diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties index e7b34bf2788e..eb576ab65a90 100644 --- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties +++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties @@ -178,23 +178,32 @@ CertDumpExtensionFailure=Error: Unable to process extension CertDumpIsCA=Is a Certificate Authority CertDumpIsNotCA=Is not a Certificate Authority CertDumpPathLen=Maximum number of intermediate CAs: %S +CertDumpPathLenUnlimited=unlimited CertDumpEKU_1_3_6_1_5_5_7_3_1=TLS Web Server Authentication CertDumpEKU_1_3_6_1_5_5_7_3_2=TLS Web Client Authentication -CertDumpEKU_1_3_6_1_5_5_7_3_3=Signing of downloadable executable code +CertDumpEKU_1_3_6_1_5_5_7_3_3=Code Signing CertDumpEKU_1_3_6_1_5_5_7_3_4=E-mail protection CertDumpEKU_1_3_6_1_5_5_7_3_8=Time Stamping -CertDumpEKU_1_3_6_1_4_1_311_2_1_21=Microsoft Individual Code Signing (authenticode) -CertDumpEKU_1_3_6_1_4_1_311_2_1_22=Microsoft Commercial Code Signing (authenticode) +CertDumpEKU_1_3_6_1_5_5_7_3_9=OCSP Signing +CertDumpEKU_1_3_6_1_4_1_311_2_1_21=Microsoft Individual Code Signing +CertDumpEKU_1_3_6_1_4_1_311_2_1_22=Microsoft Commercial Code Signing CertDumpEKU_1_3_6_1_4_1_311_10_3_1=Microsoft Trust List Signing -CertDumpEKU_1_3_6_1_4_1_311_10_3_2=Microsoft Timestamp Signing -CertDumpEKU_1_3_6_1_4_1_311_10_3_3=Microsoft Strong Crypto Approved -CertDumpMSCerttype=Microsoft CA Certificate Type -CertDumpEKU_1_3_6_1_4_1_311_10_3_4=Microsoft Encrypting Filesystem -CertDumpEKU_1_3_6_1_4_1_311_10_3_4_1=Microsoft Encrypting Filesystem Recovery Agent -CertDumpMSNTPrincipal=Microsoft NT User Principal Name +CertDumpEKU_1_3_6_1_4_1_311_10_3_2=Microsoft Time Stamping +CertDumpEKU_1_3_6_1_4_1_311_10_3_3=Microsoft Server Gated Crypto +CertDumpEKU_1_3_6_1_4_1_311_10_3_4=Microsoft Encrypting File System +CertDumpEKU_1_3_6_1_4_1_311_10_3_4_1=Microsoft File Recovery +CertDumpEKU_1_3_6_1_4_1_311_10_3_5=Microsoft Windows Hardware Driver Verification +CertDumpEKU_1_3_6_1_4_1_311_10_3_10=Microsoft Qualified Subordination +CertDumpEKU_1_3_6_1_4_1_311_10_3_11=Microsoft Key Recovery +CertDumpEKU_1_3_6_1_4_1_311_10_3_12=Microsoft Document Signing +CertDumpEKU_1_3_6_1_4_1_311_10_3_13=Microsoft Lifetime Signing +CertDumpEKU_1_3_6_1_4_1_311_20_2_2=Microsoft Smart Card Logon +CertDumpEKU_1_3_6_1_4_1_311_21_6=Microsoft Key Recovery Agent +CertDumpMSCerttype=Microsoft Certificate Template Name +CertDumpMSNTPrincipal=Microsoft Principal Name CertDumpMSCAVersion=Microsoft CA Version CertDumpMSDomainGUID=Microsoft Domain GUID -CertDumpEKU_2_16_840_1_113730_4_1=Netscape Strong Crypto Approved +CertDumpEKU_2_16_840_1_113730_4_1=Netscape Server Gated Crypto CertDumpRFC822Name=E-Mail Address CertDumpDNSName=DNS Name CertDumpX400Address=X.400 Address @@ -212,9 +221,11 @@ CertDumpAffiliationChanged=Affiliation Changed CertDumpSuperseded=Superseded CertDumpCessation=Cessation of Operation CertDumpHold=Certificate Hold -CertDumpCAIssuers=Authority Issuer Path +CertDumpOCSPResponder=OCSP +CertDumpCAIssuers=CA Issuers CertDumpCPSPointer=Certification Practice Statement pointer CertDumpUserNotice=User Notice +CertDumpLogotype=Logotype VerifySSLClient_p=Client VerifySSLServer_p=Server VerifySSLStepUp_p=Step-up diff --git a/security/manager/ssl/src/nsNSSCertHelper.cpp b/security/manager/ssl/src/nsNSSCertHelper.cpp index 502c4dbb80a6..31de77174041 100644 --- a/security/manager/ssl/src/nsNSSCertHelper.cpp +++ b/security/manager/ssl/src/nsNSSCertHelper.cpp @@ -63,10 +63,12 @@ static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); /* Object Identifier constants */ #define CONST_OID static const unsigned char #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 +#define PKIX_OID 0x2b, 0x6, 0x01, 0x05, 0x05, 0x07 CONST_OID msCertExtCerttype[] = { MICROSOFT_OID, 20, 2}; CONST_OID msNTPrincipalName[] = { MICROSOFT_OID, 20, 2, 3 }; CONST_OID msCertsrvCAVersion[] = { MICROSOFT_OID, 21, 1 }; CONST_OID msNTDSReplication[] = { MICROSOFT_OID, 25, 1 }; +CONST_OID pkixLogotype[] = { PKIX_OID, 1, 12 }; #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } #define