gecko-dev/security/nss/lib/certhigh/certhtml.c

606 строки
15 KiB
C

/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/*
* certhtml.c --- convert a cert to html
*
* $Id: certhtml.c,v 1.3 2001/10/26 21:30:58 wtc%netscape.com Exp $
*/
#include "seccomon.h"
#include "secitem.h"
#include "sechash.h"
#include "cert.h"
#include "keyhi.h"
#include "secder.h"
#include "prprf.h"
#include "secport.h"
#include "secasn1.h"
#include "pk11func.h"
static char *hex = "0123456789ABCDEF";
/*
** Convert a der-encoded integer to a hex printable string form
*/
char *CERT_Hexify (SECItem *i, int do_colon)
{
unsigned char *cp, *end;
char *rv, *o;
if (!i->len) {
return PORT_Strdup("00");
}
rv = o = (char*) PORT_Alloc(i->len * 3);
if (!rv) return rv;
cp = i->data;
end = cp + i->len;
while (cp < end) {
unsigned char ch = *cp++;
*o++ = hex[(ch >> 4) & 0xf];
*o++ = hex[ch & 0xf];
if (cp != end) {
if (do_colon) {
*o++ = ':';
}
}
}
*o = 0; /* Null terminate the string */
return rv;
}
static char *
gatherStrings(char **strings)
{
char **strs;
int len;
char *ret;
char *s;
/* find total length of all strings */
strs = strings;
len = 0;
while ( *strs ) {
len += PORT_Strlen(*strs);
strs++;
}
/* alloc enough memory for it */
ret = (char*)PORT_Alloc(len + 1);
if ( !ret ) {
return(ret);
}
s = ret;
/* copy the strings */
strs = strings;
while ( *strs ) {
PORT_Strcpy(s, *strs);
s += PORT_Strlen(*strs);
strs++;
}
return( ret );
}
#define BREAK "<br>"
#define BREAKLEN 4
#define COMMA ", "
#define COMMALEN 2
#define MAX_OUS 20
#define MAX_DC MAX_OUS
char *CERT_FormatName (CERTName *name)
{
CERTRDN** rdns;
CERTRDN * rdn;
CERTAVA** avas;
CERTAVA* ava;
char * buf = 0;
char * tmpbuf = 0;
SECItem * cn = 0;
SECItem * email = 0;
SECItem * org = 0;
SECItem * loc = 0;
SECItem * state = 0;
SECItem * country = 0;
SECItem * dq = 0;
unsigned len = 0;
int tag;
int i;
int ou_count = 0;
int dc_count = 0;
PRBool first;
SECItem * orgunit[MAX_OUS];
SECItem * dc[MAX_DC];
/* Loop over name components and gather the interesting ones */
rdns = name->rdns;
while ((rdn = *rdns++) != 0) {
avas = rdn->avas;
while ((ava = *avas++) != 0) {
tag = CERT_GetAVATag(ava);
switch(tag) {
case SEC_OID_AVA_COMMON_NAME:
cn = CERT_DecodeAVAValue(&ava->value);
len += cn->len;
break;
case SEC_OID_AVA_COUNTRY_NAME:
country = CERT_DecodeAVAValue(&ava->value);
len += country->len;
break;
case SEC_OID_AVA_LOCALITY:
loc = CERT_DecodeAVAValue(&ava->value);
len += loc->len;
break;
case SEC_OID_AVA_STATE_OR_PROVINCE:
state = CERT_DecodeAVAValue(&ava->value);
len += state->len;
break;
case SEC_OID_AVA_ORGANIZATION_NAME:
org = CERT_DecodeAVAValue(&ava->value);
len += org->len;
break;
case SEC_OID_AVA_DN_QUALIFIER:
dq = CERT_DecodeAVAValue(&ava->value);
len += dq->len;
break;
case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
if (ou_count < MAX_OUS) {
orgunit[ou_count] = CERT_DecodeAVAValue(&ava->value);
len += orgunit[ou_count++]->len;
}
break;
case SEC_OID_AVA_DC:
if (dc_count < MAX_DC) {
dc[dc_count] = CERT_DecodeAVAValue(&ava->value);
len += dc[dc_count++]->len;
}
break;
case SEC_OID_PKCS9_EMAIL_ADDRESS:
case SEC_OID_RFC1274_MAIL:
email = CERT_DecodeAVAValue(&ava->value);
len += email->len;
break;
default:
break;
}
}
}
/* XXX - add some for formatting */
len += 128;
/* allocate buffer */
buf = (char *)PORT_Alloc(len);
if ( !buf ) {
return(0);
}
tmpbuf = buf;
if ( cn ) {
PORT_Memcpy(tmpbuf, cn->data, cn->len);
tmpbuf += cn->len;
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
SECITEM_FreeItem(cn, PR_TRUE);
}
if ( email ) {
PORT_Memcpy(tmpbuf, email->data, email->len);
tmpbuf += ( email->len );
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
SECITEM_FreeItem(email, PR_TRUE);
}
for (i=ou_count-1; i >= 0; i--) {
PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
tmpbuf += ( orgunit[i]->len );
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
SECITEM_FreeItem(orgunit[i], PR_TRUE);
}
if ( dq ) {
PORT_Memcpy(tmpbuf, dq->data, dq->len);
tmpbuf += ( dq->len );
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
SECITEM_FreeItem(dq, PR_TRUE);
}
if ( org ) {
PORT_Memcpy(tmpbuf, org->data, org->len);
tmpbuf += ( org->len );
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
SECITEM_FreeItem(org, PR_TRUE);
}
for (i=dc_count-1; i >= 0; i--) {
PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
tmpbuf += ( dc[i]->len );
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
SECITEM_FreeItem(dc[i], PR_TRUE);
}
first = PR_TRUE;
if ( loc ) {
PORT_Memcpy(tmpbuf, loc->data, loc->len);
tmpbuf += ( loc->len );
first = PR_FALSE;
SECITEM_FreeItem(loc, PR_TRUE);
}
if ( state ) {
if ( !first ) {
PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
tmpbuf += COMMALEN;
}
PORT_Memcpy(tmpbuf, state->data, state->len);
tmpbuf += ( state->len );
first = PR_FALSE;
SECITEM_FreeItem(state, PR_TRUE);
}
if ( country ) {
if ( !first ) {
PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
tmpbuf += COMMALEN;
}
PORT_Memcpy(tmpbuf, country->data, country->len);
tmpbuf += ( country->len );
first = PR_FALSE;
SECITEM_FreeItem(country, PR_TRUE);
}
if ( !first ) {
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
*tmpbuf = 0;
return(buf);
}
static char *sec_FortezzaClearance(SECItem *clearance) {
unsigned char clr = 0;
if (clearance->len > 0) { clr = clearance->data[0]; }
if (clr & 0x4) return "Top Secret";
if (clr & 0x8) return "Secret";
if (clr & 0x10) return "Confidential";
if (clr & 0x20) return "Sensitive";
if (clr & 0x40) return "Unclassified";
return "None";
}
static char *sec_FortezzaMessagePrivilege(SECItem *priv) {
unsigned char clr = 0;
if (priv->len > 0) { clr = (priv->data[0]) & 0x78; }
if (clr == 0x00) {
return "None";
} else {
return PR_smprintf("%s%s%s%s%s%s%s",
clr&0x40?"Critical/Flash":"",
(clr&0x40) && (clr&0x38) ? ", " : "" ,
clr&0x20?"Immediate/Priority":"",
(clr&0x20) && (clr&0x18) ? ", " : "" ,
clr&0x10?"Routine/Deferred":"",
(clr&0x10) && (clr&0x08) ? ", " : "" ,
clr&0x08?"Rekey Agent":"");
}
}
static char *sec_FortezzaCertPrivilege(SECItem *priv) {
unsigned char clr = 0;
if (priv->len > 0) { clr = priv->data[0]; }
return PR_smprintf("%s%s%s%s%s%s%s%s%s%s%s%s",
clr&0x40?"Organizational Releaser":"",
(clr&0x40) && (clr&0x3e) ? "," : "" ,
clr&0x20?"Policy Creation Authority":"",
(clr&0x20) && (clr&0x1e) ? "," : "" ,
clr&0x10?"Certificate Authority":"",
(clr&0x10) && (clr&0x0e) ? "," : "" ,
clr&0x08?"Local Managment Authority":"",
(clr&0x08) && (clr&0x06) ? "," : "" ,
clr&0x04?"Configuration Vector Authority":"",
(clr&0x04) && (clr&0x02) ? "," : "" ,
clr&0x02?"No Signature Capability":"",
clr&0x7e?"":"Signing Only"
);
}
static char *htmlcertstrings[] = {
"<table border=0 cellspacing=0 cellpadding=0><tr><td valign=top>"
"<font size=2><b>This Certificate belongs to:</b><br>"
"<table border=0 cellspacing=0 cellpadding=0><tr><td>",
0, /* image goes here */
0,
0,
"</td><td width=10> </td><td><font size=2>",
0, /* subject name goes here */
"</td></tr></table></font></td><td width=20> </td><td valign=top>"
"<font size=2><b>This Certificate was issued by:</b><br>"
"<table border=0 cellspacing=0 cellpadding=0><tr><td>",
0, /* image goes here */
0,
0,
"</td><td width=10> </td><td><font size=2>",
0, /* issuer name goes here */
"</td></tr></table></font></td></tr></table>"
"<b>Serial Number:</b> ",
0,
"<br><b>This Certificate is valid from ",
0, /* notBefore goes here */
" to ",
0, /* notAfter does here */
"</b><br><b>Clearance:</b>",
0,
"<br><b>DSS Privileges:</b>",
0,
"<br><b>KEA Privileges:</b>",
0,
"<br><b>KMID:</b>",
0,
"<br><b>Certificate Fingerprint:</b>"
"<table border=0 cellspacing=0 cellpadding=0><tr>"
"<td width=10> </td><td><font size=2>",
0, /* fingerprint goes here */
"</td></tr></table>",
0, /* comment header goes here */
0, /* comment goes here */
0, /* comment trailer goes here */
0
};
char *
CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
{
SECStatus rv;
char *issuer, *subject, *serialNumber, *version;
char *notBefore, *notAfter;
char *ret;
char *nickname;
SECItem dummyitem;
unsigned char fingerprint[16]; /* result of MD5, always 16 bytes */
char *fpstr;
SECItem fpitem;
char *commentstring = NULL;
SECKEYPublicKey *pubk;
char *DSSPriv;
char *KMID = NULL;
char *servername;
if (!cert) {
return(0);
}
issuer = CERT_FormatName (&cert->issuer);
subject = CERT_FormatName (&cert->subject);
version = CERT_Hexify (&cert->version,1);
serialNumber = CERT_Hexify (&cert->serialNumber,1);
notBefore = DER_UTCDayToAscii(&cert->validity.notBefore);
notAfter = DER_UTCDayToAscii(&cert->validity.notAfter);
servername = CERT_FindNSStringExtension(cert,
SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
nickname = cert->nickname;
if ( nickname == NULL ) {
showImages = PR_FALSE;
}
dummyitem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
&dummyitem);
if ( dummyitem.data ) {
PORT_Free(dummyitem.data);
}
if ( rv || !showImages ) {
htmlcertstrings[1] = "";
htmlcertstrings[2] = "";
htmlcertstrings[3] = "";
} else {
htmlcertstrings[1] = "<img src=\"about:security?subject-logo=";
htmlcertstrings[2] = nickname;
htmlcertstrings[3] = "\">";
}
if ( servername ) {
char *tmpstr;
tmpstr = (char *)PORT_Alloc(PORT_Strlen(subject) +
PORT_Strlen(servername) +
