificate_request_renderer_finalize;
gobject_class->set_property = _gcr_certificate_request_renderer_set_property;
gobject_class->get_property = _gcr_certificate_request_renderer_get_property;
/**
* GcrCertificateRequestRenderer:attributes:
*
* The certificate attributes to display. One of the attributes must be
* a CKA_VALUE type attribute which contains a DER encoded certificate.
*/
g_object_class_install_property (gobject_class, PROP_ATTRIBUTES,
g_param_spec_boxed ("attributes", "Attributes", "Certificate pkcs11 attributes",
GCK_TYPE_ATTRIBUTES, G_PARAM_READWRITE));
/**
* GcrCertificateRequestRenderer:label:
*
* The label to display.
*/
g_object_class_install_property (gobject_class, PROP_LABEL,
g_param_spec_string ("label", "Label", "Certificate Label",
"", G_PARAM_READWRITE));
/* Register this as a renderer which can be loaded */
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_GCR_CERTIFICATE_REQUEST);
gck_builder_add_ulong (&builder, CKA_GCR_CERTIFICATE_REQUEST_TYPE, CKQ_GCR_PKCS10);
gcr_renderer_register (GCR_TYPE_CERTIFICATE_REQUEST_RENDERER, gck_builder_end (&builder));
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_GCR_CERTIFICATE_REQUEST);
gck_builder_add_ulong (&builder, CKA_GCR_CERTIFICATE_REQUEST_TYPE, CKQ_GCR_SPKAC);
gcr_renderer_register (GCR_TYPE_CERTIFICATE_REQUEST_RENDERER, gck_builder_end (&builder));
}
static gboolean
append_extension_request (GcrRenderer *renderer,
GcrDisplayView *view,
GNode *attribute)
{
GBytes *value;
GNode *node;
GNode *asn;
guint i;
node = egg_asn1x_node (attribute, "values", 1, NULL);
if (node == NULL)
return FALSE;
value = egg_asn1x_get_element_raw (node);
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "ExtensionRequest", value);
if (asn == NULL)
return FALSE;
for (i = 1; TRUE; i++) {
node = egg_asn1x_node (asn, i, NULL);
if (node == NULL)
break;
_gcr_certificate_renderer_append_extension (renderer, view, node);
}
egg_asn1x_destroy (asn);
return TRUE;
}
static void
append_attribute (GcrRenderer *renderer,
GcrDisplayView *view,
GNode *attribute)
{
GQuark oid;
GBytes *value;
const gchar *text;
GNode *node;
gboolean ret = FALSE;
gint i;
/* Dig out the OID */
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (attribute, "type", NULL));
g_return_if_fail (oid);
if (oid == GCR_OID_PKCS9_ATTRIBUTE_EXTENSION_REQ)
ret = append_extension_request (renderer, view, attribute);
if (!ret) {
_gcr_display_view_append_heading (view, renderer, _("Attribute"));
/* Extension type */
text = egg_oid_get_description (oid);
_gcr_display_view_append_value (view, renderer, _("Type"), text, FALSE);
for (i = 1; TRUE; i++) {
node = egg_asn1x_node (attribute, "values", i, NULL);
if (node == NULL)
break;
value = egg_asn1x_get_element_raw (node);
_gcr_display_view_append_hex (view, renderer, _("Value"),
g_bytes_get_data (value, NULL),
g_bytes_get_size (value));
g_bytes_unref (value);
}
}
}
static guint
ensure_key_size (GcrCertificateRequestRenderer *self,
GNode *public_key)
{
if (self->pv->key_size)
return self->pv->key_size;
self->pv->key_size = _gcr_subject_public_key_calculate_size (public_key);
return self->pv->key_size;
}
static void
render_pkcs10_certificate_req (GcrCertificateRequestRenderer *self,
GcrDisplayView *view)
{
GcrRenderer *renderer = GCR_RENDERER (self);
GNode *public_key;
GNode *attribute;
GNode *subject;
gchar *display;
gulong version;
guint bits;
guint i;
display = calculate_label (self);
_gcr_display_view_append_title (view, renderer, display);
g_free (display);
_gcr_display_view_append_content (view, renderer, _("Certificate request"), NULL);
subject = egg_asn1x_node (self->pv->asn, "certificationRequestInfo",
"subject", "rdnSequence", NULL);
display = egg_dn_read_part (subject, "CN");
_gcr_display_view_append_content (view, renderer, _("Identity"), display);
g_free (display);
_gcr_display_view_start_details (view, renderer);
/* The subject */
_gcr_display_view_append_heading (view, renderer, _("Subject Name"));
_gcr_certificate_renderer_append_distinguished_name (renderer, view, subject);
/* The certificate request type */
_gcr_display_view_append_heading (view, renderer, _("Certificate request"));
_gcr_display_view_append_value (view, renderer, _("Type"), "PKCS#10", FALSE);
if (!egg_asn1x_get_integer_as_ulong (egg_asn1x_node (self->pv->asn,
"certificationRequestInfo",
"version", NULL), &version))
g_return_if_reached ();
display = g_strdup_printf ("%lu", version + 1);
_gcr_display_view_append_value (view, renderer, _("Version"), display, FALSE);
g_free (display);
_gcr_display_view_append_heading (view, renderer, _("Public Key Info"));
public_key = egg_asn1x_node (self->pv->asn, "certificationRequestInfo", "subjectPKInfo", NULL);
bits = ensure_key_size (self, public_key);
_gcr_certificate_renderer_append_subject_public_key (renderer, view,
bits, public_key);
/* Attributes */
for (i = 1; TRUE; ++i) {
/* Make sure it is present */
attribute = egg_asn1x_node (self->pv->asn, "certificationRequestInfo", "attributes", i, NULL);
if (attribute == NULL)
break;
append_attribute (renderer, view, attribute);
}
/* Signature */
_gcr_display_view_append_heading (view, renderer, _("Signature"));
_gcr_certificate_renderer_append_signature (renderer, view, self->pv->asn);
}
static void
render_spkac_certificate_req (GcrCertificateRequestRenderer *self,
GcrDisplayView *view)
{
GcrRenderer *renderer = GCR_RENDERER (self);
GNode *public_key;
gchar *display;
guint bits;
display = calculate_label (self);
_gcr_display_view_append_title (view, renderer, display);
g_free (display);
_gcr_display_view_append_content (view, renderer, _("Certificate request"), NULL);
_gcr_display_view_start_details (view, renderer);
/* The certificate request type */
_gcr_display_view_append_heading (view, renderer, _("Certificate request"));
_gcr_display_view_append_value (view, renderer, _("Type"), "SPKAC", FALSE);
display = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (self->pv->asn, "publicKeyAndChallenge",
"challenge", NULL), NULL);
_gcr_display_view_append_value (view, renderer, _("Challenge"), display, FALSE);
g_free (display);
_gcr_display_view_append_heading (view, renderer, _("Public Key Info"));
public_key = egg_asn1x_node (self->pv->asn, "publicKeyAndChallenge", "spki", NULL);
bits = ensure_key_size (self, public_key);
_gcr_certificate_renderer_append_subject_public_key (renderer, view,
bits, public_key);
/* Signature */
_gcr_display_view_append_heading (view, renderer, _("Signature"));
_gcr_certificate_renderer_append_signature (renderer, view, self->pv->asn);
}
static void
gcr_certificate_request_renderer_render (GcrRenderer *renderer,
GcrViewer *viewer)
{
GcrCertificateRequestRenderer *self;
GcrDisplayView *view;
GIcon *icon;
self = GCR_CERTIFICATE_REQUEST_RENDERER (renderer);
if (GCR_IS_DISPLAY_VIEW (viewer)) {
view = GCR_DISPLAY_VIEW (viewer);
} else {
g_warning ("GcrCertificateRequestRenderer only works with internal specific "
"GcrViewer returned by gcr_viewer_new().");
return;
}
_gcr_display_view_begin (view, renderer);
icon = g_themed_icon_new ("dialog-question");
_gcr_display_view_set_icon (view, GCR_RENDERER (self), icon);
g_object_unref (icon);
switch (self->pv->type) {
case CKQ_GCR_PKCS10:
render_pkcs10_certificate_req (self, view);
break;
case CKQ_GCR_SPKAC:
render_spkac_certificate_req (self, view);
break;
default:
g_warning ("unknown request type in GcrCertificateRequestRenderer");
break;
}
_gcr_display_view_end (view, renderer);
}
static void
_gcr_certificate_request_renderer_iface (GcrRendererIface *iface)
{
iface->render_view = gcr_certificate_request_renderer_render;
}
/**
* gcr_certificate_request_renderer_new_for_attributes:
* @label: (allow-none): the label to display
* @attrs: the attributes to display
*
* Create a new certificate request renderer to display the label and attributes.
