зеркало из https://github.com/mozilla/gecko-dev.git
bug 323903, further improvements on displaying certificate extensions.
Patch contributed by Kaspar Brand, supplementing the recent checkin for bug 259031. r=Martin v. Loewis / kengert
This commit is contained in:
Родитель
cec32647a3
Коммит
c5d0e51fc7
|
@ -178,23 +178,32 @@ CertDumpExtensionFailure=Error: Unable to process extension
|
|||
CertDumpIsCA=Is a Certificate Authority
|
||||
CertDumpIsNotCA=Is not a Certificate Authority
|
||||
CertDumpPathLen=Maximum number of intermediate CAs: %S
|
||||
CertDumpPathLenUnlimited=unlimited
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_1=TLS Web Server Authentication
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_2=TLS Web Client Authentication
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_3=Signing of downloadable executable code
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_3=Code Signing
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_4=E-mail protection
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_8=Time Stamping
|
||||
CertDumpEKU_1_3_6_1_4_1_311_2_1_21=Microsoft Individual Code Signing (authenticode)
|
||||
CertDumpEKU_1_3_6_1_4_1_311_2_1_22=Microsoft Commercial Code Signing (authenticode)
|
||||
CertDumpEKU_1_3_6_1_5_5_7_3_9=OCSP Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_2_1_21=Microsoft Individual Code Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_2_1_22=Microsoft Commercial Code Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_1=Microsoft Trust List Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_2=Microsoft Timestamp Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_3=Microsoft Strong Crypto Approved
|
||||
CertDumpMSCerttype=Microsoft CA Certificate Type
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_4=Microsoft Encrypting Filesystem
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_4_1=Microsoft Encrypting Filesystem Recovery Agent
|
||||
CertDumpMSNTPrincipal=Microsoft NT User Principal Name
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_2=Microsoft Time Stamping
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_3=Microsoft Server Gated Crypto
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_4=Microsoft Encrypting File System
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_4_1=Microsoft File Recovery
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_5=Microsoft Windows Hardware Driver Verification
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_10=Microsoft Qualified Subordination
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_11=Microsoft Key Recovery
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_12=Microsoft Document Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_10_3_13=Microsoft Lifetime Signing
|
||||
CertDumpEKU_1_3_6_1_4_1_311_20_2_2=Microsoft Smart Card Logon
|
||||
CertDumpEKU_1_3_6_1_4_1_311_21_6=Microsoft Key Recovery Agent
|
||||
CertDumpMSCerttype=Microsoft Certificate Template Name
|
||||
CertDumpMSNTPrincipal=Microsoft Principal Name
|
||||
CertDumpMSCAVersion=Microsoft CA Version
|
||||
CertDumpMSDomainGUID=Microsoft Domain GUID
|
||||
CertDumpEKU_2_16_840_1_113730_4_1=Netscape Strong Crypto Approved
|
||||
CertDumpEKU_2_16_840_1_113730_4_1=Netscape Server Gated Crypto
|
||||
CertDumpRFC822Name=E-Mail Address
|
||||
CertDumpDNSName=DNS Name
|
||||
CertDumpX400Address=X.400 Address
|
||||
|
@ -212,9 +221,11 @@ CertDumpAffiliationChanged=Affiliation Changed
|
|||
CertDumpSuperseded=Superseded
|
||||
CertDumpCessation=Cessation of Operation
|
||||
CertDumpHold=Certificate Hold
|
||||
CertDumpCAIssuers=Authority Issuer Path
|
||||
CertDumpOCSPResponder=OCSP
|
||||
CertDumpCAIssuers=CA Issuers
|
||||
CertDumpCPSPointer=Certification Practice Statement pointer
|
||||
CertDumpUserNotice=User Notice
|
||||
CertDumpLogotype=Logotype
|
||||
VerifySSLClient_p=Client
|
||||
VerifySSLServer_p=Server
|
||||
VerifySSLStepUp_p=Step-up
|
||||
|
|
|
@ -63,10 +63,12 @@ static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
|||
/* Object Identifier constants */
|
||||
#define CONST_OID static const unsigned char
|
||||
#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
|
||||
#define PKIX_OID 0x2b, 0x6, 0x01, 0x05, 0x05, 0x07
|
||||
CONST_OID msCertExtCerttype[] = { MICROSOFT_OID, 20, 2};
|
||||
CONST_OID msNTPrincipalName[] = { MICROSOFT_OID, 20, 2, 3 };
|
||||
CONST_OID msCertsrvCAVersion[] = { MICROSOFT_OID, 21, 1 };
|
||||
CONST_OID msNTDSReplication[] = { MICROSOFT_OID, 25, 1 };
|
||||
CONST_OID pkixLogotype[] = { PKIX_OID, 1, 12 };
|
||||
|
||||
#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
|
||||
#define OD(oid,desc,mech,ext) {OI(oid), SEC_OID_UNKNOWN, desc, mech, ext}
|
||||
|
@ -76,12 +78,12 @@ static SECOidData more_oids[] = {
|
|||
/* Microsoft OIDs */
|
||||