sizeof("<br>") + 1);
if ( tmpstr ) {
PORT_Strcpy(tmpstr, servername);
PORT_Strcat(tmpstr, "<br>");
PORT_Strcat(tmpstr, subject);
PORT_Free(subject);
subject = tmpstr;
}
}
htmlcertstrings[5] = subject;
dummyitem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
&dummyitem);
if ( dummyitem.data ) {
PORT_Free(dummyitem.data);
}
if ( rv || !showImages ) {
htmlcertstrings[7] = "";
htmlcertstrings[8] = "";
htmlcertstrings[9] = "";
} else {
htmlcertstrings[7] = "<img src=\"about:security?issuer-logo=";
htmlcertstrings[8] = nickname;
htmlcertstrings[9] = "\">";
}
if (showIssuer == PR_TRUE) {
htmlcertstrings[11] = issuer;
} else {
htmlcertstrings[11] = "";
}
htmlcertstrings[13] = serialNumber;
htmlcertstrings[15] = notBefore;
htmlcertstrings[17] = notAfter;
pubk = CERT_ExtractPublicKey(cert);
DSSPriv = NULL;
if (pubk && (pubk->keyType == fortezzaKey)) {
htmlcertstrings[18] = "</b><br><b>Clearance:</b>";
htmlcertstrings[19] = sec_FortezzaClearance(
&pubk->u.fortezza.clearance);
htmlcertstrings[20] = "<br><b>DSS Privileges:</b>";
DSSPriv = sec_FortezzaCertPrivilege(
&pubk->u.fortezza.DSSpriviledge);
htmlcertstrings[21] = DSSPriv;
htmlcertstrings[22] = "<br><b>KEA Privileges:</b>";
htmlcertstrings[23] = sec_FortezzaMessagePrivilege(
&pubk->u.fortezza.KEApriviledge);
htmlcertstrings[24] = "<br><b>KMID:</b>";
dummyitem.data = &pubk->u.fortezza.KMID[0];
dummyitem.len = sizeof(pubk->u.fortezza.KMID);
KMID = CERT_Hexify (&dummyitem,0);
htmlcertstrings[25] = KMID;
} else {
/* clear out the headers in the non-fortezza cases */
htmlcertstrings[18] = "";
htmlcertstrings[19] = "";
htmlcertstrings[20] = "";
htmlcertstrings[21] = "";
htmlcertstrings[22] = "";
htmlcertstrings[23] = "";
htmlcertstrings[24] = "";
htmlcertstrings[25] = "</b>";
}
if (pubk) {
SECKEY_DestroyPublicKey(pubk);
}
#define HTML_OFF 27
rv = PK11_HashBuf(SEC_OID_MD5, fingerprint,
cert->derCert.data, cert->derCert.len);
fpitem.data = fingerprint;
fpitem.len = sizeof(fingerprint);
fpstr = CERT_Hexify (&fpitem,1);
htmlcertstrings[HTML_OFF] = fpstr;
commentstring = CERT_GetCertCommentString(cert);
if (commentstring == NULL) {
htmlcertstrings[HTML_OFF+2] = "";
htmlcertstrings[HTML_OFF+3] = "";
htmlcertstrings[HTML_OFF+4] = "";
} else {
htmlcertstrings[HTML_OFF+2] =
"<b>Comment:</b>"
"<table border=0 cellspacing=0 cellpadding=0><tr>"
"<td width=10> </td><td><font size=3>"
"<textarea name=foobar rows=4 cols=55 onfocus=\"this.blur()\">";
htmlcertstrings[HTML_OFF+3] = commentstring;
htmlcertstrings[HTML_OFF+4] = "</textarea></font></td></tr></table>";
}
ret = gatherStrings(htmlcertstrings);
if ( issuer ) {
PORT_Free(issuer);
}
if ( subject ) {
PORT_Free(subject);
}
if ( version ) {
PORT_Free(version);
}
if ( serialNumber ) {
PORT_Free(serialNumber);
}
if ( notBefore ) {
PORT_Free(notBefore);
}
if ( notAfter ) {
PORT_Free(notAfter);
}
if ( fpstr ) {
PORT_Free(fpstr);
}
if (DSSPriv) {
PORT_Free(DSSPriv);
}
if (KMID) {
PORT_Free(KMID);
}
if ( commentstring ) {
PORT_Free(commentstring);
}
if ( servername ) {
PORT_Free(servername);
}
return(ret);
}