* One of the attributes should be a CKA_VALUE type attribute containing a DER
* encoded PKCS\#10 certificate request or an SPKAC request.
*
* Returns: (transfer full): a newly allocated #GcrCertificateRequestRenderer, which
* should be released with g_object_unref()
*/
GcrRenderer *
_gcr_certificate_request_renderer_new_for_attributes (const gchar *label,
GckAttributes *attrs)
{
return g_object_new (GCR_TYPE_CERTIFICATE_REQUEST_RENDERER,
"label", label,
"attributes", attrs,
NULL);
}
/**
* gcr_certificate_request_renderer_get_attributes:
* @self: the renderer
*
* Get the PKCS\#11 attributes, if any, set for this renderer to display.
*
* Returns: (allow-none) (transfer none): the attributes, owned by the renderer
*/
GckAttributes *
_gcr_certificate_request_renderer_get_attributes (GcrCertificateRequestRenderer *self)
{
g_return_val_if_fail (GCR_IS_CERTIFICATE_REQUEST_RENDERER (self), NULL);
return self->pv->attrs;
}
/**
* gcr_certificate_request_renderer_set_attributes:
* @self: the renderer
* @attrs: (allow-none): attributes to set
*
* Set the PKCS\#11 attributes for this renderer to display. One of the attributes
* should be a CKA_VALUE type attribute containing a DER encoded PKCS\#10
* certificate request or an SPKAC request.
*/
void
_gcr_certificate_request_renderer_set_attributes (GcrCertificateRequestRenderer *self,
GckAttributes *attrs)
{
const GckAttribute *value;
GNode *asn = NULL;
gulong type = 0;
GBytes *bytes;
g_return_if_fail (GCR_IS_CERTIFICATE_REQUEST_RENDERER (self));
if (attrs) {
value = gck_attributes_find (attrs, CKA_VALUE);
if (value == NULL) {
g_warning ("no CKA_VALUE found in attributes passed to "
"GcrCertificateRequestRenderer attributes property");
return;
}
bytes = g_bytes_new_with_free_func (value->value, value->length,
gck_attributes_unref, gck_attributes_ref (attrs));
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "pkcs-10-CertificationRequest", bytes);
if (asn != NULL) {
type = CKQ_GCR_PKCS10;
} else {
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "SignedPublicKeyAndChallenge", bytes);
if (asn != NULL) {
type = CKQ_GCR_SPKAC;
} else {
g_warning ("the data contained in the CKA_VALUE attribute passed to "
"GcrCertificateRequestRenderer was not valid DER encoded PKCS#10 "
"or SPKAC");
}
}
g_bytes_unref (bytes);
if (type == 0)
return;
gck_attributes_ref (attrs);
}
if (self->pv->attrs)
gck_attributes_unref (self->pv->attrs);
self->pv->attrs = attrs;
self->pv->asn = asn;
self->pv->type = type;
self->pv->key_size = 0; /* calculated later */
gcr_renderer_emit_data_changed (GCR_RENDERER (self));
g_object_notify (G_OBJECT (self), "attributes");
}