#define MS_CERT_EXT_CERTTYPE 0
|
||||
OD( msCertExtCerttype,
|
||||
"Microsoft Certificate Type",
|
||||
"Microsoft Certificate Template Name",
|
||||
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
|
||||
|
||||
#define MS_NT_PRINCIPAL_NAME 1
|
||||
OD( msNTPrincipalName,
|
||||
"Microsoft NT User Principal Name",
|
||||
"Microsoft Principal Name",
|
||||
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
|
||||
|
||||
#define MS_CERTSERV_CA_VERSION 2
|
||||
|
@ -93,6 +95,11 @@ static SECOidData more_oids[] = {
|
|||
OD( msNTDSReplication,
|
||||
"Microsoft Domain GUID",
|
||||
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
|
||||
|
||||
#define PKIX_LOGOTYPE 4
|
||||
OD( pkixLogotype,
|
||||
"Logotype",
|
||||
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
|
||||
};
|
||||
|
||||
static const unsigned int numOids = (sizeof more_oids) / (sizeof more_oids[0]);
|
||||
|
@ -395,6 +402,10 @@ GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text)
|
|||
bundlekey = "CertDumpMSCAVersion";
|
||||
break;
|
||||
}
|
||||
if (oidTag == SEC_OID(PKIX_LOGOTYPE)) {
|
||||
bundlekey = "CertDumpLogotype";
|
||||
break;
|
||||
}
|
||||
/* fallthrough */
|
||||
}
|
||||
|
||||
|
@ -556,10 +567,11 @@ ProcessBasicConstraints(SECItem *extData,
|
|||
SECStatus rv;
|
||||
nsresult rv2;
|
||||
|
||||
value.pathLenConstraint = -1;
|
||||
rv = CERT_DecodeBasicConstraintValue (&value, extData);
|
||||
if (rv != SECSuccess) {
|
||||
NS_ASSERTION(0,"Could not decode basic constraints");
|
||||
return NS_ERROR_FAILURE;
|
||||
ProcessRawBytes(extData, text);
|
||||
return NS_OK;
|
||||
}
|
||||
if (value.isCA)
|
||||
rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsCA", local);
|
||||
|
@ -568,9 +580,12 @@ ProcessBasicConstraints(SECItem *extData,
|
|||
if (NS_FAILED(rv2))
|
||||
return rv2;
|
||||
text.Append(local.get());
|
||||
if (value.pathLenConstraint >= 0) {
|
||||
if (value.pathLenConstraint != -1) {
|
||||
nsAutoString depth;
|
||||
depth.AppendInt(value.pathLenConstraint);
|
||||
if (value.pathLenConstraint == CERT_UNLIMITED_PATH_CONSTRAINT)
|
||||
nssComponent->GetPIPNSSBundleString("CertDumpPathLenUnlimited", depth);
|
||||
else
|
||||
depth.AppendInt(value.pathLenConstraint);
|
||||
const PRUnichar *params[1] = {depth.get()};
|
||||
rv2 = nssComponent->PIPBundleFormatStringFromName("CertDumpPathLen",
|
||||
params, 1, local);
|
||||
|
@ -610,13 +625,19 @@ ProcessExtKeyUsage(SECItem *extData,
|
|||
NS_ConvertUTF16toUTF8 bk_ascii(bundlekey);
|
||||
|
||||
rv = nssComponent->GetPIPNSSBundleString(bk_ascii.get(), local);
|
||||
if (NS_FAILED(rv))
|
||||
nsresult rv2 = GetDefaultOIDFormat(oid, oidname, '.');
|
||||
if (NS_FAILED(rv2))
|
||||
return rv2;
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
// display name and OID in parentheses
|
||||
text.Append(local);
|
||||
text.Append(NS_LITERAL_STRING(" ("));
|
||||
text.Append(oidname);
|
||||
text.Append(NS_LITERAL_STRING(")"));
|
||||
} else
|
||||
// If there is no bundle string, just display the OID itself
|
||||
rv = GetDefaultOIDFormat(oid, local, ' ');
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
text.Append(oidname);
|
||||
|
||||
text.Append(local.get());
|
||||
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
|
||||
oids++;
|
||||
}
|
||||
|
@ -1251,6 +1272,7 @@ ProcessCrlDistPoints(SECItem *extData,
|
|||
nssComponent->GetPIPNSSBundleString("CertDumpHold", local);
|
||||
text.Append(local); comma = 1;
|
||||
}
|
||||
text.Append(NS_LITERAL_STRING(SEPARATOR));
|
||||
}
|
||||
if (point->crlIssuer) {
|
||||
nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local);
|
||||
|
@ -1261,7 +1283,6 @@ ProcessCrlDistPoints(SECItem *extData,
|
|||
if (NS_FAILED(rv))
|
||||
goto finish;
|
||||
}
|
||||
text.Append(NS_LITERAL_STRING(SEPARATOR));
|
||||
}
|
||||
|
||||
finish:
|
||||
|
@ -1290,11 +1311,14 @@ ProcessAuthInfoAccess(SECItem *extData,
|
|||
while (*aia != NULL) {
|
||||
desc = *aia++;
|
||||
switch (SECOID_FindOIDTag(&desc->method)) {
|
||||
case SEC_OID_PKIX_OCSP:
|
||||
nssComponent->GetPIPNSSBundleString("CertDumpOCSPResponder", local);
|
||||
break;
|
||||
case SEC_OID_PKIX_CA_ISSUERS:
|
||||
nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", text);
|
||||
nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", local);
|
||||
break;
|
||||
default:
|
||||
rv = GetDefaultOIDFormat(&desc->method, text, '.');
|
||||
rv = GetDefaultOIDFormat(&desc->method, local, '.');
|
||||
if (NS_FAILED(rv))
|
||||
goto finish;
|
||||
}
|
||||
|
@ -1303,7 +1327,6 @@ ProcessAuthInfoAccess(SECItem *extData,
|
|||
rv = ProcessGeneralName(arena, desc->location, text, nssComponent);
|
||||
if (NS_FAILED(rv))
|
||||
goto finish;
|
||||
text.Append(NS_LITERAL_STRING(SEPARATOR));
|
||||
}
|
||||
|
||||
finish:
|
||||
|
|
Загрузка…
Ссылка в новой задаче