Bug 307319 - Certificate details show incorrect public key information
authorKai Engert <kaie@kuix.de>
Thu, 17 Jul 2008 13:14:54 -0400
changeset 16022 661cce8d7fd0117f9823010acbbf223380855c99
parent 16021 884012d735c9e77b7e2e1e3315e8eb1e4c4b4cb6
child 16023 10e63a02fbc9ec26236c99dec3e7623060df916c
push idunknown
push userunknown
push dateunknown
bugs307319
milestone1.9.1a1pre
Bug 307319 - Certificate details show incorrect public key information r=rrelyea
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
security/manager/ssl/src/nsNSSCertHelper.cpp
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -125,16 +125,17 @@ CertDumpValidity=Validity
 CertDumpNotBefore=Not Before
 CertDumpNotAfter=Not After
 CertDumpSPKI=Subject Public Key Info
 CertDumpSPKIAlg=Subject Public Key Algorithm
 CertDumpAlgID=Algorithm Identifier
 CertDumpParams=Algorithm Parameters
 CertDumpRSAEncr=PKCS #1 RSA Encryption
 CertDumpRSATemplate=Modulus (%S bits):\n%S\nExponent (%S bits):\n%S
+CertDumpECTemplate=Key size: %S bits\nBase point order length: %S bits\nPublic value:\n%S
 CertDumpIssuerUniqueID=Issuer Unique ID
 CertDumpSubjPubKey=Subject's Public Key
 CertDumpSubjectUniqueID=Subject Unique ID
 CertDumpExtensions=Extensions
 CertDumpCertType=Netscape Certificate Type
 CertDumpNSCertExtBaseUrl=Netscape Certificate Extension Base URL
 CertDumpNSCertExtRevocationUrl=Netscape Certificate Revocation URL
 CertDumpNSCertExtCARevocationUrl=Netscape Certificate Authority Revocation URL
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -42,16 +42,17 @@
 #include "prerror.h"
 #include "prprf.h"
 
 #include "nsNSSCertHelper.h"
 #include "nsCOMPtr.h"
 #include "nsNSSCertificate.h"
 #include "cert.h"
 #include "keyhi.h"
+#include "secder.h"
 #include "nsNSSCertValidity.h"
 #include "nsNSSASN1Object.h"
 #include "nsNSSComponent.h"
 #include "nsNSSCertTrust.h"
 #include "nsIDateTimeFormat.h"
 #include "nsDateTimeFormatCID.h"
  
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@@ -607,35 +608,48 @@ GetOIDText(SECItem *oid, nsINSSComponent
 #define SEPARATOR "\n"
 
 static nsresult
 ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data, 
                 nsAString &text, PRBool wantHeader = PR_TRUE)
 {
   // This function is used to display some DER bytes
   // that we have not added support for decoding.
-  // It prints the value of the byte out into a 
-  // string that can later be displayed as a byte
-  // string.  We place a new line after 24 bytes
-  // to break up extermaly long sequence of bytes.
+  // If it's short, let's display as an integer, no size header.
+
+  if (data->len <= 4) {
+    int i_pv = DER_GetInteger(data);
+    nsAutoString value;
+    value.AppendInt(i_pv);
+    text.Append(value);
+    text.Append(NS_LITERAL_STRING(SEPARATOR).get());
+    return NS_OK;
+  }
+
+  // Else produce a hex dump.
 
   if (wantHeader) {
     nsAutoString bytelen, bitlen;
     bytelen.AppendInt(data->len);
     bitlen.AppendInt(data->len*8);
   
     const PRUnichar *params[2] = {bytelen.get(), bitlen.get()};
     nsresult rv = nssComponent->PIPBundleFormatStringFromName("CertDumpRawBytesHeader",
                                                               params, 2, text);
     if (NS_FAILED(rv))
       return rv;
 
     text.Append(NS_LITERAL_STRING(SEPARATOR).get());
   }
 
+  // This prints the value of the byte out into a 
+  // string that can later be displayed as a byte
+  // string.  We place a new line after 24 bytes
+  // to break up extermaly long sequence of bytes.
+
   PRUint32 i;
   char buffer[5];
   for (i=0; i<data->len; i++) {
     PR_snprintf(buffer, 5, "%02x ", data->data[i]);
     AppendASCIItoUTF16(buffer, text);
     if ((i+1)%16 == 0) {
       text.Append(NS_LITERAL_STRING(SEPARATOR).get());
     }
@@ -1797,21 +1811,42 @@ ProcessSubjectPublicKeyInfo(CERTSubjectP
          ProcessRawBytes(nssComponent, &key->u.rsa.publicExponent, data2,
                          PR_FALSE);
          const PRUnichar *params[4] = {length1.get(), data1.get(), 
                                        length2.get(), data2.get()};
          nssComponent->PIPBundleFormatStringFromName("CertDumpRSATemplate",
                                                      params, 4, text);
          break;
       }
+      case ecKey: {
+        displayed = true;
+        SECKEYECPublicKey &ecpk = key->u.ec;
+        int fieldSizeLenAsBits = 
+              SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams);
+        int basePointOrderLenAsBits = 
+              SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams);
+        nsAutoString s_fsl, s_bpol, s_pv;
+        s_fsl.AppendInt(fieldSizeLenAsBits);
+        s_bpol.AppendInt(basePointOrderLenAsBits);
+
+        if (ecpk.publicValue.len > 4) {
+          ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, PR_FALSE);
+        } else {
+          int i_pv = DER_GetInteger(&ecpk.publicValue);
+          s_pv.AppendInt(i_pv);
+        }
+        const PRUnichar *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()};
+        nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate",
+                                                    params, 3, text);
+        break;
+      }
       case dhKey:
       case dsaKey:
       case fortezzaKey:
       case keaKey:
-      case ecKey:
          /* Too many parameters, to rarely used to bother displaying it */
          break;
       case nullKey:
       default:
          /* Algorithm unknown */
          break;
       }
       SECKEY_DestroyPublicKey (key);