OD(oid,desc,mech,ext) {OI(oid), SEC_OID_UNKNOWN, desc, mech, ext} @@ -76,12 +78,12 @@ static SECOidData more_oids[] = { /* Microsoft OIDs */ #define MS_CERT_EXT_CERTTYPE 0 OD( msCertExtCerttype, - "Microsoft Certificate Type", + "Microsoft Certificate Template Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), #define MS_NT_PRINCIPAL_NAME 1 OD( msNTPrincipalName, - "Microsoft NT User Principal Name", + "Microsoft Principal Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), #define MS_CERTSERV_CA_VERSION 2 @@ -93,6 +95,11 @@ static SECOidData more_oids[] = { OD( msNTDSReplication, "Microsoft Domain GUID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + #define PKIX_LOGOTYPE 4 + OD( pkixLogotype, + "Logotype", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), }; static const unsigned int numOids = (sizeof more_oids) / (sizeof more_oids[0]); @@ -395,6 +402,10 @@ GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text) bundlekey = "CertDumpMSCAVersion"; break; } + if (oidTag == SEC_OID(PKIX_LOGOTYPE)) { + bundlekey = "CertDumpLogotype"; + break; + } /* fallthrough */ } @@ -556,10 +567,11 @@ ProcessBasicConstraints(SECItem *extData, SECStatus rv; nsresult rv2; + value.pathLenConstraint = -1; rv = CERT_DecodeBasicConstraintValue (&value, extData); if (rv != SECSuccess) { - NS_ASSERTION(0,"Could not decode basic constraints"); - return NS_ERROR_FAILURE; + ProcessRawBytes(extData, text); + return NS_OK; } if (value.isCA) rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsCA", local); @@ -568,9 +580,12 @@ ProcessBasicConstraints(SECItem *extData, if (NS_FAILED(rv2)) return rv2; text.Append(local.get()); - if (value.pathLenConstraint >= 0) { + if (value.pathLenConstraint != -1) { nsAutoString depth; - depth.AppendInt(value.pathLenConstraint); + if (value.pathLenConstraint == CERT_UNLIMITED_PATH_CONSTRAINT) + nssComponent->GetPIPNSSBundleString("CertDumpPathLenUnlimited", depth); + else + depth.AppendInt(value.pathLenConstraint); const PRUnichar *params[1] = {depth.get()}; rv2 = nssComponent->PIPBundleFormatStringFromName("CertDumpPathLen", params, 1, local); @@ -610,13 +625,19 @@ ProcessExtKeyUsage(SECItem *extData, NS_ConvertUTF16toUTF8 bk_ascii(bundlekey); rv = nssComponent->GetPIPNSSBundleString(bk_ascii.get(), local); - if (NS_FAILED(rv)) + nsresult rv2 = GetDefaultOIDFormat(oid, oidname, '.'); + if (NS_FAILED(rv2)) + return rv2; + if (NS_SUCCEEDED(rv)) { + // display name and OID in parentheses + text.Append(local); + text.Append(NS_LITERAL_STRING(" (")); + text.Append(oidname); + text.Append(NS_LITERAL_STRING(")")); + } else // If there is no bundle string, just display the OID itself - rv = GetDefaultOIDFormat(oid, local, ' '); - if (NS_FAILED(rv)) - return rv; + text.Append(oidname); - text.Append(local.get()); text.Append(NS_LITERAL_STRING(SEPARATOR).get()); oids++; } @@ -1251,6 +1272,7 @@ ProcessCrlDistPoints(SECItem *extData, nssComponent->GetPIPNSSBundleString("CertDumpHold", local); text.Append(local); comma = 1; } + text.Append(NS_LITERAL_STRING(SEPARATOR)); } if (point->crlIssuer) { nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local); @@ -1261,7 +1283,6 @@ ProcessCrlDistPoints(SECItem *extData, if (NS_FAILED(rv)) goto finish; } - text.Append(NS_LITERAL_STRING(SEPARATOR)); } finish: @@ -1290,11 +1311,14 @@ ProcessAuthInfoAccess(SECItem *extData, while (*aia != NULL) { desc = *aia++; switch (SECOID_FindOIDTag(&desc->method)) { + case SEC_OID_PKIX_OCSP: + nssComponent->GetPIPNSSBundleString("CertDumpOCSPResponder", local); + break; case SEC_OID_PKIX_CA_ISSUERS: - nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", text); + nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", local); break; default: - rv = GetDefaultOIDFormat(&desc->method, text, '.'); + rv = GetDefaultOIDFormat(&desc->method, local, '.'); if (NS_FAILED(rv)) goto finish; } @@ -1303,7 +1327,6 @@ ProcessAuthInfoAccess(SECItem *extData, rv = ProcessGeneralName(arena, desc->location, text, nssComponent); if (NS_FAILED(rv)) goto finish; - text.Append(NS_LITERAL_STRING(SEPARATOR)); } finish: