[gcr] gcr: Add gcr_certificate_get_basic_constraints()
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gcr] gcr: Add gcr_certificate_get_basic_constraints()
- Date: Tue, 29 Nov 2011 12:45:03 +0000 (UTC)
commit 42eab234b2257ac818988d64adb0781a2d62eddb
Author: Stef Walter <stefw collabora co uk>
Date: Tue Nov 29 13:44:39 2011 +0100
gcr: Add gcr_certificate_get_basic_constraints()
* Function to retrieve basic constraints info from a certificate
docs/reference/gcr/gcr-sections.txt | 1 +
gcr/Makefile.am | 1 +
gcr/gcr-base.symbols | 1 +
gcr/gcr-certificate-extensions.c | 32 ++++++++++++++++++++++++++++++
gcr/gcr-certificate-extensions.h | 4 +++
gcr/gcr-certificate.c | 37 +++++++++++++++++++++++++++++++++++
gcr/gcr-certificate.h | 4 +++
gcr/tests/test-certificate.c | 19 ++++++++++++++++-
8 files changed, 97 insertions(+), 2 deletions(-)
---
diff --git a/docs/reference/gcr/gcr-sections.txt b/docs/reference/gcr/gcr-sections.txt
index c545321..2c32313 100644
--- a/docs/reference/gcr/gcr-sections.txt
+++ b/docs/reference/gcr/gcr-sections.txt
@@ -71,6 +71,7 @@ gcr_certificate_get_serial_number_hex
gcr_certificate_get_key_size
gcr_certificate_get_fingerprint
gcr_certificate_get_fingerprint_hex
+gcr_certificate_get_basic_constraints
gcr_certificate_mixin_class_init
gcr_certificate_mixin_emit_notify
gcr_certificate_mixin_get_property
diff --git a/gcr/Makefile.am b/gcr/Makefile.am
index 7710662..924056c 100644
--- a/gcr/Makefile.am
+++ b/gcr/Makefile.am
@@ -99,6 +99,7 @@ libgcr_base_ GCR_MAJOR@_la_SOURCES = \
gcr-callback-output-stream.c gcr-callback-output-stream.h \
gcr-certificate.c gcr-certificate.h \
gcr-certificate-chain.c gcr-certificate-chain.h \
+ gcr-certificate-extensions.c gcr-certificate-extensions.h \
gcr-certificate-request.c gcr-certificate-request.h \
gcr-collection.c gcr-collection.h \
gcr-comparable.c gcr-comparable.h \
diff --git a/gcr/gcr-base.symbols b/gcr/gcr-base.symbols
index f030a2c..e1a1dde 100644
--- a/gcr/gcr-base.symbols
+++ b/gcr/gcr-base.symbols
@@ -16,6 +16,7 @@ gcr_certificate_chain_get_status
gcr_certificate_chain_get_type
gcr_certificate_chain_new
gcr_certificate_chain_status_get_type
+gcr_certificate_get_basic_constraints
gcr_certificate_get_columns
gcr_certificate_get_der_data
gcr_certificate_get_expiry_date
diff --git a/gcr/gcr-certificate-extensions.c b/gcr/gcr-certificate-extensions.c
index 0068492..d253315 100644
--- a/gcr/gcr-certificate-extensions.c
+++ b/gcr/gcr-certificate-extensions.c
@@ -31,6 +31,38 @@
#include <glib/gi18n-lib.h>
+EggBytes *
+_gcr_certificate_extension_find (GNode *cert,
+ GQuark oid,
+ gboolean *critical)
+{
+ GNode *node;
+ gint index;
+
+ g_return_val_if_fail (cert != NULL, NULL);
+
+ /* Extensions */
+ for (index = 1; TRUE; ++index) {
+ node = egg_asn1x_node (cert, "tbsCertificate", "extensions", index, NULL);
+ if (node == NULL)
+ return NULL;
+
+ /* Dig out the OID */
+ if (egg_asn1x_get_oid_as_quark (egg_asn1x_node (node, "extnID", NULL)) == oid) {
+
+ if (critical) {
+ if (!egg_asn1x_get_boolean (egg_asn1x_node (node, "critical", NULL), critical))
+ g_return_val_if_reached (NULL);
+ }
+
+ /* Extension value */
+ return egg_asn1x_get_raw_value (egg_asn1x_node (node, "extnValue", NULL));
+ }
+ }
+
+ g_assert_not_reached ();
+}
+
gboolean
_gcr_certificate_extension_basic_constraints (EggBytes *data,
gboolean *is_ca,
diff --git a/gcr/gcr-certificate-extensions.h b/gcr/gcr-certificate-extensions.h
index ea5792f..cea6e54 100644
--- a/gcr/gcr-certificate-extensions.h
+++ b/gcr/gcr-certificate-extensions.h
@@ -34,6 +34,10 @@
G_BEGIN_DECLS
+EggBytes * _gcr_certificate_extension_find (GNode *cert,
+ GQuark oid,
+ gboolean *critical);
+
gboolean _gcr_certificate_extension_basic_constraints (EggBytes *data,
gboolean *is_ca,
gint *path_len);
diff --git a/gcr/gcr-certificate.c b/gcr/gcr-certificate.c
index e2f37c1..95f7063 100644
--- a/gcr/gcr-certificate.c
+++ b/gcr/gcr-certificate.c
@@ -22,6 +22,7 @@
#include "config.h"
#include "gcr-certificate.h"
+#include "gcr-certificate-extensions.h"
#include "gcr-comparable.h"
#include "gcr-icons.h"
#include "gcr-internal.h"
@@ -949,6 +950,42 @@ gcr_certificate_get_icon (GcrCertificate *self)
return g_themed_icon_new (GCR_ICON_CERTIFICATE);
}
+/**
+ * gcr_certificate_get_basic_constraints:
+ * @self: the certificate
+ * @is_ca: (allow-none): location to place a %TRUE if is an authority
+ * @path_len: (allow-none): location to place the max path length
+ *
+ * Get the basic constraints for the certificate if present. If %FALSE is
+ * returned then no basic constraints are present and the @is_ca and
+ * @path_len arguments are not changed.
+ *
+ * Returns: whether basic constraints are present or not
+ */
+gboolean
+gcr_certificate_get_basic_constraints (GcrCertificate *self,
+ gboolean *is_ca,
+ gint *path_len)
+{
+ GcrCertificateInfo *info;
+ EggBytes *value;
+
+ g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE);
+
+ info = certificate_info_load (self);
+ g_return_val_if_fail (info, FALSE);
+
+ value = _gcr_certificate_extension_find (info->asn1, GCR_OID_BASIC_CONSTRAINTS, NULL);
+ if (!value)
+ return FALSE;
+
+ if (!_gcr_certificate_extension_basic_constraints (value, is_ca, path_len))
+ g_return_val_if_reached (FALSE);
+
+ egg_bytes_unref (value);
+ return TRUE;
+}
+
/* -----------------------------------------------------------------------------
* MIXIN
*/
diff --git a/gcr/gcr-certificate.h b/gcr/gcr-certificate.h
index 6846cbf..6645ee0 100644
--- a/gcr/gcr-certificate.h
+++ b/gcr/gcr-certificate.h
@@ -117,6 +117,10 @@ gchar* gcr_certificate_get_fingerprint_hex (GcrCertificate *self
GIcon* gcr_certificate_get_icon (GcrCertificate *self);
+gboolean gcr_certificate_get_basic_constraints (GcrCertificate *self,
+ gboolean *is_ca,
+ gint *path_len);
+
#define GCR_CERTIFICATE_MIXIN_IMPLEMENT_COMPARABLE() \
G_IMPLEMENT_INTERFACE (GCR_TYPE_COMPARABLE, gcr_certificate_mixin_comparable_init)
diff --git a/gcr/tests/test-certificate.c b/gcr/tests/test-certificate.c
index 6fb68c9..ddab791 100644
--- a/gcr/tests/test-certificate.c
+++ b/gcr/tests/test-certificate.c
@@ -252,6 +252,20 @@ test_certificate_is_issuer (Test *test, gconstpointer unused)
g_assert (ret == FALSE);
}
+static void
+test_basic_constraints (Test *test,
+ gconstpointer unused)
+{
+ gboolean is_ca = TRUE;
+ gint path_len = 0;
+
+ if (!gcr_certificate_get_basic_constraints (test->dsa_cert, &is_ca, &path_len))
+ g_assert_not_reached ();
+
+ g_assert (is_ca == FALSE);
+ g_assert (path_len == -1);
+}
+
int
main (int argc, char **argv)
{
@@ -272,8 +286,9 @@ main (int argc, char **argv)
g_test_add ("/gcr/certificate/serial_number", Test, NULL, setup, test_serial_number, teardown);
g_test_add ("/gcr/certificate/fingerprint", Test, NULL, setup, test_fingerprint, teardown);
g_test_add ("/gcr/certificate/fingerprint_hex", Test, NULL, setup, test_fingerprint_hex, teardown);
- g_test_add ("/gcr/certificate/certificate_key_size", Test, NULL, setup, test_certificate_key_size, teardown);
- g_test_add ("/gcr/certificate/certificate_is_issuer", Test, NULL, setup, test_certificate_is_issuer, teardown);
+ g_test_add ("/gcr/certificate/key_size", Test, NULL, setup, test_certificate_key_size, teardown);
+ g_test_add ("/gcr/certificate/is_issuer", Test, NULL, setup, test_certificate_is_issuer, teardown);
+ g_test_add ("/gcr/certificate/basic_constraints", Test, NULL, setup, test_basic_constraints, teardown);
return g_test_run ();
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
